DocumentCode :
2972698
Title :
Semantic based DNS forensics
Author :
Marchal, Samuel ; Francois, Jerome ; State, Radu ; Engel, Thomas
Author_Institution :
SnT, Univ. of Luxembourg, Luxembourg, Luxembourg
fYear :
2012
fDate :
2-5 Dec. 2012
Firstpage :
91
Lastpage :
96
Abstract :
In network level forensics, Domain Name Service (DNS) is a rich source of information. This paper describes a new approach to mine DNS data for forensic purposes. We propose a new technique that leverages semantic and natural language processing tools in order to analyze large volumes of DNS data. The main research novelty consists in detecting malicious and dangerous domain names by evaluating the semantic similarity with already known names. This process can provide valuable information for reconstructing network and user activities. We show the efficiency of the method on experimental real datasets gathered from a national passive DNS system.
Keywords :
Internet; digital forensics; domain name service; national passive DNS system; network level forensics; network reconstruction; semantic based DNS forensics; user activities; Complexity theory; Context; Forensics; IP networks; Measurement; Semantics; Servers;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Information Forensics and Security (WIFS), 2012 IEEE International Workshop on
Conference_Location :
Tenerife
Print_ISBN :
978-1-4673-2285-0
Electronic_ISBN :
978-1-4673-2286-7
Type :
conf
DOI :
10.1109/WIFS.2012.6412631
Filename :
6412631
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2972698
بازگشت