• DocumentCode
    623924
  • Title

    Modeling DNS agility with DNSMap

  • Author

    Berger, A. ; Gansterer, Wilfried N.

  • Author_Institution
    FTW Telecommun. Res. Center Vienna, Vienna, Austria
  • fYear
    2013
  • fDate
    14-19 April 2013
  • Firstpage
    3153
  • Lastpage
    3158
  • Abstract
    More and more Internet services are hosted by Content Distribution Networks or Cloud operators. Often, IP addresses are reused for several services, and the mapping between domain names and IPs has become highly agile. This complicates the analysis of monitoring data, as it is not clear anymore which IP address represents which service at which time. We propose a system that continuously monitors this activity using captured DNS packets in a large network. Thereby we are able to (i) understand the allocation strategies inside a hosting provider, and (ii) report significant changes that are not due the normal agility of a particular service. We evaluate our system using a 2-weeks data set from a large network operator, and demonstrate how it can be used to find malicious sites.
  • Keywords
    Web sites; cloud computing; security of data; DNS agility modeling; DNS packets; DNSMap; IP addresses; Internet services; cloud operators; content distribution networks; malicious sites; network operator; Clustering algorithms; Conferences; Facebook; IP networks; Merging; Monitoring; Quality of service;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    INFOCOM, 2013 Proceedings IEEE
  • Conference_Location
    Turin
  • ISSN
    0743-166X
  • Print_ISBN
    978-1-4673-5944-3
  • Type

    conf

  • DOI
    10.1109/INFCOM.2013.6567130
  • Filename
    6567130
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=623924