2014
DNSAnomDet
ČERMÁK, MilanBasic information
Original name
DNSAnomDet
Authors
ČERMÁK, Milan
Edition
2014
Other information
Language
English
Type of outcome
Software
Field of Study
Informatics
Country of publisher
Czech Republic
Confidentiality degree
is not subject to a state or trade secret
Organization
Ústav výpočetní techniky – Repository – Repository
Keywords in English
DNS; anomaly; detection; amplification attack; cybersquatting; open resolver; malware domains; tunneling
Technical parameters
Odpovědná osoba: Milan Čermák, Masarykova univerzita, Ústav výpočetní techniky, Botanická 68a, 602 00 Brno, tel.: +420 549 49 7140, e-mail: cermak@ics.muni.cz.
Changed: 1/9/2020 17:44, RNDr. Daniel Jakubík
Abstract
In the original language
DNSAnomDet is a suite of scripts that automate detection of DNS traffic anomalies, using IP flows in the IPFIX format extended by information from DNS packets. Scripts focus on detection of cybersquatting, DNS amplification attacks, open DNS resolvers, malware domain queries, and DNS tunneling detection.
