2010 | OriginalPaper | Buchkapitel
A New Statistical Approach to DNS Traffic Anomaly Detection
verfasst von : Xuebiao Yuchi, Xin Wang, Xiaodong Lee, Baoping Yan
Erschienen in: Advanced Data Mining and Applications
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In this paper, we describe a new statistical approach to detect traffic anomalies in the Domain Name System (DNS). By analyzing real-world DNS traffic data collected at some large DNS servers both authoritative and local, we find that normally the DNS traffic follows Heap’s law in dual ways. Then we utilize these findings to characterize DNS traffic properties under normal network conditions. Based on these properties, we make estimations for the traffic of forthcoming. If the forthcoming traffic actually varies a lot with our estimations, then we can infer that some anomaly happens. Our approach is simple enough and can work in real-time. Experiments on both real and simulated DNS traffic anomalies show that our approach can detect most of the common anomalies in DNS traffic effectively.