Marchal, Samuel[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
François, Jérôme[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Wagner, Cynthia[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Engel, Thomas[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
May-2012
Proceedings of the 11th International IFIP TC 6 Networking Conference, Prague, Czech Republic, May 21-25 2012
Springer Berlin Heidelberg
370-384
Yes
No
International
978-3-642-30044-8
Networking 2012
21-25 May 2012
Czech Technical University in Prague
Prague
Czech Republic
[en] DNS probing ; scanning ; Semantic
[en] The DNS structure discloses useful information about the organization and the operation of an enterprise network, which can be used for designing attacks as well as monitoring domains supporting malicious activities. Thus, this paper introduces a new method for exploring the DNS domains. Although our previous work described a tool to generate existing DNS names accurately in order to probe a domain automatically, the approach is extended by leveraging semantic analysis of domain names. In particular, the semantic distributional similarity and relatedness of sub-domains are considered as well as sequential patterns. The evaluation shows that the discovery is highly improved while the overhead remains low, comparing with non semantic DNS probing tools including ours and others.
Interdisciplinary Centre for Security, Reliability and Trust