Abstract | ||
---|---|---|
We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DNSSM is implemented and operational on several networks. We validate the framework against two large trace sets. |
Year | DOI | Venue |
---|---|---|
2012 | 10.1109/NOMS.2012.6212019 | NOMS |
Keywords | Field | DocType |
internet,servers,data mining,entropy,dns,computer network security,indexes,distributed processing,indexation,software architecture | Botnet,Computer science,Network security,Server,Computer network,Backdoor,Online and offline,Software architecture,Cluster analysis,The Internet,Distributed computing | Conference |
ISSN | ISBN | Citations |
1542-1201 E-ISBN : 978-1-4673-0268-5 | 978-1-4673-0268-5 | 7 |
PageRank | References | Authors |
0.58 | 8 | 7 |
Name | Order | Citations | PageRank |
---|---|---|---|
Samuel Marchal | 1 | 146 | 11.72 |
Jérôme François | 2 | 170 | 21.81 |
Cynthia Wagner | 3 | 50 | 6.77 |
Radu State | 4 | 623 | 86.87 |
Alexandre Dulaunoy | 5 | 69 | 7.70 |
Thomas Engel | 6 | 538 | 59.08 |
Olivier Festor | 7 | 665 | 85.40 |