Multi-dimensional aggregation for DNS monitoring
Open Access
- 1 October 2013
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE) in 38th Annual IEEE Conference on Local Computer Networks
- p. 390-398
- https://doi.org/10.1109/lcn.2013.6761271
Abstract
DNS is an essential service in the Internet as it allows to translate human language based domain names into IP addresses. DNS traffic reflects the user activities and behaviors. It is thus a helpful source of information in the context of large scale network monitoring. In particular, passive DNS monitoring garnered much interest for the security perspectives by highlighting the services the machines want to access. In this paper, we propose a new method for assessing the dynamics of the match between DNS names and IP subnetworks using an efficient aggregating scheme combined with relevant steadiness metrics. The evaluation relies on real data collected over several months and is able to detect anomalies related to malicious domains.Keywords
This publication has 21 references indexed in Scilit:
- Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic AnalysisIEEE Transactions on Dependable and Secure Computing, 2012
- DNSSM: A large scale passive DNS security monitoring frameworkPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2012
- Assessing the Real-World Dynamics of DNSLecture Notes in Computer Science, 2012
- PhishDef: URL names say it allPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2011
- Anomaly Detection in Network Traffic Based on Statistical Inference and \alpha-Stable ModelingIEEE Transactions on Dependable and Secure Computing, 2011
- PhishNet: Predictive Blacklisting to Detect Phishing AttacksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- FluXOR: Detecting and Monitoring Fast-Flux Service NetworksLecture Notes in Computer Science, 2009
- Context-aware clustering of DNS query trafficPublished by Association for Computing Machinery (ACM) ,2008
- Advanced Network FingerprintingLecture Notes in Computer Science, 2008
- Passive Monitoring of DNS AnomaliesLecture Notes in Computer Science, 2007