Inferring Popularity of Domain Names with DNS Traffic: Exploiting Cache Timeout Heuristics
作者: Akihiro Shimoda , Keisuke Ishibashi , Kazumichi Sato , Masayuki Tsujino , Takeru Inoue
DOI: 10.1109/GLOCOM.2014.7417638
关键词: The Internet 、 Computer network 、 Identification (information) 、 Computer science 、 Server 、 Ranking (information retrieval) 、 Domain Name System 、 Cache 、 Encryption 、 Heuristics
摘要: Popularity ranking of Internet services is an important metric for network operators, because it enables mid- to-long term planning their facilities and root cause analysis unexpected traffic. The service-oriented traffic monitoring much helpful to infer the popularity, hence has been gathering attention from both researchers practitioners. Lately, service identification a given flow become very difficult due rapid growth CDNs and/or encrypted traffic, while some research works employed preceding DNS as hint. However, its cache mechanism, message count deviates actual number flows, which can greatly degrade reliability. We propose theoretical model inferring user's accesses per domain name by exploiting characteristics count. To best our knowledge, this paper first attempt formulate effect stub resolvers; previous studies were focused on analyzing servers. evaluated precision with real dataset thousands users. By top-50 names users, we flows within 24% error rate average in 42 out 50 FQDNs.
elsevier.com
sci-hub.se 参考文章(11)
Tatsuya Mori, Takeru Inoue, Akihiro Shimoda, Kazumichi Sato, Keisuke Ishibashi, Shigeki Goto, SFMap: Inferring Services over Encrypted Web Flows Using Dynamical Domain Name Graphs traffic monitoring and analysis. pp. 126- 139 ,(2015) , 10.1007/978-3-319-17172-2_9
Jin Cao, William S. Cleveland, Dong Lin, Don X. Sun, Internet Traffic Tends Toward Poisson and Independent as the Load Increases Springer, New York, NY. pp. 83- 109 ,(2003) , 10.1007/978-0-387-21579-2_6
Craig E. Wills, Mikhail Mikhailov, Hao Shang, Inferring relative popularity of internet applications by actively querying DNS caches internet measurement conference. pp. 78- 90 ,(2003) , 10.1145/948205.948216
Ignacio N. Bermudez, Marco Mellia, Maurizio M. Munafo, Ram Keralapura, Antonio Nucci, DNS to the rescue: discerning content and services in a tangled web internet measurement conference. ,vol. 1, pp. 413- 426 ,(2012) , 10.1145/2398776.2398819
Ryoichi Kawahara, Keisuke Ishibashi, Tatsuya Mori, Noriaki Kamiyama, Shigeaki Harada, Shoichiro Asano, Detection Accuracy of Network Anomalies Using Sampled Flow Statistics global communications conference. pp. 1959- 1964 ,(2007) , 10.1109/GLOCOM.2007.376
Moheeb Abu Rajab, Fabian Monrose, Niels Provos, Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing ACM Transactions on Internet Technology. ,vol. 10, pp. 9- ,(2010) , 10.1145/1852096.1852097
Y. Ohsita, S. Ata, M. Murata, Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically global communications conference. ,vol. 4, pp. 2043- 2049 ,(2004) , 10.1109/GLOCOM.2004.1378371
Paweł Foremski, Christian Callegari, Michele Pagano, DNS-Class: immediate classification of IP flows using DNS International Journal of Network Management. ,vol. 24, pp. 272- 288 ,(2014) , 10.1002/NEM.1864
P. V. Mockapetris, Domain names - implementation and specification Domain names - implementation and specification. ,vol. 1035, pp. 1- 55 ,(1987)
V. Paxson, S. Floyd, Wide area traffic: the failure of Poisson modeling IEEE ACM Transactions on Networking. ,vol. 3, pp. 226- 244 ,(1995) , 10.1109/90.392383