Stream-wise Detection of Surreptitious Traffic over DNS

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F14%3A00222722" target="_blank" >RIV/68407700:21240/14:00222722 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1109/CAMAD.2014.7033254" target="_blank" >http://dx.doi.org/10.1109/CAMAD.2014.7033254</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/CAMAD.2014.7033254" target="_blank" >10.1109/CAMAD.2014.7033254</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Stream-wise Detection of Surreptitious Traffic over DNS

Popis výsledku v původním jazyce

The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel

Název v anglickém jazyce

Stream-wise Detection of Surreptitious Traffic over DNS

Popis výsledku anglicky

The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

—

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2014

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) (CAMAD 2014)

ISBN

978-1-4799-5726-2

ISSN

—

e-ISSN

—

Počet stran výsledku

5

Strana od-do

300-304

Název nakladatele

IEEE Communications Society

Místo vydání

Pomona, California

Místo konání akce

Athens

Datum konání akce

1. 12. 2014

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

—