Other formats:
BibTeX
LaTeX
RIS
@inproceedings{16889,
author = {Čermák, Milan and Čeleda, Pavel and Vykopal, Jan},
address = {Heidelberg},
booktitle = {Advances in Communication Networking, Lecture Notes in Computer Science, Vol. 8846},
keywords = {domain name system; DNS; IP flow monitoring; IPFIX; traffic anomaly detection; internet measurements},
howpublished = {tištěná verze "print"},
language = {eng},
location = {Heidelberg},
isbn = {978-3-319-13487-1},
pages = {215-226},
publisher = {Springer International Publishing},
title = {Detection of DNS Traffic Anomalies in Large Networks},
url = {http://dx.doi.org/10.1007/978-3-319-13488-8_20},
year = {2014}
}
TY - JOUR
ID - 16889
AU - Čermák, Milan - Čeleda, Pavel - Vykopal, Jan
PY - 2014
TI - Detection of DNS Traffic Anomalies in Large Networks
PB - Springer International Publishing
CY - Heidelberg
SN - 9783319134871
KW - domain name system
KW - DNS
KW - IP flow monitoring
KW - IPFIX
KW - traffic anomaly detection
KW - internet measurements
UR - http://dx.doi.org/10.1007/978-3-319-13488-8_20
N2 - Almost every Internet communication is preceded by a translation of a DNS name to an IP address. Therefore monitoring of DNS traffic can effectively extend capabilities of current methods for network traffic anomaly detection. In order to effectively monitor this traffic, we propose a new flow metering algorithm that saves resources of a flow exporter. Next, to show benefits of the DNS traffic monitoring for anomaly detection, we introduce novel detection methods using DNS extended flows. The evaluation of these methods shows that our approach not only reveals DNS anomalies but also scales well in a campus network.
ER -
ČERMÁK, Milan, Pavel ČELEDA and Jan VYKOPAL. Detection of DNS Traffic Anomalies in Large Networks. In \textit{Advances in Communication Networking, Lecture Notes in Computer Science, Vol. 8846}. Heidelberg: Springer International Publishing, 2014, p.~215-226. ISBN~978-3-319-13487-1.
|
