| Presentation | 2011-03-01 Classifying DNS heavy hitter by using hierarchical aggregated entropy Keisuke ISHIBASHI, Kazumichi SATO, Haruhiko NISHIDA, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | We introduce the notion of hierarchical aggregate entropy and apply it to identify DNS client hosts that wastefully consume server resources. Entropy of DNS query traffic can capture client query patterns, e.g., the concentration of queries to a specific domain or dispersion to a large domain name space. We calculated the hierarchical aggregate entropies for actual DNS heavy-hitters and observed that the entropies of normal heavy-hitters were concentrated in a specific range. On the basis of this observation, we adopt the support vector machine method to identify the range and to classify DNS heavy-hitters as anomalous or normal. It is shown that with hierarchical aggregate entropy, classification error was halved compared to non-hierarchical entropies. In addition, we analyzed time series variation of the component ratio of heavy-hitters and found a sudden increase of normal heavy-hitters between Mar. and Oct. 2009. We confirmed that one of the major reasons for the increase was the implementation of DNS prefetch in a popular Web browser. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DNS / entropy / prefetch |
| Paper # | SITE2010-67,IA2010-103 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2011/2/21(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | ENG |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Classifying DNS heavy hitter by using hierarchical aggregated entropy |
| Sub Title (in English) | |
| Keyword(1) | DNS |
| Keyword(2) | entropy |
| Keyword(3) | prefetch |
| 1st Author's Name | Keisuke ISHIBASHI |
| 1st Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation() |
| 2nd Author's Name | Kazumichi SATO |
| 2nd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| 3rd Author's Name | Haruhiko NISHIDA |
| 3rd Author's Affiliation | NTT Information Sharing Platform Laboratories, NTT Corporation |
| Date | 2011-03-01 |
| Paper # | SITE2010-67,IA2010-103 |
| Volume (vol) | vol.110 |
| Number (no) | 430 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |