Detection of DNS Traffic Anomalies in Large Networks

Authors

ČERMÁK Milan ČELEDA Pavel VYKOPAL Jan

Year of publication 2014
Type Article in Proceedings
Conference Advances in Communication Networking, Lecture Notes in Computer Science, Vol. 8846
MU Faculty or unit

Institute of Computer Science

Citation
Web http://dx.doi.org/10.1007/978-3-319-13488-8_20
Doi http://dx.doi.org/10.1007/978-3-319-13488-8_20
Field Informatics
Keywords domain name system; DNS; IP flow monitoring; IPFIX; traffic anomaly detection; internet measurements
Attached files
Description Almost every Internet communication is preceded by a translation of a DNS name to an IP address. Therefore monitoring of DNS traffic can effectively extend capabilities of current methods for network traffic anomaly detection. In order to effectively monitor this traffic, we propose a new flow metering algorithm that saves resources of a flow exporter. Next, to show benefits of the DNS traffic monitoring for anomaly detection, we introduce novel detection methods using DNS extended flows. The evaluation of these methods shows that our approach not only reveals DNS anomalies but also scales well in a campus network.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info