Skip to main content
Conference Proceedings

Tracking anomalous behaviors of name servers by mining DNS traffic

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2006) 4331 LNCS 351-357
DOI: 10.1007/11942634_37
14Citations
Citations of this article
11Readers
Mendeley users who have this article in their library.
Get full text

Abstract

This paper seeks to quantitatively understand the nature of the current threat towards the common name servers. A new tracking technique based on statistical model is proposed to locate the anomalous name servers by analyzing the real-world DNS traffic. After summarizing the attacks towards DNS, the detection method based on associative feature analysis is presented. Experiments are conducted which highlighting both the payload anomaly and the data flow anomaly, and the experimental results reveal the efficiency of our method in detecting the anomalous behaviors of name servers. © Springer-Verlag 2006.

Cite

CITATION STYLE

APA

Wang, Y., Hu, M. Z., Li, B., & Yan, B. R. (2006). Tracking anomalous behaviors of name servers by mining DNS traffic. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4331 LNCS, pp. 351–357). https://doi.org/10.1007/11942634_37

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free