• DocumentCode
    2227883
  • Title

    Mass MailingWorm Detection by Means of Situation Aware DNS

  • Author

    Chatzis, Nikolaos

  • Author_Institution
    Fraunhofer Inst., FOKUS, Berlin
  • fYear
    2007
  • fDate
    21-23 March 2007
  • Firstpage
    279
  • Lastpage
    286
  • Abstract
    The domain name system (DNS) is a critical infrastructural component of Internet, since it constitutes the essential first link in the entire chain of Internet connectivity. Enriching DNS functionality with in-network decision making capabilities can enable DNS to protect effectively both itself and the Internet, minimizing simultaneously human intervention. Decision making builds on the concept of situation awareness i.e. the ability of the name servers to infer a behavioural model of each host sending queries to them. We present a method for automatic behaviour classification on the name servers to detect mass mailing worm activity. Our method is based on applying spatial data mining in combination with the wavelet transform on DNS queries. We present the experimental results collected after applying our method on real DNS traffic captured at the name servers of a corporate network, which serves daily 400-500 users
  • Keywords
    Internet; data mining; decision making; invasive software; query processing; wavelet transforms; DNS queries; Internet; decision making; domain name system; mass mailing; spatial data mining; wavelet transform; worm detection; Data mining; Decision making; Domain Name System; Humans; Internet; Network servers; Protection; Telecommunication traffic; Wavelet transforms; Web server;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Autonomous Decentralized Systems, 2007. ISADS '07. Eighth International Symposium on
  • Conference_Location
    Sedona, AZ
  • Print_ISBN
    0-7695-2804-X
  • Type

    conf

  • DOI
    10.1109/ISADS.2007.46
  • Filename
    4144681
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2227883