Anomaly detection for DNS servers using frequent host selection

Akira Yamada*, Yutaka Miyake, Masahiro Terabe, Kazuo Hashimoto, Nei Kato

*この研究の対応する著者

研究成果: Conference contribution

6 被引用数 (Scopus)

抄録

DNS is one of the internet's fundamental building blocks, used by various applications such as web and mail transfer. Therefore, monitoring DNS traffic has potential to detect host anomalies such as spammers and infected hosts in a network. However, previous works assume a small number of hosts or target on domain name anomalies, so that they cannot be applied to a large-scale networks due to performance issues. A large number of hosts and long-term tracing consume computational resources and make realtime analysis difficult. In this paper, we propose anomaly detection for DNS servers using frequent host selection, which selects only potential hosts and does not depend on the number of hosts. We evaluate the proposed system using DNS traffic for 6 months of tracing, and show that the system can feasibly handle hosts in the dataset and detect anomalies, such as mail servers suffering from spam and DNS servers are configured incorrectly.

本文言語English
ホスト出版物のタイトルProceedings - 2009 International Conference on Advanced Information Networking and Applications, AINA 2009
ページ853-860
ページ数8
DOI
出版ステータスPublished - 2009 10 5
外部発表はい
イベント2009 International Conference on Advanced Information Networking and Applications, AINA 2009 - Bradford, United Kingdom
継続期間: 2009 5 262009 5 29

出版物シリーズ

名前Proceedings - International Conference on Advanced Information Networking and Applications, AINA
ISSN(印刷版)1550-445X

Conference

Conference2009 International Conference on Advanced Information Networking and Applications, AINA 2009
国/地域United Kingdom
CityBradford
Period09/5/2609/5/29

ASJC Scopus subject areas

  • 工学(全般)

フィンガープリント

「Anomaly detection for DNS servers using frequent host selection」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル