Visual Detection of Anomalies in DNS Query Log Data

Author

Guihua Shan ; Yang Wang ; Maojin Xie ; Haopu Lv ; Xuebin Chi

Author_Institution

Comput. Network Inf. Center, Beijing, China

fYear

2014

fDate

4-7 March 2014

Firstpage

258

Lastpage

261

Abstract

DNS (Domain Name System) is an essential component of the functionality of the Internet, which converts domain names to the IP addresses. The security of DNS is related to the whole Internet. DNS query log file provide the insights of the DNS security. In this paper we propose an interactive visual analysis system for the DNS log files to intuitively detect the anomalies in DNS query logs. With a theme river based ranking visualization linked with Heat-Dial-map and tree map, user could easy identify anomalies and then further analyze regional and temporal features to help the administrators figure out the reason. Moreover, the features of DNS queries in time and region could also be analysis with this system.

Keywords

IP networks; Internet; computer network security; data visualisation; interactive systems; query processing; tree data structures; DNS query log data; DNS query log file; DNS security; Heat-Dial-map; IP addresses; Internet; domain name system; interactive visual analysis system; regional feature analysis; river-based ranking visualization; temporal feature analysis; tree map; visual anomaly detection; Data visualization; Heating; Image color analysis; Internet; Market research; Rivers; Visualization; DNS; abnormal detection; ranking;

fLanguage

English

Publisher

ieee

Conference_Titel

Visualization Symposium (PacificVis), 2014 IEEE Pacific

Conference_Location

Yokohama

Type

conf

DOI

10.1109/PacificVis.2014.23

Filename

6787177