DocumentCode :
2178031
Title :
Classification of DNS Queries for Anomaly Detection
Author :
Shi, Hongyu ; Iwasaki, Kenichi
Author_Institution :
Libr. & Inf. Acad. Center, Tokyo Metropolitan Univ., Tokyo, Japan
fYear :
2013
fDate :
2-4 Dec. 2013
Firstpage :
130
Lastpage :
131
Abstract :
We propose a new method that uses a neural network, the Growing Hierarchical Self-Organizing Map (GHSOM), to analyze the DNS query log files. Due to the structure of the DNS query frequency, infected computers are easy to detect. Our experiment shows the different DNS query structure between healthy and infected computers.
Keywords :
computer network security; pattern classification; query processing; self-organising feature maps; DNS query classification; DNS query frequency structure; DNS query log file analysis; Domain Name System; GHSOM; anomaly detection; growing hierarchical self-organizing map; healthy computers; infected computer detection; neural network; Computer crime; Computers; Internet; Malware; Time series analysis; Training; Vectors; DNS; GHSOM; classification; query interval;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Dependable Computing (PRDC), 2013 IEEE 19th Pacific Rim International Symposium on
Conference_Location :
Vancouver, BC
Type :
conf
DOI :
10.1109/PRDC.2013.27
Filename :
6820853
Link To Document :
https://search.ricest.ac.ir/dl/search/defaultta.aspx?DTC=49&DC=2178031
بازگشت