2010 | OriginalPaper | Chapter
A New Statistical Approach to DNS Traffic Anomaly Detection
Authors : Xuebiao Yuchi, Xin Wang, Xiaodong Lee, Baoping Yan
Published in: Advanced Data Mining and Applications
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
In this paper, we describe a new statistical approach to detect traffic anomalies in the Domain Name System (DNS). By analyzing real-world DNS traffic data collected at some large DNS servers both authoritative and local, we find that normally the DNS traffic follows Heap’s law in dual ways. Then we utilize these findings to characterize DNS traffic properties under normal network conditions. Based on these properties, we make estimations for the traffic of forthcoming. If the forthcoming traffic actually varies a lot with our estimations, then we can infer that some anomaly happens. Our approach is simple enough and can work in real-time. Experiments on both real and simulated DNS traffic anomalies show that our approach can detect most of the common anomalies in DNS traffic effectively.