Multi-dimensional Aggregation for DNS Monitoring'

Dolberg, Lautaro; François, Jérôme; Engel, Thomas

doi:10.1109/LCN.2013.6761271

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Multi-dimensional Aggregation for DNS Monitoring'

Dolberg, Lautaro; François, Jérôme; Engel, Thomas

2013 • In Proceedings of the 26th Large Installation System Administration Conference (LISA 12)

Peer reviewed

Permalink
https://hdl.handle.net/10993/28050

DOI
10.1109/LCN.2013.6761271

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

paper.pdf

Publisher postprint (5.67 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Dolberg, Lautaro ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

François, Jérôme ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

External co-authors :

yes

Language :

English

Title :

Multi-dimensional Aggregation for DNS Monitoring'

Publication date :

November 2013

Event name :

26TH LARGE INSTALLATION SYSTEM ADMINISTRATION CONFERENCE (LISA '12)

Event place :

Washington, D.C., United States

Event date :

November 3–8, 2013

By request :

Yes

Journal title :

Proceedings of the 26th Large Installation System Administration Conference (LISA 12)

Peer reviewed :

Peer reviewed

Available on ORBilu :

since 25 July 2016

Statistics

Number of views

87 (6 by Unilu)

Number of downloads

129 (0 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

WoS citations^™

Bibliography

P. Mockapetris, "RFC 1035: Domain Names-Implementation and Specification," 1987.
N. Alexiou, S. Basagiannis, P. Katsaros, T. Dashpande, and S. A. Smolka, "Formal analysis of the kaminsky DNS cache-poisoning attack using probabilistic model checking," in International Symposium on High-Assurance Systems Engineering (HASE). IEEE, 2010.
D. Atkins and R. Austein, "RFC 3833: Threat Analysis of the DNS," 2004.
J. François, S. Wang, R. State, and T. Engel, "Bottrack: Tracking botnets using netflow and pagerank," in NETWORKING 2011. Springer Berlin Heidelberg, 2011, pp. 1-14.
T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling, "Measuring and detecting fast-flux service networks," in Network and Distributed System Security Symposium (NDSS), 2008.
S. Marchal, J. François, R. State, and T. Engel, "Proactive discovery of phishing related domain names," in Recent Advances in Intrusion Detection, ser. LNCS. Springer, 2012. [Online]. Available: Http://lorre.uni.lu/jerome/files/raid12.pdf
S. Hao, N. Feamster, and R. Pandrangi, "Monitoring the initial DNS behavior of malicious domains," in ACM SIGCOMM Internet Measurement Conference (IMC). New York, NY, USA: ACM, 2011.
L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, "Exposure: Finding malicious domains using passive dns analysis," in Network and Distributed System Security Symposium-NDSS, 2011.
C. Wagner, G. Wagener, R. State, and T. Engel, "Malware analysis with graph kernels and support vector machines," in Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on. IEEE, 2009, pp. 63-68.
J. Koziol, Intrusion Detection with Snort. Sams, 2003.
F. Simmross-Wattenberg, J. Asensio-Perez, P. Casaseca-de-la Higuera, M. Martin-Fernandez, I. Dimitriadis, and C. Alberola-Lopez, "Anomaly detection in network traffic based on statistical inference and alpha-stable modeling," Dependable and Secure Computing, IEEE Transactions on, vol. 8, no. 4, 2011.
H. J. Abdelnur, R. State, and O. Festor, "Advanced network fingerprinting," in Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, 2008, pp. 372-389.
R. Perdisci, I. Corona, and G. Giacinto, "Early detection of malicious flux networks via large-scale passive DNS traffic analysis," Transactions on Dependable and Secure Computing, pp. 714-726, 2012.
S. Marchal, J. François, C. Wagner, R. State, A. Dulaunoy, T. Engel, and O. Festor, "DNSSM: A large-scale Passive DNS Security Monitoring Framework," in IEEE/IFIP Network Operations and Management Symposium, 2012.
L. Dolberg, J. Francois, and T. Engel, "Efficient multidimensional aggregation for large scale monitoring," in Large Installation System Administration Conference (USENIX LISA). [Online]. Available: Http://lorre.uni.lu/jerome/files/lisapaperMAM.pdf
E. Passerini, R. Paleari, L. Martignoni, and D. Bruschi, "Fluxor: Detecting and monitoring fast-flux service networks," in International conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 2008.
G. C. Moreira Moura, R. Sadre, A. Sperotto, and A. Pras, "Internet bad neighborhoods aggregation," in IEEE/IFIP Network Operations and Management Symposium (NOMS 2012), April 2012.
F. Weimer, "Passive DNS replication," 2005.
A. Berger and E. Natale, "Assessing the real-world dynamics of DNS," in International conference on Traffic Monitoring and Analysis (TMA). Springer, 2012.
C. Wagner, J. François, T. Engel et al., "Danak: Finding the odd!" in International Conference on Network and System Security (NSS). IEEE, 2011.
B. Zdrnja, N. Brownlee, and D. Wessels, "Passive monitoring of DNS anomalies," in International conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 2007.
R. Perdisci, I. Corona, D. Dagon, and W. Lee, "Detecting malicious flux service networks through passive analysis of recursive DNS traces," in Annual Computer Security Applications Conference (ACSAC), 2009.
M. Felegyhazi, C. Kreibich, and V. Paxson, "On the potential of proactive domain blacklisting," in Conference on Large-scale exploits and emergent threats: Botnets, spyware, worms, and more. USENIX, 2010.
M. Antonakakis, D. Dagon, X. Luo, R. Perdisci, W. Lee, and J. Bellmor, "A centralized monitoring infrastructure for improving DNS security," in Recent Advances in Intrusion Detection, ser. LNCS. Springer, 2010.
H.-T. Lin, Y.-Y. Lin, and J.-W. Chiang, "Genetic-based real-time fastflux service networks detection," Computer Networks, vol. 57, no. 2, pp. 501-513, 2013.
M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou, II, and D. Dagon, "Detecting malware domains at the upper DNS hierarchy," in USENIX Security, 2011.
H. Choi and H. Lee, "Identifying botnets by capturing group activities in DNS traffic," Comput. Netw., vol. 56, no. 1, pp. 20-33, Jan. 2012.
L. Deri, L. L. Trombacchi, M. Martinelli, and D. Vannozzi, "Towards a passive DNS monitoring system," in Symposium on Applied Computing (SAC). ACM, 2012.
K. Born and D. Gustafson, "Detecting dns tunnels using character frequency analysis," Arxiv preprint arXiv:1004.4358, 2010.
S. Yadav, Reddy, A.K.K., Reddy, AL, and S. Ranjan, "Detecting algorithmically generated malicious domain names," in ACM SIGCOMM Internet Measurement Conference (IMC). ACM, 2010.
C. Wagner, J. François, R. State, T. Engel, A. Dulaunoy, and G. Wagener, "SDBF: Smart DNS Brute-Forcer," in IEEE/IFIP Network Operations and Management Symposium-NOMS, 2012.
S. Marchal, J. François, C. Wagner, and T. Engel, "Semantic exploration of DNS," in IFIP/TC6 Networking 2012, Prague-Czech Republic, 2012.
S. Marchal, J. François, R. State, and T. Engel, "Semantic based DNS Forensics," in Workshop on Information Forensics and Security-WIFS, IEEE, Ed., Tenerife, Spain, 2012. [Online]. Available: Http://lorre.uni.lu/jerome/files/wifs12-semantic1.pdf
A. Le, A. Markopoulou, and M. Faloutsos, "Phishdef: Url names say it all," in INFOCOM. IEEE, 2011.
P. Prakash, M. Kumar, R. Kompella, and M. Gupta, "Phishnet: Predictive blacklisting to detect phishing attacks," in INFOCOM. IEEE, 2010.
D. Plonka and P. Barford, "Context-aware clustering of DNS query traffic," in Internet Measurement Conference (IMC). ACM SIGCOMM, 2008.