Dolberg et al., 2013 - Google Patents
Multi-dimensional aggregation for dns monitoringDolberg et al., 2013
View PDF- Document ID
- 9057116407086966696
- Author
- Dolberg L
- François J
- Engel T
- Publication year
- Publication venue
- 38th Annual IEEE Conference on Local Computer Networks
External Links
Snippet
DNS is an essential service in the Internet as it allows to translate human language based domain names into IP addresses. DNS traffic reflects the user activities and behaviors. It is thus a helpful source of information in the context of large scale network monitoring. In …
- 238000004220 aggregation 0 title description 35
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L29/00—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents
- H04L29/12—Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/00 - H04L27/00 contains provisionally no documents characterised by the data terminal contains provisionally no documents
- H04L29/12009—Arrangements for addressing and naming in data networks
- H04L29/12047—Directories; name-to-address mapping
- H04L29/12056—Directories; name-to-address mapping involving standard directories and standard directory access protocols
- H04L29/12066—Directories; name-to-address mapping involving standard directories and standard directory access protocols using Domain Name System [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements or network protocols for addressing or naming
- H04L61/15—Directories; Name-to-address mapping
- H04L61/1505—Directories; Name-to-address mapping involving standard directories or standard directory access protocols
- H04L61/1511—Directories; Name-to-address mapping involving standard directories or standard directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network-specific arrangements or communication protocols supporting networked applications
- H04L67/10—Network-specific arrangements or communication protocols supporting networked applications in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/26—Monitoring arrangements; Testing arrangements
- H04L12/2602—Monitoring arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance or administration or management of packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing packet switching networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages
- H04L51/12—Arrangements for user-to-user messaging in packet-switching networks, e.g. e-mail or instant messages with filtering and selective blocking capabilities
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Torabi et al. | Detecting Internet abuse by analyzing passive DNS traffic: A survey of implemented systems | |
| Lever et al. | A lustrum of malware network communication: Evolution and insights | |
| Antonakakis et al. | Detecting malware domains at the upper {DNS} hierarchy | |
| Jiang et al. | Identifying suspicious activities through dns failure graph analysis | |
| Choi et al. | Identifying botnets by capturing group activities in DNS traffic | |
| US10185761B2 (en) | Domain classification based on domain name system (DNS) traffic | |
| US8260914B1 (en) | Detecting DNS fast-flux anomalies | |
| Yu | Distributed denial of service attack and defense | |
| US8856360B2 (en) | Automatically identifying dynamic internet protocol addresses | |
| Zhang et al. | A survey on latest botnet attack and defense | |
| Hao et al. | Monitoring the initial DNS behavior of malicious domains | |
| Chiba et al. | DomainProfiler: Discovering domain names abused in future | |
| US20140007238A1 (en) | Collective Threat Intelligence Gathering System | |
| Berger et al. | Mining agile DNS traffic using graph analysis for cybercrime detection | |
| Tajalizadehkhoob et al. | Apples, oranges and hosting providers: Heterogeneity and security in the hosting market | |
| Marchal et al. | DNSSM: A large scale passive DNS security monitoring framework | |
| Lin et al. | Genetic-based real-time fast-flux service networks detection | |
| Nadji et al. | Connected colors: Unveiling the structure of criminal networks | |
| Ma et al. | DNSRadar: Outsourcing malicious domain detection based on distributed cache-footprints | |
| Zhang et al. | Detecting and measuring security risks of hosting-based dangling domains | |
| Zang et al. | Identifying fast-flux botnet with AGD names at the upper DNS hierarchy | |
| Kumar et al. | A machine learning based approach to detect malicious fast flux networks | |
| Lagraa et al. | Deep mining port scans from darknet | |
| US12149422B2 (en) | Query prints (Qprints): telemetry-based similarity for DNS | |
| Mishsky et al. | A topology based flow model for computing domain reputation |