Abstract
There exists a significant number of domains that have frequently switched their name servers for several reasons. In this work, we delved into the analysis of name-server switching behavior and presented a novel identifier called “NS-Switching Footprint” (NSSF) that can be used to cluster domains, enabling us to detect domains with suspicious behavior. We also designed a model that represents a time series, which could be used to predict the number of name servers that a domain will interact with. We performed the experiments with the dataset that captured all.com and.net zone changing transactions (i.e., adding or deleting name servers for domains) from March 28 to June 27, 2013.
Cite
CITATION STYLE
Mohaisen, A., Bhuiyan, M., & Labrou, Y. (2015). Name server switching: Anomaly signatures, usage, clustering, and prediction. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 8909, pp. 202–215). Springer Verlag. https://doi.org/10.1007/978-3-319-15087-1_16
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
