K-means and adaptive k-means algorithms for clustering DNS traffic

Authors:
Qinghui Xu;Daniel Migault;Stéphane Sénécal;Stanislas Francfort
Affiliations:
Orange Labs, Issy-les-Moulineaux CEDEX;Orange Labs, Issy-les-Moulineaux CEDEX;Orange Labs, Issy-les-Moulineaux CEDEX;Orange Labs, Issy-les-Moulineaux CEDEX
Venue:
Proceedings of the 5th International ICST Conference on Performance Evaluation Methodologies and Tools
Year:
2011

Citing 2
Cited 0

Efficient Pattern Recognition Using a New Transformation Distance

Advances in Neural Information Processing Systems 5, [NIPS Conference]
Bayesian Quadratic Discriminant Analysis

The Journal of Machine Learning Research

Quantified Score

Hi-index	0.00

Visualization

Abstract

Internet Service Providers' DNS traffic can be up to 120000 queries per second and increases around 8% every month. DNSSEC is expected to replace DNS and brings new challenge to naming resolution with heavy signature check. This paper provides an architecture, where incoming DNS traffic is split according to the DNS query rather than to its IP address, in order to minimize the number of signature checks. To split DNS traffic among the different nodes of the platform, k-means clustering algorithms are considered. This paper proposes an enhancement of the standard algorithm: an adaptive k-means and compares performance of both methods on simulated data from a Gaussian mixture model and on real DNS traffic data from the Orange IP network.