Title :
Modeling DNS agility with DNSMap
Author :
Berger, A. ; Gansterer, Wilfried N.
Author_Institution :
FTW Telecommun. Res. Center Vienna, Vienna, Austria
Abstract :
More and more Internet services are hosted by Content Distribution Networks or Cloud operators. Often, IP addresses are reused for several services, and the mapping between domain names and IPs has become highly agile. This complicates the analysis of monitoring data, as it is not clear anymore which IP address represents which service at which time. We propose a system that continuously monitors this activity using captured DNS packets in a large network. Thereby we are able to (i) understand the allocation strategies inside a hosting provider, and (ii) report significant changes that are not due the normal agility of a particular service. We evaluate our system using a 2-weeks data set from a large network operator, and demonstrate how it can be used to find malicious sites.
Keywords :
Web sites; cloud computing; security of data; DNS agility modeling; DNS packets; DNSMap; IP addresses; Internet services; cloud operators; content distribution networks; malicious sites; network operator; Clustering algorithms; Conferences; Facebook; IP networks; Merging; Monitoring; Quality of service;
Conference_Titel :
INFOCOM, 2013 Proceedings IEEE
Conference_Location :
Turin
Print_ISBN :
978-1-4673-5944-3
DOI :
10.1109/INFCOM.2013.6567130
