DocumentCode
3716488
Title
Identifying and Classifying Suspicious Network Behavior Using Passive DNS Analysis
Author
Kaio R.S. Barbosa;Eduardo Souto;Eduardo Feitosa;Khalil El-Khatib
Author_Institution
Fed. Univ. of Amazonas, Brazil
fYear
2015
Firstpage
160
Lastpage
167
Abstract
Global Domain Name System (DNS) traffic provides a unique perspective on domain names usage by both legitimate users and suspicious applications. Beyond conventional DNS analysis queries and responses altogether, in this paper we investigate domain name queries to identify suspicious network traffic at.br country code Top-Level Domain (ccTLD) authoritative name servers. By monitoring and modeling three DNS components into a direct graph, we expect that network operators are able to understand communication patterns between hosts and domain names, and the real purpose for a name resolution such as in mass Spam or in network reconnaissance attacks. This paper identifies relevant hosts for analysis among network traffic, reducing the number entities to be investigated.
Keywords
"IP networks","Servers","Electronic mail","Monitoring","Internet","Reconnaissance","Domain Name System"
Publisher
ieee
Conference_Titel
Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on
Type
conf
DOI
10.1109/CIT/IUCC/DASC/PICOM.2015.25
Filename
7363066
Link To Document