Tracking anomalous behaviors of name servers by mining DNS traffic
FRONTIERS OF HIGH PERFORMANCE COMPUTING AND NETWORKING - ISPA 2006 WORKSHOPS, PROCEEDINGS(2006)
摘要
This paper seeks to quantitatively understand the nature of the current threat towards the common name servers. A new tracking technique based on statistical model is proposed to locate the anomalous name servers by analyzing the real-world DNS traffic. After summarizing the attacks towards DNS, the detection method based on associative feature analysis is presented. Experiments are conducted which highlighting both the payload anomaly and the data flow anomaly, and the experimental results reveal the efficiency of our method in detecting the anomalous behaviors of name servers.
更多查看译文
关键词
data flow anomaly,current threat,common name server,detection method,anomalous name server,payload anomaly,associative feature analysis,anomalous behavior,real-world dns traffic,name server,feature analysis,data flow,statistical model
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要