ミャンマー語テキストの形式手法による音節分割、正規化と辞書順排列

国立大学法人長岡技術科学大

Addressing the challenges of modern DNS:a comprehensive tutorial

The Domain Name System (DNS) plays a crucial role in connecting services and users on the Internet. Since its first specification, DNS has been extended in numerous documents to keep it fit for today’s challenges and demands. And these challenges are many. Revelations of snooping on DNS traffic led to changes to guarantee confidentiality of DNS queries. Attacks to forge DNS traffic led to changes to shore up the integrity of the DNS. Finally, denial-of-service attack on DNS operations have led to new DNS operations architectures. All of these developments make DNS a highly interesting, but also highly challenging research topic. This tutorial – aimed at graduate students and early-career researchers – provides a overview of the modern DNS, its ongoing development and its open challenges. This tutorial has four major contributions. We first provide a comprehensive overview of the DNS protocol. Then, we explain how DNS is deployed in practice. This lays the foundation for the third contribution: a review of the biggest challenges the modern DNS faces today and how they can be addressed. These challenges are (i) protecting the confidentiality and (ii) guaranteeing the integrity of the information provided in the DNS, (iii) ensuring the availability of the DNS infrastructure, and (iv) detecting and preventing attacks that make use of the DNS. Last, we discuss which challenges remain open, pointing the reader towards new research areas

Malware Infection Vector Analysis

Práce je zaměřena na porovnaní různých vektorů infekce operačního systému škodlivým kódem. Podrobněji se zabývá třemi vektory infekce - BadUSB, doplňky pro Microsoft Office Word a metodami phishingu. V rámci práce byly tyto vektory popsány a jejich funkcionalita byla demonstrovaná na příkladech. Následné byly popsaný výhody a nevýhody zmíněných vektorů infekce. V práci se nacházejí obecná doporučení, pomocí kterých je možné snížit riziko útoků zneužívajících běžných vektorů infekce. V praktické části práce byly vytvořeny funkční ukázky prezentující vybrané vektory infekce v praxi.The work is aimed at comparison of various operating system infection vectors using malicious code. It deals with three infection vectors in detail - BadUSB, Microsoft Office Word add-ins and phishing methods. These vectors were described in scope of the work and their functionality was demonstrated on examples. Furthermore, advantages and disadvantages were described of mentioned infection vectors. There are general recommendations, which may reduce the risk of attack using common infection vectors. Working samples presenting selected infection vectors in practice were created in practical scope of the work.460 - Katedra informatikyvýborn

Unravelling Ariadne’s Thread: Exploring the Threats of Decentralised DNS

The current landscape of the core Internet technologies shows considerable centralisation with the big tech companies controlling the vast majority of traffic and services. This situation has sparked a wide range of decentralisation initiatives with blockchain technology being among the most prominent and successful innovations. At the same time, over the past years there have been considerable attempts to address the security and privacy issues affecting the Domain Name System (DNS). To this end, it is claimed that Blockchain-based DNS may solve many of the limitations of traditional DNS. However, such an alternative comes with its own security concerns and issues, as any introduction and adoption of a new technology typically does - let alone a disruptive one. In this work we present the emerging threat landscape of blockchain-based DNS and we empirically validate the threats with real-world data. Specifically, we explore a part of the blockchain DNS ecosystem in terms of the browser extensions using such technologies, the chain itself (Namecoin and Emercoin), the domains, and users who have been registered in these platforms. Our findings reveal several potential domain extortion attempts and possible phishing schemes. Finally, we suggest countermeasures to address the identified threats, and we identify emerging research themes

Phishing within e-commerce: reducing the risk, increasing the trust

E-Commerce has been plagued with problems since its inception and this study examines one of these problems: The lack of user trust in E-Commerce created by the risk of phishing. Phishing has grown exponentially together with the expansion of the Internet. This growth and the advancement of technology has not only benefited honest Internet users, but has enabled criminals to increase their effectiveness which has caused considerable damage to this budding area of commerce. Moreover, it has negatively impacted both the user and online business in breaking down the trust relationship between them. In an attempt to explore this problem, the following was considered: First, E-Commerce’s vulnerability to phishing attacks. By referring to the Common Criteria Security Model, various critical security areas within E-Commerce are identified, as well as the areas of vulnerability and weakness. Second, the methods and techniques used in phishing, such as phishing e-mails, websites and addresses, distributed attacks and redirected attacks, as well as the data that phishers seek to obtain, are examined. Furthermore, the way to reduce the risk of phishing and in turn increase the trust between users and websites is identified. Here the importance of Trust and the Uncertainty Reduction Theory plus the fine balance between trust and control is explored. Finally, the study presents Critical Success Factors that aid in phishing prevention and control, these being: User Authentication, Website Authentication, E-mail Authentication, Data Cryptography, Communication, and Active Risk Mitigation