Abstract | ||
---|---|---|
DNS is an essential service in the Internet as it allows to translate human language based domain names into IP addresses. DNS traffic reflects the user activities and behaviors. It is thus a helpful source of information in the context of large scale network monitoring. In particular, passive DNS monitoring garnered much interest for the security perspectives by highlighting the services the machines want to access. In this paper, we propose a new method for assessing the dynamics of the match between DNS names and IP subnetworks using an efficient aggregating scheme combined with relevant steadiness metrics. The evaluation relies on real data collected over several months and is able to detect anomalies related to malicious domains. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/LCN.2013.6761271 | Local Computer Networks |
Keywords | Field | DocType |
IP networks,Internet,computer network security,telecommunication traffic,DNS traffic,IP addresses,IP subnetworks,Internet,anomaly detection,domain name system,human language translation,large scale network monitoring,multidimensional aggregation,passive DNS monitoring,steadiness metrics,user activities,user behaviors,Aggregation,DNS,Malicious domains,Monitoring,Security | Pharming,Computer security,Computer science,DNS hijacking,Domain Name System,Network security,Computer network,Round-robin DNS,Network monitoring,The Internet,DNS spoofing | Conference |
ISSN | ISBN | Citations |
0742-1303 | 978-1-4799-0536-2 | 0 |
PageRank | References | Authors |
0.34 | 26 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Lautaro Dolberg | 1 | 21 | 3.60 |
Jerome Francois | 2 | 57 | 4.39 |
Thomas Engel | 3 | 455 | 42.34 |