Dolberg, Lautaro ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
François, Jérôme ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Engel, Thomas ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
External co-authors :
yes
Language :
English
Title :
Multi-dimensional Aggregation for DNS Monitoring'
Publication date :
November 2013
Event name :
26TH LARGE INSTALLATION SYSTEM ADMINISTRATION CONFERENCE (LISA '12)
Event place :
Washington, D.C., United States
Event date :
November 3–8, 2013
By request :
Yes
Journal title :
Proceedings of the 26th Large Installation System Administration Conference (LISA 12)
P. Mockapetris, "RFC 1035: Domain Names-Implementation and Specification," 1987.
N. Alexiou, S. Basagiannis, P. Katsaros, T. Dashpande, and S. A. Smolka, "Formal analysis of the kaminsky DNS cache-poisoning attack using probabilistic model checking," in International Symposium on High-Assurance Systems Engineering (HASE). IEEE, 2010.
D. Atkins and R. Austein, "RFC 3833: Threat Analysis of the DNS," 2004.
J. François, S. Wang, R. State, and T. Engel, "Bottrack: Tracking botnets using netflow and pagerank," in NETWORKING 2011. Springer Berlin Heidelberg, 2011, pp. 1-14.
T. Holz, C. Gorecki, K. Rieck, and F. C. Freiling, "Measuring and detecting fast-flux service networks," in Network and Distributed System Security Symposium (NDSS), 2008.
S. Marchal, J. François, R. State, and T. Engel, "Proactive discovery of phishing related domain names," in Recent Advances in Intrusion Detection, ser. LNCS. Springer, 2012. [Online]. Available: Http://lorre.uni.lu/jerome/files/raid12.pdf
S. Hao, N. Feamster, and R. Pandrangi, "Monitoring the initial DNS behavior of malicious domains," in ACM SIGCOMM Internet Measurement Conference (IMC). New York, NY, USA: ACM, 2011.
L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, "Exposure: Finding malicious domains using passive dns analysis," in Network and Distributed System Security Symposium-NDSS, 2011.
C. Wagner, G. Wagener, R. State, and T. Engel, "Malware analysis with graph kernels and support vector machines," in Malicious and Unwanted Software (MALWARE), 2009 4th International Conference on. IEEE, 2009, pp. 63-68.
J. Koziol, Intrusion Detection with Snort. Sams, 2003.
F. Simmross-Wattenberg, J. Asensio-Perez, P. Casaseca-de-la Higuera, M. Martin-Fernandez, I. Dimitriadis, and C. Alberola-Lopez, "Anomaly detection in network traffic based on statistical inference and alpha-stable modeling," Dependable and Secure Computing, IEEE Transactions on, vol. 8, no. 4, 2011.
H. J. Abdelnur, R. State, and O. Festor, "Advanced network fingerprinting," in Recent Advances in Intrusion Detection. Springer Berlin Heidelberg, 2008, pp. 372-389.
R. Perdisci, I. Corona, and G. Giacinto, "Early detection of malicious flux networks via large-scale passive DNS traffic analysis," Transactions on Dependable and Secure Computing, pp. 714-726, 2012.
S. Marchal, J. François, C. Wagner, R. State, A. Dulaunoy, T. Engel, and O. Festor, "DNSSM: A large-scale Passive DNS Security Monitoring Framework," in IEEE/IFIP Network Operations and Management Symposium, 2012.
L. Dolberg, J. Francois, and T. Engel, "Efficient multidimensional aggregation for large scale monitoring," in Large Installation System Administration Conference (USENIX LISA). [Online]. Available: Http://lorre.uni.lu/jerome/files/lisapaperMAM.pdf
E. Passerini, R. Paleari, L. Martignoni, and D. Bruschi, "Fluxor: Detecting and monitoring fast-flux service networks," in International conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 2008.
G. C. Moreira Moura, R. Sadre, A. Sperotto, and A. Pras, "Internet bad neighborhoods aggregation," in IEEE/IFIP Network Operations and Management Symposium (NOMS 2012), April 2012.
F. Weimer, "Passive DNS replication," 2005.
A. Berger and E. Natale, "Assessing the real-world dynamics of DNS," in International conference on Traffic Monitoring and Analysis (TMA). Springer, 2012.
C. Wagner, J. François, T. Engel et al., "Danak: Finding the odd!" in International Conference on Network and System Security (NSS). IEEE, 2011.
B. Zdrnja, N. Brownlee, and D. Wessels, "Passive monitoring of DNS anomalies," in International conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). Springer, 2007.
R. Perdisci, I. Corona, D. Dagon, and W. Lee, "Detecting malicious flux service networks through passive analysis of recursive DNS traces," in Annual Computer Security Applications Conference (ACSAC), 2009.
M. Felegyhazi, C. Kreibich, and V. Paxson, "On the potential of proactive domain blacklisting," in Conference on Large-scale exploits and emergent threats: Botnets, spyware, worms, and more. USENIX, 2010.
M. Antonakakis, D. Dagon, X. Luo, R. Perdisci, W. Lee, and J. Bellmor, "A centralized monitoring infrastructure for improving DNS security," in Recent Advances in Intrusion Detection, ser. LNCS. Springer, 2010.
H.-T. Lin, Y.-Y. Lin, and J.-W. Chiang, "Genetic-based real-time fastflux service networks detection," Computer Networks, vol. 57, no. 2, pp. 501-513, 2013.
M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou, II, and D. Dagon, "Detecting malware domains at the upper DNS hierarchy," in USENIX Security, 2011.
H. Choi and H. Lee, "Identifying botnets by capturing group activities in DNS traffic," Comput. Netw., vol. 56, no. 1, pp. 20-33, Jan. 2012.
L. Deri, L. L. Trombacchi, M. Martinelli, and D. Vannozzi, "Towards a passive DNS monitoring system," in Symposium on Applied Computing (SAC). ACM, 2012.
K. Born and D. Gustafson, "Detecting dns tunnels using character frequency analysis," Arxiv preprint arXiv:1004.4358, 2010.
S. Yadav, Reddy, A.K.K., Reddy, AL, and S. Ranjan, "Detecting algorithmically generated malicious domain names," in ACM SIGCOMM Internet Measurement Conference (IMC). ACM, 2010.
C. Wagner, J. François, R. State, T. Engel, A. Dulaunoy, and G. Wagener, "SDBF: Smart DNS Brute-Forcer," in IEEE/IFIP Network Operations and Management Symposium-NOMS, 2012.
S. Marchal, J. François, C. Wagner, and T. Engel, "Semantic exploration of DNS," in IFIP/TC6 Networking 2012, Prague-Czech Republic, 2012.
S. Marchal, J. François, R. State, and T. Engel, "Semantic based DNS Forensics," in Workshop on Information Forensics and Security-WIFS, IEEE, Ed., Tenerife, Spain, 2012. [Online]. Available: Http://lorre.uni.lu/jerome/files/wifs12-semantic1.pdf
A. Le, A. Markopoulou, and M. Faloutsos, "Phishdef: Url names say it all," in INFOCOM. IEEE, 2011.
P. Prakash, M. Kumar, R. Kompella, and M. Gupta, "Phishnet: Predictive blacklisting to detect phishing attacks," in INFOCOM. IEEE, 2010.
D. Plonka and P. Barford, "Context-aware clustering of DNS query traffic," in Internet Measurement Conference (IMC). ACM SIGCOMM, 2008.