2009 International Conference on Advanced Information Networking and Applications (2009)
Bradford, United Kingdom
May 26, 2009 to May 29, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/AINA.2009.93
DNS is one of the internet's fundamental building blocks, used by various applications such as web and mail transfer. Therefore, monitoring DNS traffic has potential to detect host anomalies such as spammers and infected hosts in a network. However, previous works assume a small number of hosts or target on domain name anomalies, so that they cannot be applied to a large-scale networks due to performance issues. A large number of hosts and long-term tracing consume computational resources and make real-time analysis difficult. In this paper, we propose anomaly detection for DNS servers using frequent host selection, which selects only potential hosts and does not depend on the number of hosts. We evaluate the proposed system using DNS traffic for 6 months of tracing, and show that the system
Y. Miyake, M. Terabe, A. Yamada, N. Kato and K. Hashimoto, "Anomaly Detection for DNS Servers Using Frequent Host Selection," 2009 International Conference on Advanced Information Networking and Applications(AINA), Bradford, United Kingdom, 2009, pp. 853-860.