Identification of abnormal DNS traffic with Hurst parameter
نویسندگان
چکیده
منابع مشابه
Detecting Botnet Activities Based on Abnormal DNS traffic
The botnet is considered as a critical issue of the Internet due to its fast growing mechanism and affect. Recently, Botnets have utilized the DNS and query DNS server just like any legitimate hosts. In this case, it is difficult to distinguish between the legitimate DNS traffic and illegitimate DNS traffic. It is important to build a suitable solution for botnet detection in the DNS traffic an...
متن کاملAnalyzing Root DNS Traffic
DNS servers often fail or have bad implementations of algorithms that decrease the efficiency of the DNS system. We introduce a method for clustering misconfigured DNS sources. Using machine learning methods, we analyzed 24 hours of DNS requests that were collected on the A-root DNS server. The 50 gigabyte data set was a log containing 10-40 million requests per hour. We selected the hour of 1:...
متن کاملHigh-Speed Calculation Method of the Hurst Parameter Based on Real Traffic
Recent studies on traffic measurement analysis in the various networks have shown that packet traffic exhibits Long Range Dependent properties called Self-Similarity. Some papers reported that Self-Similarity degrades the network performance, such as buffer overflow. Thus, we need new network control considering Self-Similar properties. Network control considering the Self-Similarity requires h...
متن کاملSecurity Monitoring of DNS traffic
The Domain Name System (DNS) is a critical part of the Internet. This paper analyzes methods for passive DNS replication and describes the replication setup at the University of Auckland. Analysis of the replicated DNS traffic showed great dependency of collaborative anti-spam tools on the DNS. These tools also put a great burden on the DNS. This paper discusses analyzed anomalies in the replic...
متن کاملA Novel Approach to the Estimation of the Hurst Parameter in Self-Similar Traffic
We present a new method to estimate the Hurst parameter of the increment process in network traffic – a process that is assumed to be self-similar. The confidence intervals and biasedness are obtained for the estimates using the new method. This new method is then applied to pseudo-random data and to real traffic data. We compare the performance of the new method to that of the widely-used wave...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Balkan Journal of Electrical and Computer Engineering
سال: 2018
ISSN: 2147-284X
DOI: 10.17694/bajece.435230