Information Retrieval: Computational and Theoretical Aspects
Information Retrieval: Computational and Theoretical Aspects
Proceedings of the 2nd ACM/IEEE-CS joint conference on Digital libraries
DNS performance and the effectiveness of caching
IEEE/ACM Transactions on Networking (TON)
A formal derivation of Heaps' Law
Information Sciences—Informatics and Computer Science: An International Journal
Inferring Internet denial-of-service activity
ACM Transactions on Computer Systems (TOCS)
Context-aware clustering of DNS query traffic
Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
Bayesian bot detection based on DNS traffic similarity
Proceedings of the 2009 ACM symposium on Applied Computing
Similarity Search over DNS Query Streams for Email Worm Detection
AINA '09 Proceedings of the 2009 International Conference on Advanced Information Networking and Applications
Measuring Internet Growth from DNS Observations
FITME '09 Proceedings of the 2009 Second International Conference on Future Information Technology and Management Engineering
DNS measurements at the .CN TLD servers
FSKD'09 Proceedings of the 6th international conference on Fuzzy systems and knowledge discovery - Volume 7
Tracking anomalous behaviors of name servers by mining DNS traffic
ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
Hi-index | 0.00 |
In this paper, we describe a new statistical approach to detect traffic anomalies in the Domain Name System (DNS). By analyzing real-world DNS traffic data collected at some large DNS servers both authoritative and local, we find that normally the DNS traffic follows Heap's law in dual ways. Then we utilize these findings to characterize DNS traffic properties under normal network conditions. Based on these properties, we make estimations for the traffic of forthcoming. If the forthcoming traffic actually varies a lot with our estimations, then we can infer that some anomaly happens. Our approach is simple enough and can work in real-time. Experiments on both real and simulated DNS traffic anomalies show that our approach can detect most of the common anomalies in DNS traffic effectively.