Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn about a novel DNS cache poisoning prevention system through this 17-minute conference presentation from USENIX Security '25. Discover POPS (DNS cache POisoning Prevention System), a comprehensive security solution designed to integrate as a module in Intrusion Prevention Systems (IPS) to combat statistical DNS poisoning attacks documented from 2002 to present day. Explore the system's dual-component architecture featuring a detection module with three simple rules and a mitigation module that leverages the TC flag in DNS headers to enhance security with zero false positives or negatives once activated. Examine historical analysis showing how POPS would have mitigated all network-based statistical poisoning attacks, and review simulation results on traffic benchmarks demonstrating the system's effectiveness with only 0.0076% attack success probability. Understand POPS's superior performance compared to existing tools like Suricata and Snort, completing tasks in 20-50% of the time while examining only 5-10% as many packets, and successfully detecting DNS cache poisoning attacks including fragmentation-based variants that other systems consistently miss.
