Title :
Identifying and Classifying Suspicious Network Behavior Using Passive DNS Analysis
Author :
Kaio R.S. Barbosa;Eduardo Souto;Eduardo Feitosa;Khalil El-Khatib
Author_Institution :
Fed. Univ. of Amazonas, Brazil
Abstract :
Global Domain Name System (DNS) traffic provides a unique perspective on domain names usage by both legitimate users and suspicious applications. Beyond conventional DNS analysis queries and responses altogether, in this paper we investigate domain name queries to identify suspicious network traffic at.br country code Top-Level Domain (ccTLD) authoritative name servers. By monitoring and modeling three DNS components into a direct graph, we expect that network operators are able to understand communication patterns between hosts and domain names, and the real purpose for a name resolution such as in mass Spam or in network reconnaissance attacks. This paper identifies relevant hosts for analysis among network traffic, reducing the number entities to be investigated.
Keywords :
"IP networks","Servers","Electronic mail","Monitoring","Internet","Reconnaissance","Domain Name System"
Conference_Titel :
Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on
DOI :
10.1109/CIT/IUCC/DASC/PICOM.2015.25
