Title :
Anomaly Detection for DNS Servers Using Frequent Host Selection
Author :
Yamada, Akira ; Miyake, Yutaka ; Terabe, Masahiro ; Hashimoto, Kazuo ; Kato, Nei
Author_Institution :
Network Security Lab., KDDI R&D Labs. Inc., Saitama
Abstract :
DNS is one of the internet´s fundamental building blocks, used by various applications such as web and mail transfer. Therefore, monitoring DNS traffic has potential to detect host anomalies such as spammers and infected hosts in a network. However, previous works assume a small number of hosts or target on domain name anomalies, so that they cannot be applied to a large-scale networks due to performance issues. A large number of hosts and long-term tracing consume computational resources and make real-time analysis difficult. In this paper, we propose anomaly detection for DNS servers using frequent host selection, which selects only potential hosts and does not depend on the number of hosts. We evaluate the proposed system using DNS traffic for 6 months of tracing, and show that the system can feasibly handle hosts in the dataset and detect anomalies, such as mail servers suffering from spam and DNS servers are configured incorrectly.
Keywords :
IP networks; Internet; telecommunication security; telecommunication traffic; DNS traffic; Internet; anomaly detection; domain name system; frequent host selection; large-scale networks; Electronic mail; Internet; Large-scale systems; Monitoring; Network servers; Postal services; Telecommunication traffic; Web server;
Conference_Titel :
Advanced Information Networking and Applications, 2009. AINA '09. International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-4000-9
Electronic_ISBN :
1550-445X
DOI :
10.1109/AINA.2009.93
