Title :
Modeling DNS agility with DNSMap
Author :
Berger, A. ; Gansterer, Wilfried N.
Author_Institution :
FTW Telecommun. Res. Center Vienna, Vienna, Austria
Abstract :
More and more Internet services are hosted by Content Distribution Networks or Cloud operators. Often, IP addresses are reused for several services, and the mapping between domain names and IPs has become highly agile. This complicates the analysis of monitoring data, as it is not clear anymore which IP address represents which service at which time. We propose a system that continuously monitors this activity using captured DNS packets in a large network. Thereby we are able to (i) understand the allocation strategies inside a hosting provider, and (ii) report significant changes that are not due the normal agility of a particular service. We evaluate our system using a 2-weeks data set from a large network operator, and demonstrate how it can be used to find malicious sites.
Keywords :
IP networks; Internet; computer network security; resource allocation; DNS agility modeling; DNS packets; DNSMap; IP addresses; Internet services; allocation strategies; cloud operators; content distribution networks; domain names; hosting provider; large network operator; malicious sites; Blogs; Merging; Quality of service; World Wide Web;
Conference_Titel :
Computer Communications Workshops (INFOCOM WKSHPS), 2013 IEEE Conference on
Conference_Location :
Turin
Print_ISBN :
978-1-4799-0055-8
DOI :
10.1109/INFCOMW.2013.6562862
