• DocumentCode
    2329210
  • Title

    NIS04-2: Detection of DNS Anomalies using Flow Data Analysis

  • Author

    Karasaridis, Anestis ; Meier-Hellstern, Kathleen ; Hoeflin, David

  • Author_Institution
    AT&T Labs., Middletown, NJ
  • fYear
    2006
  • fDate
    Nov. 27 2006-Dec. 1 2006
  • Firstpage
    1
  • Lastpage
    6
  • Abstract
    The Domain Name System (DNS) is an essential network infrastructure component since it supports the operation of the Web, Email, Voice over IP (VoIP) and other business- critical applications running over the network. Events that compromise the security of DNS can have a significant impact on the Internet since they can affect its availability and its intended operation. This paper describes algorithms used to monitor and detect certain types of attacks to the DNS infrastructure using flow data. Our methodology is based on algorithms that do not rely on known signature attack vectors. The effectiveness of our solution is illustrated with real and simulated traffic examples. In one example, we were able to detect a tunneling attack well before the appearance of public reports of it.
  • Keywords
    Internet; telecommunication security; telecommunication traffic; DNS security; Internet; VoIP; anomaly detection; domain name system; email; flow data analysis; tunneling attack detection; voice over IP; Computer crime; Data analysis; Data security; Detectors; Domain Name System; Electronic mail; Monitoring; Protocols; Tunneling; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Global Telecommunications Conference, 2006. GLOBECOM '06. IEEE
  • Conference_Location
    San Francisco, CA
  • ISSN
    1930-529X
  • Print_ISBN
    1-4244-0356-1
  • Electronic_ISBN
    1930-529X
  • Type

    conf

  • DOI
    10.1109/GLOCOM.2006.280
  • Filename
    4150910
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2329210