Name Server Switching: Anomaly Signatures, Usage, Clustering, and Prediction
نویسندگان
چکیده
There exists a significant number of domains that have frequently switched their name servers for several reasons. In this work, we delved into the analysis of name-server switching behavior and presented a novel identifier called “NS-Switching Footprint” (NSSF) that can be used to cluster domains, enabling us to detect domains with suspicious behavior. We also designed a model that represents a time series, which could be used to predict the number of name servers that a domain will interact with. We performed the experiments with the dataset that captured all .com and .net zone changing transactions (i.e., adding or deleting name servers for domains) from March 28 to June 27, 2013.
منابع مشابه
Anomaly detection of domain name system (DNS) query traffic at top level domain servers
Major network events can be reflected on domain name system (DNS) traffic at the top level server on the DNS hierarchical structure. This paper pursues a novel approach to detect the DNS traffic anomaly of 5.19 events in China at CN top level domain server using covariance analysis. We normalize, expand and average the covariance changes for different length of time slice to enhance the robustn...
متن کاملDNS Usage Mining Based on Clustering Analysis of Co-occurrence Patterns: Methods and Applications
The principal goal of DNS usage mining is the discovery and analysis of patterns in the query behavior of DNS users. In this paper, we develop a unified framework for DNS usage mining based on Clustering analysis of cooccurrence data derived from DNS server query data. Through transforming the raw query data into co-occurrence matrix, some clustering approaches and probabilistic inferences can ...
متن کاملA Survey on Web Page Prediction and Prefetching Models
this paper performs a survey on Web Page Prediction and Prefetching Methods. Prediction and Prefetching methods of Web page have been widely used to reduce the access latency problem on the networks. If Prediction and Prefetching of Web page are not accurate and Prefetched web pages are not visited by the users in their accesses, which mean it is totally wastage of time and bandwidth of network...
متن کاملSpeedy Signature Based Intrusion Detection System Using Finite State Machine and Hashing Techniques
This paper proposes a secure system designs for clientserver based communication systems. In this system, security services are implemented on server, as generally data received on the servers contains malicious contents. The technique that we used is to perform speedy intrusive signature matching received inside a network with the known signatures from the training database. Probable intrusive...
متن کاملDeep Convolutional Neural Networks for Anomaly Event Classification on Distributed Systems
The increasing popularity of server usage has brought a plenty of anomaly log events, which have threatened a vast collection of machines. Recognizing and categorizing the anomalous events thereby is a much salient work for our systems, especially the ones generate the massive amount of data and harness it for technology value creation and business development. To assist in focusing on the clas...
متن کامل