Approximate String Matching for DNS Anomaly Detection.
作者: Roni Mateless , Michael Segal
DOI: 10.1007/978-3-030-24907-6_37
关键词: String (computer science) 、 Approximate string matching 、 Anomaly detection 、 Random forest 、 DNS spoofing 、 Lasso (statistics) 、 Computer science 、 Linear regression 、 Algorithm
摘要: In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed string, which used by new fast approximate string matching algorithm detect anomalies. Our generic its nature and allows adaptation different types of We evaluate the on large public dataset based 10 days, discovering more than order magnitude attacks comparison auto-regression as baseline. Moreover, additional has been made including other common regressors such Linear Regression, Lasso, Random Forest KNN, all them showing superiority our approach.
arxiv.org
springer.com
harvard.edu
sci-hub.st 参考文章(27)
Nikolaos Chatzis, Radu Popescu-Zeletin, Flow Level Data Mining of DNS Query Streams for Email Worm Detection CISIS. pp. 186- 194 ,(2009) , 10.1007/978-3-540-88181-0_24
Milan Čermák, Pavel Čeleda, Jan Vykopal, Detection of DNS Traffic Anomalies in Large Networks Lecture Notes in Computer Science. pp. 215- 226 ,(2014) , 10.1007/978-3-319-13488-8_20
Linh Vu Hong, DNS Traffic Analysis for Network-based Malware Detection ,(2012)
David Gustafson, Kenton Born, Detecting DNS Tunnels Using Character Frequency Analysis arXiv: Cryptography and Security. ,(2010)
Xuebiao Yuchi, Xin Wang, Xiaodong Lee, Baoping Yan, A new statistical approach to DNS traffic anomaly detection advanced data mining and applications. ,vol. 6441, pp. 302- 313 ,(2010) , 10.1007/978-3-642-17313-4_30
Tin Kam Ho, Random decision forests international conference on document analysis and recognition. ,vol. 1, pp. 278- 282 ,(1995) , 10.1109/ICDAR.1995.598994
Donald E Knuth, James H Morris, Jr, Vaughan R Pratt, Fast Pattern Matching in Strings SIAM Journal on Computing. ,vol. 6, pp. 323- 350 ,(1977) , 10.1137/0206024
N. S. Altman, An Introduction to Kernel and Nearest-Neighbor Nonparametric Regression The American Statistician. ,vol. 46, pp. 175- 185 ,(1992) , 10.1080/00031305.1992.10475879
Akira Yamada, Yutaka Miyake, Masahiro Terabe, Kazuo Hashimoto, Nei Kato, Anomaly Detection for DNS Servers Using Frequent Host Selection advanced information networking and applications. pp. 853- 860 ,(2009) , 10.1109/AINA.2009.93
Anestis Karasaridis, Kathleen Meier-Hellstern, David Hoeflin, NIS04-2: Detection of DNS Anomalies using Flow Data Analysis global communications conference. pp. 1- 6 ,(2006) , 10.1109/GLOCOM.2006.280