Revealing User Behavior by Analyzing DNS Traffic

Abstract

The Domain Name System (DNS) is today a fundamental part of Internet’s working. Considering that Internet has grown in the last decades as part of human’s culture, user patterns regarding their behavior are present in the network data. As a consequence, some of these human behavior patterns are present as well in DNS data. With real data from the ‘.cl’ ccTLD, this work seeks to detect those human patterns by using Machine Learning techniques. As DNS traffic is described by a time series, particular and complex techniques have to be used in order to process the data and extract this information. The procedure that we apply in order to achieve this goal is divided in two stages. The first one consists of using clustering to group DNS domains basing on the similarity between their users’ activity. The second stage establishes a comparison between the obtained groups by using Association Rules. Finding human patterns in the data could be of high interest to researchers that analyze the human behavior regarding Internet’s usage. The procedure was able to detect some trends and patterns in the data that are discussed along with proper evaluation measures for further comparison.