Reference : Semantic based DNS Forensics
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/13058
Semantic based DNS Forensics
English
Marchal, Samuel mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
François, Jérôme mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
State, Radu mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Engel, Thomas mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Dec-2012
Proceedings of the IEEE International Workshop on Information Forensics and Security
IEEE
91 - 96
Yes
No
International
978-1-4673-2285-0
WIFS’12
2-5 December
University of Vigo, Spain
Tenerife
Spain
[en] In network level forensics, Domain Name Service (DNS) is a rich source of information. This paper describes a new approach to mine DNS data for forensic purposes. We propose a new technique that leverages semantic and natural language processing tools in order to analyze large volumes of DNS data. The main research novelty consists in detecting malicious and dangerous domain names by evaluating the semantic similarity with already known names. This process can provide valuable information for reconstructing network and user activities. We show the efficiency of the method on experimental real datasets gathered from a national passive DNS system.
Interdisciplinary Centre for Security, Reliability and Trust
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/13058
10.1109/WIFS.2012.6412631

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
wifs12.pdfNo commentaryAuthor postprint728.91 kBView/Open

Additional material(s):

File Commentary Size Access
Open access
presentation.pdf2.17 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.