DNSSM: A large scale passive DNS security monitoring framework

Proceedings of the 2012 IEEE Network Operations and Management Symposium, NOMS 2012

Volumn , Issue , 2012, Pages 988-993

  Marchal, Samuel ^a   Francois, Jerome ^a   Wagner, Cynthia ^a   State, Radu ^a   Dulaunoy, Alexandre ^b   Engel, Thomas ^a   Festor, Olivier ^c  

^a UNIVERSITY OF LUXEMBOURG   (Luxembourg)

^b CIRCL   (Luxembourg)

^c INRIA   (France)

Author keywords

[No Author keywords available]

Indexed keywords

ACTIVITY PROFILE; ARCHITECTURAL APPROACH; CLUSTERING TECHNIQUES; DISTRIBUTED PROCESSING; MONITORING APPROACH; OFFLINE; SECURITY MONITORING; STATE OF THE ART; SYSTEM LEVELS;

COMPUTER NETWORKS; HARDWARE;

INTERNET PROTOCOLS;

EID: 84864221133     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/NOMS.2012.6212019     Document Type: Conference Paper

References (26)

1. P. Mockapetris, "Rfc 1034: Domain names - concepts and facilities," 1987.
2. -, "Rfc 1035: Domain names - implementation and specification," 1987.
3. K. Dan, "Ozymandns : Kaminsky dns tunnel," 2005.
4. DAMBALA, "The command structure of the aurora botnet," March 2010.
5. -, "Botnet communication topologies," 2009.
6. "Akamai cdn," http://www.akamai.com/.
7. F. Weimer, "Passive dns replication," 2005.
8. CRAN, "R-project," http://www.r-project.org.
9. H. Mark, F. Eibe, H. Geoffrey, P. Bernhard, R. Peter, and W. Ian, "The weka data mining software: An update," 2009.
10. C. E. Shannon, "A mathematical theory of communication," Bell system technical journal, vol. 27, 1948.
11. C. Huang, A. Wang, J. Li, and K. W. Ross, "Measuring and evaluating large-scale cdns paper withdrawn at mirosoft's request," in Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, ser. IMC '08. New York, NY, USA: ACM, 2008, pp. 15-29. [Online]. Available: http://dl.acm.org/citation. cfm?id=1452520.1455517
12. J. A. Hartigan and M. A. Wong, "A k-means clustering algorithm," Applied Statistics, vol. 28, 1979.
13. S. Yadav, A. K. Reddy, N. Reddy, and S. Ranjan, "Detecting algorithimically generated malicious domain names," 2011.
14. K. Born and D. Gustafson, "Detecting dns tunnels using character frequency analysis," CoRR, vol. abs/1004.4358, 2010.
15. D. Dagon, N. Provos, C. P. Lee, and W. Lee, "Corrupted dns resolution paths: The rise of a malicious resolution authority."
16. A. Hunt, "Visualizing the hosting patterns of modern cybercriminal," September 2010.
17. D. Plonka and P. Barford, "Context-aware clustering of dns query traffic." in Internet Measurement Comference'08, 2008, pp. 217-230.
18. M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster, "Building a dynamic reputation system for dns," in Proceedings of the 19th USENIX conference on Security, ser. USENIX Security'10. Berkeley, CA, USA: USENIX Association, 2010, pp. 18-18.
19. B. Zdrnja, N. Brownlee, and D. Wessels, "Passive monitoring of dns anomalies," in Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, ser. DIMVA '07. Berlin, Heidelberg: Springer-Verlag, 2007, pp. 129-139.
20. L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, "Finding malicious domains using passive dns analysis," in NDSS'11, 18th Annual Network & Distributed System Security Symposium, 6-9 February 2011, San Diego, California, USA, February 2011.
21. B. Zdrnja, "Security monitoring of dns traffic," May 2006.
22. M. Antonakakis, D. Dagon, X. Luo, R. Perdisci, W. Lee, and J. Bellmor, "A centralized monitoring infrastructure for improving dns security," in Proceedings of the 13th international conference on Recent advances in intrusion detection, ser. RAID'10. Berlin, Heidelberg: Springer-Verlag, 2010, pp. 18-37.
23. J. M. Spring, "Large scale dns traffic analysis of malicious internet activity with a focus on evaluating the response time of blocking phishing site," Master's thesis, University of Pittsburgh, 2010.
24. R. Perdisci, I. Corona, D. Dagon, and W. Lee, "Detecting malicious flux service networks through passive analysis of recursive dns traces," in Proceedings of the 2009 Annual Computer Security Applications Conference, ser. ACSAC '09. Washington, DC, USA: IEEE Computer Society, 2009, pp. 311-320.
25. H. van der Heide and N. Barendregt, "Dns anomaly detection," 2011.
26. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis, Internet Society. Internet Society, Feb. 2011. [Online]. Available: http://www.iseclab. org/papers/bilge-ndss11.pdf