• DocumentCode
    3716488
  • Title

    Identifying and Classifying Suspicious Network Behavior Using Passive DNS Analysis

  • Author

    Kaio R.S. Barbosa;Eduardo Souto;Eduardo Feitosa;Khalil El-Khatib

  • Author_Institution
    Fed. Univ. of Amazonas, Brazil
  • fYear
    2015
  • Firstpage
    160
  • Lastpage
    167
  • Abstract
    Global Domain Name System (DNS) traffic provides a unique perspective on domain names usage by both legitimate users and suspicious applications. Beyond conventional DNS analysis queries and responses altogether, in this paper we investigate domain name queries to identify suspicious network traffic at.br country code Top-Level Domain (ccTLD) authoritative name servers. By monitoring and modeling three DNS components into a direct graph, we expect that network operators are able to understand communication patterns between hosts and domain names, and the real purpose for a name resolution such as in mass Spam or in network reconnaissance attacks. This paper identifies relevant hosts for analysis among network traffic, reducing the number entities to be investigated.
  • Keywords
    "IP networks","Servers","Electronic mail","Monitoring","Internet","Reconnaissance","Domain Name System"
  • Publisher
    ieee
  • Conference_Titel
    Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on
  • Type

    conf

  • DOI
    10.1109/CIT/IUCC/DASC/PICOM.2015.25
  • Filename
    7363066
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3716488