Tracking anomalous behaviors of name servers by mining DNS traffic

  • Authors:

  • Yao Wang;Ming-zeng Hu;Bin Li;Bo-ru Yan

  • Affiliations:

  • Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China;Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, Heilongjiang, China

  • Venue:
  • ISPA'06 Proceedings of the 2006 international conference on Frontiers of High Performance Computing and Networking
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

This paper seeks to quantitatively understand the nature of the current threat towards the common name servers. A new tracking technique based on statistical model is proposed to locate the anomalous name servers by analyzing the real-world DNS traffic. After summarizing the attacks towards DNS, the detection method based on associative feature analysis is presented. Experiments are conducted which highlighting both the payload anomaly and the data flow anomaly, and the experimental results reveal the efficiency of our method in detecting the anomalous behaviors of name servers.