| Paper Abstract and Keywords |
| Presentation |
2005-09-16 09:00
Detecting Mass-mailing Worm with DNS Traffic Monitoring
Keisuke Ishibashi, Tsuyoshi Toyono, Katsuyasu Toyama (NTT) |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
is often difficult to determine whether a DNS query is caused by malicious or normal activity, because
information available in DNS traffic is limited. We focus on the activities of mass-mailing worms and propose a
method to detect hosts infected by mass-mailing worms by mining DNS traffic data. Our method begins with a
small amount of a priori knowledge about a signature query. By assuming that queries sent by most hosts that
have sent the signature query of worms have been sent by worm behavior, we detect infected hosts using Bayesian
estimation. We apply our method to DNS traffic data and the experimental result indicates that an 89% reduction
of mail exchange queries can be achieved with the method. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
DNS / Mass-mailing worm / Bayesian estimation / / / / / |
| Reference Info. |
IEICE Tech. Rep., vol. 105, no. 279, IN2005-69, pp. 49-54, Sept. 2005. |
| Paper # |
IN2005-69 |
| Date of Issue |
2005-09-08 (IN) |
| ISSN |
Print edition: ISSN 0913-5685 |
| Download PDF |
|
| Conference Information |
| Committee |
CS IN NS |
| Conference Date |
2005-09-15 - 2005-09-16 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
Tohoku Univ. |
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
Active Network, IP-VPN, Network Security, High Speed Network, P2P Communication, Network Software, and Others |
| Paper Information |
| Registration To |
IN |
| Conference Code |
2005-09-CS-IN-NS |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Detecting Mass-mailing Worm with DNS Traffic Monitoring |
| Sub Title (in English) |
|
| Keyword(1) |
DNS |
| Keyword(2) |
Mass-mailing worm |
| Keyword(3) |
Bayesian estimation |
| Keyword(4) |
|
| Keyword(5) |
|
| Keyword(6) |
|
| Keyword(7) |
|
| Keyword(8) |
|
| 1st Author's Name |
Keisuke Ishibashi |
| 1st Author's Affiliation |
Nihon Telephone and Telegraph (NTT) |
| 2nd Author's Name |
Tsuyoshi Toyono |
| 2nd Author's Affiliation |
Nihon Telephone and Telegraph (NTT) |
| 3rd Author's Name |
Katsuyasu Toyama |
| 3rd Author's Affiliation |
Nihon Telephone and Telegraph (NTT) |
| 4th Author's Name |
|
| 4th Author's Affiliation |
() |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| Speaker |
Author-1 |
| Date Time |
2005-09-16 09:00:00 |
| Presentation Time |
25 minutes |
| Registration for |
IN |
| Paper # |
IN2005-69 |
| Volume (vol) |
vol.105 |
| Number (no) |
no.279 |
| Page |
pp.49-54 |
| #Pages |
6 |
| Date of Issue |
2005-09-08 (IN) |