Title :
Detecting anomalies in DNS protocol traces via Passive Testing and Process Mining
Author :
Saint-Pierre, Cecilia ; Cifuentes, Francisco ; Bustos-Jimenez, Javier
Author_Institution :
Comput. Sci. Dept., Pontificia Univ. Catolica, Santiago, Chile
Abstract :
In this article we present our first approach in using Passive Testing (used in protocol and software conformance checking) and Process Mining (used in enterprise workflow analysis) techniques for analyzing DNS operation traces. We propose a process approach for DNS protocol, modeling it as a sequence of structured activities, queries and responses that are executed by actors, in this case clients and servers, with the objective of exchange some valuable information. As an example, we applied our techniques over A Day in Internet Life DNS traces for showing how easily a mail bonnet attack can be discovered. We conclude that with our first approach this techniques have promising future in order to analyze DNS traces, and plan to extend the testing for conformance against the formal definition of DNS presented in the RFC 1035.
Keywords :
Internet; computer network security; conformance testing; data mining; protocols; DNS operation traces; DNS protocol; DNS traces; RFC 1035; anomaly detection; conformance testing; enterprise workflow analysis; formal definition; mail bonnet attack; passive testing; process mining; software conformance checking; structured activity; Business; Data mining; Electronic mail; Internet; Protocols; Servers; Testing;
Conference_Titel :
Communications and Network Security (CNS), 2014 IEEE Conference on
Conference_Location :
San Francisco, CA
DOI :
10.1109/CNS.2014.6997534
