Title :
NIS04-2: Detection of DNS Anomalies using Flow Data Analysis
Author :
Karasaridis, Anestis ; Meier-Hellstern, Kathleen ; Hoeflin, David
Author_Institution :
AT&T Labs., Middletown, NJ
fDate :
Nov. 27 2006-Dec. 1 2006
Abstract :
The Domain Name System (DNS) is an essential network infrastructure component since it supports the operation of the Web, Email, Voice over IP (VoIP) and other business- critical applications running over the network. Events that compromise the security of DNS can have a significant impact on the Internet since they can affect its availability and its intended operation. This paper describes algorithms used to monitor and detect certain types of attacks to the DNS infrastructure using flow data. Our methodology is based on algorithms that do not rely on known signature attack vectors. The effectiveness of our solution is illustrated with real and simulated traffic examples. In one example, we were able to detect a tunneling attack well before the appearance of public reports of it.
Keywords :
Internet; telecommunication security; telecommunication traffic; DNS security; Internet; VoIP; anomaly detection; domain name system; email; flow data analysis; tunneling attack detection; voice over IP; Computer crime; Data analysis; Data security; Detectors; Domain Name System; Electronic mail; Monitoring; Protocols; Tunneling; Web server;
Conference_Titel :
Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE
Conference_Location :
San Francisco, CA
Print_ISBN :
1-4244-0356-1
Electronic_ISBN :
1930-529X
DOI :
10.1109/GLOCOM.2006.280
