Uma abordagem para mitigação de phishing utilizando eBPF/XDP
Resumo
Embora amplamente estudado como vetor de ataque cibernético, o phishing continua sendo uma ameaça predominante, impulsionado por sua simplicidade operacional e alta eficácia na disseminação de malware. Este cenário torna crucial a utilização de soluções robustas para bloquear comunicações através de domínios maliciosos. Este artigo apresenta uma abordagem eficiente para mitigar ataques baseados em phishing e comunicações de comando e controle (C2) utilizando a tecnologia eBPF e o framework XDP. O estudo apresenta uma análise comparativa entre a solução proposta e o método RPZ. Os resultados demonstram uma redução média do consumo de CPU de 70% com incremento médio na latência de 0,0126 ms, apresentando uma alternativa promissora para aprimorar a segurança e o desempenho dos serviços DNS.Referências
Akamai (2023). Attack Superhighway A Deep Dive on Malicious DNS Traffic. [link].
Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. (2005). Rfc 4033: Dns security introduction and requirements.
Bernstein, D. J. (1991). The djb2 hash function. [link].
Bertin, G. (2017). Xdp in practice: integrating xdp into our ddos mitigation pipeline. In Netdev 2.1, volume 2.
Bilge, L., Kirda, E., Krügel, C., and Balduzzi, M. (2011). Exposure: Finding malicious domains using passive dns analysis. In Network and Distributed System Security Symposium.
Capeletti, I. F. (2022). Análise de desempenho de aplicações ebpf/xdp em planos de dados programáveis. Monografia de graduação, Universidade Federal do Pampa, Alegrete, RS, Brasil. Trabalho de Conclusão de Curso – Curso de Ciência da Computação.
Community (2024). eBPF Docs. [link].
Høiland-Jørgensen, T., Brouer, J. D., Borkmann, D., Fastabend, J., Herbert, T., Ahern, D., and Miller, D. (2018). The express data path: fast programmable packet processing in the operating system kernel. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’18, page 54–66, New York, NY, USA. Association for Computing Machinery.
Khormali, A., Park, J., Alasmary, H., Anwar, A., Saad, M., and Mohaisen, D. (2021). Domain name system security and privacy: A contemporary survey. Computer Networks, 185:107699.
Knuth, D. E. (1998). The Art of Computer Programming: Sorting and Searching, volume 3. Addison-Wesley, Boston, 2 edition.
Kostopoulos, N., Kalogeras, D., and Maglaris, V. (2020). Leveraging on the xdp framework for the efficient mitigation of water torture attacks within authoritative dns servers. In 2020 6th IEEE Conference on Network Softwarization (NetSoft), pages 287–291.
Kostopoulos, N., Korentis, S., Kalogeras, D., and Maglaris, V. (2021). Mitigation of dns water torture attacks within the data plane via xdp-based naive bayes classifiers. In 2021 IEEE 10th International Conference on Cloud Networking (CloudNet), pages 133–139.
Kurose, J. F. and Ross, K. W. (2022). Computer networking: a top-down approach. Pearson Education Limited.
Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczyński, M., and Joosen, W. (2019). Tranco: A research-oriented top sites ranking hardened against manipulation. In Proceedings of the 26th Annual Network and Distributed System Security Symposium, NDSS 2019.
Liu, C. and Albitz, P. (2006). DNS and BIND (5th Edition). O’Reilly Media, Inc.
Marques, C., Malta, S., and Magalhães, J. (2021). Dns firewall based on machine learning. Future Internet, 13(12):309.
McCanne, S. and Jacobson, V. (1993). The bsd packet filter: a new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings, USENIX’93, page 2, USA. USENIX Association.
Mockapetris, P. V. (1987). Rfc1035: Domain names - implementation and specification.
Nominum (2012). resperf Performance Tool Manual. [link].
Razavi, A., Mahdavifar, S., Maleki, N., Habibi Lashkari, A., and Broda, M. (2021). Classifying malicious domains using dns traffic analysis. In Book.
Sommese, R., Claffy, K., van Rijswijk-Deij, R., Chattopadhyay, A., Dainotti, A., Sperotto, A., and Jonker, M. (2022). Investigating the impact of ddos attacks on dns infrastructure. In Proceedings of the 22nd ACM Internet Measurement Conference, IMC ’22, page 51–64, New York, NY, USA. Association for Computing Machinery.
Tantalor93 (2024). dnspyre. [link].
Umbrella, C. (2022). 2022 DNS Discoveries. [link].
Vixie, P. A. and Schryver, V. (2017). DNS Response Policy Zones (RPZ). Internet-Draft draft-ietf-dnsop-dns-rpz-00, Internet Engineering Task Force. Work in Progress.
Arends, R., Austein, R., Larson, M., Massey, D., and Rose, S. (2005). Rfc 4033: Dns security introduction and requirements.
Bernstein, D. J. (1991). The djb2 hash function. [link].
Bertin, G. (2017). Xdp in practice: integrating xdp into our ddos mitigation pipeline. In Netdev 2.1, volume 2.
Bilge, L., Kirda, E., Krügel, C., and Balduzzi, M. (2011). Exposure: Finding malicious domains using passive dns analysis. In Network and Distributed System Security Symposium.
Capeletti, I. F. (2022). Análise de desempenho de aplicações ebpf/xdp em planos de dados programáveis. Monografia de graduação, Universidade Federal do Pampa, Alegrete, RS, Brasil. Trabalho de Conclusão de Curso – Curso de Ciência da Computação.
Community (2024). eBPF Docs. [link].
Høiland-Jørgensen, T., Brouer, J. D., Borkmann, D., Fastabend, J., Herbert, T., Ahern, D., and Miller, D. (2018). The express data path: fast programmable packet processing in the operating system kernel. In Proceedings of the 14th International Conference on Emerging Networking EXperiments and Technologies, CoNEXT ’18, page 54–66, New York, NY, USA. Association for Computing Machinery.
Khormali, A., Park, J., Alasmary, H., Anwar, A., Saad, M., and Mohaisen, D. (2021). Domain name system security and privacy: A contemporary survey. Computer Networks, 185:107699.
Knuth, D. E. (1998). The Art of Computer Programming: Sorting and Searching, volume 3. Addison-Wesley, Boston, 2 edition.
Kostopoulos, N., Kalogeras, D., and Maglaris, V. (2020). Leveraging on the xdp framework for the efficient mitigation of water torture attacks within authoritative dns servers. In 2020 6th IEEE Conference on Network Softwarization (NetSoft), pages 287–291.
Kostopoulos, N., Korentis, S., Kalogeras, D., and Maglaris, V. (2021). Mitigation of dns water torture attacks within the data plane via xdp-based naive bayes classifiers. In 2021 IEEE 10th International Conference on Cloud Networking (CloudNet), pages 133–139.
Kurose, J. F. and Ross, K. W. (2022). Computer networking: a top-down approach. Pearson Education Limited.
Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczyński, M., and Joosen, W. (2019). Tranco: A research-oriented top sites ranking hardened against manipulation. In Proceedings of the 26th Annual Network and Distributed System Security Symposium, NDSS 2019.
Liu, C. and Albitz, P. (2006). DNS and BIND (5th Edition). O’Reilly Media, Inc.
Marques, C., Malta, S., and Magalhães, J. (2021). Dns firewall based on machine learning. Future Internet, 13(12):309.
McCanne, S. and Jacobson, V. (1993). The bsd packet filter: a new architecture for user-level packet capture. In Proceedings of the USENIX Winter 1993 Conference Proceedings on USENIX Winter 1993 Conference Proceedings, USENIX’93, page 2, USA. USENIX Association.
Mockapetris, P. V. (1987). Rfc1035: Domain names - implementation and specification.
Nominum (2012). resperf Performance Tool Manual. [link].
Razavi, A., Mahdavifar, S., Maleki, N., Habibi Lashkari, A., and Broda, M. (2021). Classifying malicious domains using dns traffic analysis. In Book.
Sommese, R., Claffy, K., van Rijswijk-Deij, R., Chattopadhyay, A., Dainotti, A., Sperotto, A., and Jonker, M. (2022). Investigating the impact of ddos attacks on dns infrastructure. In Proceedings of the 22nd ACM Internet Measurement Conference, IMC ’22, page 51–64, New York, NY, USA. Association for Computing Machinery.
Tantalor93 (2024). dnspyre. [link].
Umbrella, C. (2022). 2022 DNS Discoveries. [link].
Vixie, P. A. and Schryver, V. (2017). DNS Response Policy Zones (RPZ). Internet-Draft draft-ietf-dnsop-dns-rpz-00, Internet Engineering Task Force. Work in Progress.
Publicado
01/09/2025
Como Citar
SANTOS, Pedro Martins dos; NOBRE, Jéferson Campos.
Uma abordagem para mitigação de phishing utilizando eBPF/XDP. In: SIMPÓSIO BRASILEIRO DE CIBERSEGURANÇA (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 888-904.
DOI: https://doi.org/10.5753/sbseg.2025.11474.
