DNS Based Spam Bots Detection in a University

Author

Romaa, D.A.L. ; Kubota, Shinichiro ; Sugitani, Kenichi ; Musashi, Yasuo

Author_Institution

Grad. Sch. of Sci. & Technol., Kumamoto Univ., Kumamoto

fYear

2008

fDate

1-3 Nov. 2008

Firstpage

205

Lastpage

208

Abstract

We carried out an entropy study on the DNS query traffic from the outside of a university campus network to the top domain DNS server when querying about reverse resolution on the PC room terminals through April 1st, 2007 to April 30th, 2008. The following interesting results are given: (1) In January 17th, 2008, the DNS query traffic is mainly dominated by several specific IP addresses as their query keywords. (2) We carried out forensic analysis on the PC room terminals in which IP addresses are found in the several specific keywords and it is concluded that the PCs become spam bots when inserting USB based key disk storage.

Keywords

IP networks; Internet; educational computing; educational institutions; entropy; network servers; query processing; security of data; telecommunication traffic; DNS query traffic; DNS server; IP addresses; USB based key disk storage; entropy; forensic analysis; spam bots detection; university campus network; Entropy; Forensics; Frequency estimation; Information technology; Intelligent networks; Intelligent systems; Multimedia systems; Network servers; Telecommunication traffic; Unsolicited electronic mail; Bots; Campus Network; DNS based Detection; Spam Bots;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligent Networks and Intelligent Systems, 2008. ICINIS '08. First International Conference on

Conference_Location

Wuhan

Print_ISBN

978-0-7695-3391-9

Electronic_ISBN

978-0-7695-3391-9

Type

conf

DOI

10.1109/ICINIS.2008.54

Filename

4683202