Detection of DNS Traffic Anomalies in Large Networks
作者: Milan Čermák , Pavel Čeleda , Jan Vykopal
DOI: 10.1007/978-3-319-13488-8_20
关键词: Internet communication 、 Computer network 、 Campus network 、 Ip address 、 Anomaly detection 、 Large networks 、 Engineering 、 Flow metering 、 Domain Name System
摘要: Almost every Internet communication is preceded by a translation of DNS name to an IP address. Therefore monitoring traffic can effectively extend capabilities current methods for network anomaly detection. In order monitor this traffic, we propose new flow metering algorithm that saves resources exporter. Next, show benefits the detection, introduce novel detection using extended flows. The evaluation these shows our approach not only reveals anomalies but also scales well in campus network.
springer.com
core.ac.uk
sci-hub.st 参考文章(16)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Building a dynamic reputation system for DNS usenix security symposium. pp. 18- 18 ,(2010)
Roberto Perdisci, David Dagon, Manos Antonakakis, Nick Feamster, Wenke Lee, Notos: Building a Dynamic Reputation System for DNS ,(2010)
Bojan Zdrnja, Nevil Brownlee, Duane Wessels, Passive Monitoring of DNS Anomalies Detection of Intrusions and Malware, and Vulnerability Assessment. ,vol. 4579, pp. 129- 139 ,(2007) , 10.1007/978-3-540-73614-1_8
Vern Paxson, Bro: a system for detecting network intruders in real-time Computer Networks. ,vol. 31, pp. 2435- 2463 ,(1999) , 10.1016/S1389-1286(99)00112-7
Omar Amer Abouabdalla, Sureswaran Ramadass, Ahmed M. Manasrah, Awsan Hasan, Detecting Botnet Activities Based on Abnormal DNS traffic arXiv: Networking and Internet Architecture. ,(2009)
Roberto Perdisci, Igino Corona, Giorgio Giacinto, Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis IEEE Transactions on Dependable and Secure Computing. ,vol. 9, pp. 714- 726 ,(2012) , 10.1109/TDSC.2012.35
Anestis Karasaridis, Kathleen Meier-Hellstern, David Hoeflin, NIS04-2: Detection of DNS Anomalies using Flow Data Analysis global communications conference. pp. 1- 6 ,(2006) , 10.1109/GLOCOM.2006.280
Hyunsang Choi, Heejo Lee, Identifying botnets by capturing group activities in DNS traffic Computer Networks. ,vol. 56, pp. 20- 33 ,(2012) , 10.1016/J.COMNET.2011.07.018
Ron Begleiter, Yuval Elovici, Yona Hollander, Ori Mendelson, Lior Rokach, Roi Saltzman, A fast and scalable method for threat detection in large-scale DNS logs international conference on big data. pp. 738- 741 ,(2013) , 10.1109/BIGDATA.2013.6691646
Rick Hofstede, Pavel Celeda, Brian Trammell, Idilio Drago, Ramin Sadre, Anna Sperotto, Aiko Pras, Flow Monitoring Explained: From Packet Capture to Data Analysis With NetFlow and IPFIX IEEE Communications Surveys and Tutorials. ,vol. 16, pp. 2037- 2064 ,(2014) , 10.1109/COMST.2014.2321898