Name
Abstract | ||
|---|---|---|
More and more Internet services are hosted by Content Distribution Networks or Cloud operators. Often, IP addresses are reused for several services, and the mapping between domain names and IPs has become highly agile. This complicates the analysis of monitoring data, as it is not clear anymore which IP address represents which service at which time. We propose a system that continuously monitors this activity using captured DNS packets in a large network. Thereby we are able to (i) understand the allocation strategies inside a hosting provider, and (ii) report significant changes that are not due the normal agility of a particular service. We evaluate our system using a 2-weeks data set from a large network operator, and demonstrate how it can be used to find malicious sites. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/INFCOM.2013.6567130 | INFOCOM Workshops |
Keywords | DocType | ISSN |
IP addresses,network operator,DNS packets,internet services,Internet services,dnsmap,domain names,dns agility modeling,computer network security,DNSMap,resource allocation,DNS agility modeling,ip networks,internet,allocation strategies,content distribution networks,malicious sites,Web sites,ip addresses,large network operator,hosting provider,cloud computing,dns packets,cloud operators,security of data | Conference | 0743-166X |
ISBN | Citations | PageRank |
978-1-4673-5944-3 | 7 | 0.47 |
References | Authors | |
4 | 2 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Andreas Berger | 1 | 50 | 5.92 |
| Wilfried N. Gansterer | 2 | 19 | 1.91 |