Stream-wise Detection of Surreptitious Traffic over DNS
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F14%3A00222722" target="_blank" >RIV/68407700:21240/14:00222722 - isvavai.cz</a>
Výsledek na webu
<a href="http://dx.doi.org/10.1109/CAMAD.2014.7033254" target="_blank" >http://dx.doi.org/10.1109/CAMAD.2014.7033254</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1109/CAMAD.2014.7033254" target="_blank" >10.1109/CAMAD.2014.7033254</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Stream-wise Detection of Surreptitious Traffic over DNS
Popis výsledku v původním jazyce
The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel
Název v anglickém jazyce
Stream-wise Detection of Surreptitious Traffic over DNS
Popis výsledku anglicky
The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
IN - Informatika
OECD FORD obor
—
Návaznosti výsledku
Projekt
—
Návaznosti
S - Specificky vyzkum na vysokych skolach
Ostatní
Rok uplatnění
2014
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) (CAMAD 2014)
ISBN
978-1-4799-5726-2
ISSN
—
e-ISSN
—
Počet stran výsledku
5
Strana od-do
300-304
Název nakladatele
IEEE Communications Society
Místo vydání
Pomona, California
Místo konání akce
Athens
Datum konání akce
1. 12. 2014
Typ akce podle státní příslušnosti
WRD - Celosvětová akce
Kód UT WoS článku
—