Assessing the real-world dynamics of DNS

Authors:
Andreas Berger;Eduard Natale
Affiliations:
FTW Telecommunications Research Center Vienna, Austria;FTW Telecommunications Research Center Vienna, Austria
Venue:
TMA'12 Proceedings of the 4th international conference on Traffic Monitoring and Analysis
Year:
2012

Citing 3
Cited 0

Space/time trade-offs in hash coding with allowable errors

Communications of the ACM
Building a dynamic reputation system for DNS

USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Detecting malware domains at the upper DNS hierarchy

SEC'11 Proceedings of the 20th USENIX conference on Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The DNS infrastructure is a key component of the Internet and is thus used by a multitude of services, both legitimate and malicious. Recently, several works demonstrated that malicious DNS activity usually exhibits observable dynamics that may be exploited for detection and mitigation. Clearly, reliable differentiation requires legitimate activity to not show these dynamics. In this paper, we show that this is often not the case, and propose a set of DNS stability metrics that help to efficiently categorize the DNS activity of a diverse set of Internet sites.