Reference : DNSSM: A large-scale Passive DNS Security Monitoring Framework
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Engineering, computing & technology : Computer science
http://hdl.handle.net/10993/13059
DNSSM: A large-scale Passive DNS Security Monitoring Framework
English
Marchal, Samuel mailto [Université Poincaré, Nancy, France]
François, Jérôme mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Wagner, Cynthia [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
State, Radu mailto [INRIA Nancy Grand Est, Nancy, France]
Dulaunoy, Alexandre [> >]
Engel, Thomas mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Festor, Olivier [INRIA Nancy Grand Est]
Apr-2012
IEEE/IFIP Network Operations and Management Symposium
IEEE
988 - 993
Yes
International
1542-1201
NOMS 2012
16-20 May 2012
Maui
Hawaii
[en] Passive DNS Analysis ; Large scale Monitoring ; Data Mining
[en] We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DSNSM is implemented and operational on several networks. We validate the framework against two large trace sets.
Interdisciplinary Center for Security, Reliability and Trust
Researchers ; Professionals ; Students
http://hdl.handle.net/10993/13059
10.1109/NOMS.2012.6212019

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
noms12 _cameraready.pdfAuthor postprint947.4 kBView/Open

Additional material(s):

File Commentary Size Access
Open access
presentation.pdf1.51 MBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.