Skip to main content
SpringerLink
Log in

Tracking Anomalous Behaviors of Name Servers by Mining DNS Traffic

  • Conference paper
Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops (ISPA 2006)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4331))

Abstract

This paper seeks to quantitatively understand the nature of the current threat towards the common name servers. A new tracking technique based on statistical model is proposed to locate the anomalous name servers by analyzing the real-world DNS traffic. After summarizing the attacks towards DNS, the detection method based on associative feature analysis is presented. Experiments are conducted which highlighting both the payload anomaly and the data flow anomaly, and the experimental results reveal the efficiency of our method in detecting the anomalous behaviors of name servers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Mockapetris, P.V.: Domain Names: Concepts and Facilities. RFC 1034 (1987)

    Google Scholar 

  2. Mockapetris, P.V.: Domain Names: Implementation and Specification. RFC 1035 (1987)

    Google Scholar 

  3. Pappas, V., Xu, Z.G., Lu, S., Massey, D., Terzis, A., Zhang, L.X.: Impact of Configuration Errors on DNS Robustness. In: SIGCOMM 2004: Proceedings of the 2004 conference on Ap-plications, technologies, architectures, and protocols for computer communications, pp. 319–330. ACM Press, New York (2004)

    Chapter  Google Scholar 

  4. Thurrott, P.: Microsoft Suffers Another DoS Attack, http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/19770/WindowsSecurity19770.html (2001)

  5. Danzig, P.B., Obraczka, K., Kumar, A.: An Analysis of Wide-area Name Server Traffic: A Study of the Domain Name System. In: Proceeding of ACM SIGCOMM, pp. 281–292 (1992)

    Google Scholar 

  6. Brownlee, N., Claffy, K., Nemeth, E.: DNS Measurements at a Root Server. In: IEEE Global Telecommunications Conference, San Antonio, TX, pp. 1672–1676 (2001)

    Google Scholar 

  7. Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and the Effectiveness of Caching. In: Proceedings of the First ACM SIGCOMM IMW, pp. 153–167. ACM Press, New York (2001)

    Chapter  Google Scholar 

  8. CAIDA. Nameserver DoS Attack (October 2002) (2004) http://www.caida.org/projects/dns-analysis/

  9. Ram, S., William, R.W.: A Statistical Technique for Computer Identification of Outliers in Multivariate Data, http://www.nasa.gov/centers/dryden/pdf/87795main_H-657.pdf

  10. Zhang, H.L., Fang, B.X., Hu, M.Z.: A survey on Internet measurement and analysis. Journal of Software 14(1), 110–116 (2003)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Research Center of Computer Network and Information Security Technology, Harbin Institute of Technology, Harbin, 150001, Heilongjiang, China

    Yao Wang, Ming-zeng Hu, Bin Li & Bo-ru Yan

Authors
  1. Yao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ming-zeng Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bin Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bo-ru Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computing, School of Informatics, University of Bradford, BD7 1DP, Bradford, U.K.

    Geyong Min

  2. Dipartimento di Ingegneria dell’ Informazione - Second, University of Naples - Italy, Real Casa dell’Annunziata - via Roma, 29 81031, Aversa (CE), Italy

    Beniamino Di Martino

  3. Department of Computer Science, St. Francis Xavier University, Antigonish, Canada

    Laurence T. Yang

  4. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200030, Shanghai, China

    Minyi Guo

  5. Department of Computer Science, Chemnitz University of Technology, Germany

    Gudula Rünger

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Wang, Y., Hu, Mz., Li, B., Yan, Br. (2006). Tracking Anomalous Behaviors of Name Servers by Mining DNS Traffic. In: Min, G., Di Martino, B., Yang, L.T., Guo, M., Rünger, G. (eds) Frontiers of High Performance Computing and Networking – ISPA 2006 Workshops. ISPA 2006. Lecture Notes in Computer Science, vol 4331. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11942634_37

Download citation

  • DOI: https://doi.org/10.1007/11942634_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-49860-5

  • Online ISBN: 978-3-540-49862-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation