Title :
DNSSM: A large scale passive DNS security monitoring framework
Author :
Marchal, Samuel ; François, Jérome ; Wagner, Cynthia ; State, Radu ; Dulaunoy, Alexandre ; Engel, Thomas ; Festor, Olivier
Author_Institution :
SnT, Univ. of Luxembourg, Luxembourg, Luxembourg
Abstract :
We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DNSSM is implemented and operational on several networks. We validate the framework against two large trace sets.
Keywords :
Internet; computer network security; computerised monitoring; data mining; invasive software; pattern clustering; software architecture; Botnet participating hosts; DNS traffic monitoring; DNSSM; anomalies detection; clustering techniques; data mining approaches; distributed processing facilities; large scale passive DNS security monitoring framework; participating hosts; passive DNS traffic; software architecture; system level activity profiles; Data mining; Entropy; IP networks; Indexes; Internet; Monitoring; Servers;
Conference_Titel :
Network Operations and Management Symposium (NOMS), 2012 IEEE
Conference_Location :
Maui, HI
Print_ISBN :
978-1-4673-0267-8
Electronic_ISBN :
1542-1201
DOI :
10.1109/NOMS.2012.6212019
