DNSSM: A large-scale Passive DNS Security Monitoring Framework

Marchal, Samuel; François, Jérôme; Wagner, Cynthia; State, Radu; Dulaunoy, Alexandre; Engel, Thomas; Festor, Olivier

doi:10.1109/NOMS.2012.6212019

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

DNSSM: A large-scale Passive DNS Security Monitoring Framework

Marchal, Samuel; François, Jérôme; Wagner, Cynthia et al.

2012 • In IEEE/IFIP Network Operations and Management Symposium, p. 988 - 993

Peer reviewed

Permalink
https://hdl.handle.net/10993/13059

DOI
10.1109/NOMS.2012.6212019

Files (2)Send to Details Statistics Bibliography Similar publications

Files

Full Text

noms12 _cameraready.pdf

Author postprint (970.14 kB)

Download

Annexes

presentation.pdf

(1.54 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Passive DNS Analysis; Large scale Monitoring; Data Mining

Abstract :

[en] We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DSNSM is implemented and operational on several networks. We validate the framework against two large trace sets.

Research center :

Interdisciplinary Center for Security, Reliability and Trust

Disciplines :

Computer science

Identifiers :

UNILU:UL-CONFERENCE-2012-108

Author, co-author :

Marchal, Samuel ; Université Poincaré, Nancy, France

François, Jérôme ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Wagner, Cynthia ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

State, Radu ; INRIA Nancy Grand Est, Nancy, France

Dulaunoy, Alexandre

Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Festor, Olivier; INRIA Nancy Grand Est

Language :

English

Title :

DNSSM: A large-scale Passive DNS Security Monitoring Framework

Publication date :

April 2012

Event name :

NOMS 2012

Event place :

Maui, United States - Hawaii

Event date :

16-20 May 2012

Audience :

International

Journal title :

IEEE/IFIP Network Operations and Management Symposium

ISSN :

1542-1201

Publisher :

IEEE

Pages :

988 - 993

Peer reviewed :

Peer reviewed

Available on ORBilu :

since 13 December 2013

Statistics

Number of views

169 (4 by Unilu)

Number of downloads

364 (4 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

WoS citations^™