| Presentation | 2008-09-11 Anomaly Client Detection by Monitoring DNS Server Traffic Akira YAMADA, Yutaka MIYAKE, Masahiro TERABE, Kazuo HASHIMOTO, Nei KATO, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | Most protocols, such as HTTP or SMTP are based on the Domain Name System (DNS) as the name resolution. Because these clients need to resolve names during the protocol sequence, it is possible to observe the behavior of the clients by monitoring DNS without the sequences. The previous works cannot support an ISP-scale network that has more clients than LAN. In this paper, we propose an anomaly detection that targets on DNS severs that have a large number of clients. In order to reduce computational cost, the proposed system selects clients that potentially cause anomalies by heavy hitter detection algorithm. We evaluate the proposed system using DNS traffic for 6 months, and show the system can detects several anomalies, such as mass-mailing clients and miss-configured DNS servers. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DNS / ISP / Anomaly Detection / Client / SPAM |
| Paper # | NS2008-44 |
| Date of Issue |
| Conference Information | |
| Committee | NS |
|---|---|
| Conference Date | 2008/9/4(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Network Systems(NS) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Anomaly Client Detection by Monitoring DNS Server Traffic |
| Sub Title (in English) | |
| Keyword(1) | DNS |
| Keyword(2) | ISP |
| Keyword(3) | Anomaly Detection |
| Keyword(4) | Client |
| Keyword(5) | SPAM |
| 1st Author's Name | Akira YAMADA |
| 1st Author's Affiliation | KDDI R & D Laboratories Inc.:Graduate School of Information Sciences, Tohoku University() |
| 2nd Author's Name | Yutaka MIYAKE |
| 2nd Author's Affiliation | KDDI R & D Laboratories Inc. |
| 3rd Author's Name | Masahiro TERABE |
| 3rd Author's Affiliation | Graduate School of Information Sciences, Tohoku University |
| 4th Author's Name | Kazuo HASHIMOTO |
| 4th Author's Affiliation | Graduate School of Information Sciences, Tohoku University |
| 5th Author's Name | Nei KATO |
| 5th Author's Affiliation | Graduate School of Information Sciences, Tohoku University |
| Date | 2008-09-11 |
| Paper # | NS2008-44 |
| Volume (vol) | vol.108 |
| Number (no) | 203 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |