Detection of DNS Traffic Anomalies in Large Networks

Almost every Internet communication is preceded by a translation of a DNS name to an IP address. Therefore monitoring of DNS traffic can effectively extend capabilities of current methods for network traffic anomaly detection. In order to effectively monitor this traffic, we propose a new flow meter...

Full description

Saved in:
Bibliographic Details
Published inAdvances in Communication Networking Vol. 8846; pp. 215 - 226
Main Authors Čermák, Milan, Čeleda, Pavel, Vykopal, Jan
Format Book Chapter
LanguageEnglish
Published Switzerland Springer International Publishing AG 01.01.2014
Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Computer science
DNS
Domain name system
Internet measurements
IP flow monitoring
IPFIX
Traffic anomaly detection
Online AccessGet full text

Cover

More Information
Summary:Almost every Internet communication is preceded by a translation of a DNS name to an IP address. Therefore monitoring of DNS traffic can effectively extend capabilities of current methods for network traffic anomaly detection. In order to effectively monitor this traffic, we propose a new flow metering algorithm that saves resources of a flow exporter. Next, to show benefits of the DNS traffic monitoring for anomaly detection, we introduce novel detection methods using DNS extended flows. The evaluation of these methods shows that our approach not only reveals DNS anomalies but also scales well in a campus network.
ISBN:3319134876
9783319134871
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-13488-8_20