A New Statistical Approach to DNS Traffic Anomaly Detection
文献类型:会议论文
| 作者 | 尉迟学彪 |
| 出版日期 | 2010 |
| 会议名称 | Advanced Data Mining and Applications |
| 会议日期 | 2010 |
| 中文摘要 | In this paper, we describe a new statistical approach to detect traffic anomalies in the Domain Name System (DNS). By analyzing real-world DNS traffic data collected at some large DNS servers both authoritative and local, we find that normally the DNS traffic follows Heap’s law in dual ways. Then we utilize these findings to characterize DNS traffic properties under normal network conditions. Based on these properties, we make estimations for the traffic of forthcoming. If the forthcoming traffic actually varies a lot with our estimations, then we can infer that some anomaly happens. Our approach is simple enough and can work in real-time. Experiments on both real and simulated DNS traffic anomalies show that our approach can detect most of the common anomalies in DNS traffic effectively. |
| 收录类别 | EI收录 |
| 会议录 | Advanced Data Mining and Applications
 |
| 学科主题 | 计算机软件 |
| 语种 | 中文 |
| 源URL | [http://ircnic.ac.cn/handle/311056/1789]  |
| 专题 | 计算机网络信息中心_中国科学院计算机网络信息中心(2012年前)_会议论文 |
| 推荐引用方式 GB/T 7714 | 尉迟学彪. A New Statistical Approach to DNS Traffic Anomaly Detection[C]. 见:Advanced Data Mining and Applications. 2010. |
入库方式: OAI收割
来源:计算机网络信息中心
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。