With the rapid growth of the Internet, concerns about the security of Domain Name System (DNS) have become prominent. DNS Hijacking is a typical threat which manipulates DNS resource records (RRs) to make users obtain wrong website server IPs through Cache Poisoning or Man-in-the-middle attack.
In this paper, we propose a Self-Feedback Detection System (SFDS) deployed at Local Area Network (LAN) Gateway to protect users from visiting the wrong websites. SFDS: (i)finds the incorrect (Domain, IP) tuples in real-time to provide a correct (Domain, IP) tuple list for users, (ii)utilizes a multi-protocol cross validation method to verify suspicious (Domain, IP) tuples, (iii) applies self-feedback mechanism to calculate the correctness probabilities of (Domain, IP) iteratively.
We show that in real circumstance for two weeks, SFDS can find almost 1300 correct (Domain, IP) tuples for one domain on average in one day. And SFDS is effective with accuracy approximately 100% by our experiments.
