Abstract
This paper seeks to quantitatively understand the nature of the current threat towards the common name servers. A new tracking technique based on statistical model is proposed to locate the anomalous name servers by analyzing the real-world DNS traffic. After summarizing the attacks towards DNS, the detection method based on associative feature analysis is presented. Experiments are conducted which highlighting both the payload anomaly and the data flow anomaly, and the experimental results reveal the efficiency of our method in detecting the anomalous behaviors of name servers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mockapetris, P.V.: Domain Names: Concepts and Facilities. RFC 1034 (1987)
Mockapetris, P.V.: Domain Names: Implementation and Specification. RFC 1035 (1987)
Pappas, V., Xu, Z.G., Lu, S., Massey, D., Terzis, A., Zhang, L.X.: Impact of Configuration Errors on DNS Robustness. In: SIGCOMM 2004: Proceedings of the 2004 conference on Ap-plications, technologies, architectures, and protocols for computer communications, pp. 319–330. ACM Press, New York (2004)
Thurrott, P.: Microsoft Suffers Another DoS Attack, http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/19770/WindowsSecurity19770.html (2001)
Danzig, P.B., Obraczka, K., Kumar, A.: An Analysis of Wide-area Name Server Traffic: A Study of the Domain Name System. In: Proceeding of ACM SIGCOMM, pp. 281–292 (1992)
Brownlee, N., Claffy, K., Nemeth, E.: DNS Measurements at a Root Server. In: IEEE Global Telecommunications Conference, San Antonio, TX, pp. 1672–1676 (2001)
Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and the Effectiveness of Caching. In: Proceedings of the First ACM SIGCOMM IMW, pp. 153–167. ACM Press, New York (2001)
CAIDA. Nameserver DoS Attack (October 2002) (2004) http://www.caida.org/projects/dns-analysis/
Ram, S., William, R.W.: A Statistical Technique for Computer Identification of Outliers in Multivariate Data, http://www.nasa.gov/centers/dryden/pdf/87795main_H-657.pdf
Zhang, H.L., Fang, B.X., Hu, M.Z.: A survey on Internet measurement and analysis. Journal of Software 14(1), 110–116 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, Y., Hu, Mz., Li, B., Yan, Br. (2006). Tracking Anomalous Behaviors of Name Servers by Mining DNS Traffic. In: Min, G., Di Martino, B., Yang, L.T., Guo, M., Rünger, G. (eds) Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops. ISPA 2006. Lecture Notes in Computer Science, vol 4331. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11942634_37
Download citation
DOI: https://doi.org/10.1007/11942634_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-49860-5
Online ISBN: 978-3-540-49862-9
eBook Packages: Computer ScienceComputer Science (R0)