Abstract
In this paper we present an architecture for large scale DNS monitoring. The analysis of DNS traffic is becoming of first importance currently, as it allows to monitor the main part of the interactions on the Internet. DNS traffic can reveal anomalies such as worm infected hosts, botnets or spam participating hosts. The efficiency and the speed of detection of such anomalies rely on the capacity of DNS monitoring system to treat quickly huge quantity of data. We propose a system that leverages distributed processing and storage facilities.
Chapter PDF
Similar content being viewed by others
References
Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for dns. In: Proceedings of the 19th USENIX Conference on Security, pp. 18–18. USENIX Association, Berkeley (2010)
Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Finding malicious domains using passive dns analysis. In: 18th Annual Network & Distributed System Security Symposium, NDSS 2011, San Diego, California, USA, February 6-9 (2011)
Born, K., Gustafson, D.: Detecting dns tunnels using character frequency analysis. CoRR abs/1004.4358 (2010)
Dean, J., Ghemawat, S.: MapReduce: simplified data processing on large clusters. In: Symposium on Opearting Systems Design & Implementation (OSDI). USENIX Association (2004)
Hartigan, J.A., Wong, M.A.: A k-means clustering algorithm. Applied Statistics 28 (1979)
Lakshman, A., Malik, P.: Cassandra: structured storage system on a p2p network. In: Proceedings of the 28th ACM Symposium on Principles of Distributed Computing, PODC 2009, p. 5. ACM, New York (2009)
Lerner, R.M.: At the forge: Redis. Linux J. (September 2010), http://dl.acm.org/citation.cfm?id=1883519.1883524
Lin, J., Dyer, C.: Data-Intensive Text Processing with MapReduce (Synthesis Lectures on Human Language Technologies). Morgan and Claypool Publishers (2010)
Marchal, S., François, J., Wagner, C., State, R., Dulaunoy, A., Engel, T., Festor, O.: DNSSM: A large scale passive DNS security monitoring framework. In: NOMS 2012 (2012)
Mockapetris, P.: Rfc 1034: Domain names - concepts and facilities (1987)
Mockapetris, P.: Rfc 1035: Domain names - implementation and specification (1987)
Perdisci, R., Corona, I., Dagon, D., Lee, W.: Detecting malicious flux service networks through passive analysis of recursive dns traces. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 311–320. IEEE Computer Society, Washington, DC (2009)
Plonka, D., Barford, P.: Context-aware clustering of dns query traffic. In: Internet Measurement Comference 2008, pp. 217–230 (2008)
Weimer, F.: Passive dns replication (2005)
White, T.: Hadoop: The Definitive Guide. O’Reilly Media (June 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 IFIP International Federation for Information Processing
About this paper
Cite this paper
Marchal, S., Engel, T. (2012). Large Scale DNS Analysis. In: Sadre, R., Novotný, J., Čeleda, P., Waldburger, M., Stiller, B. (eds) Dependable Networks and Services. AIMS 2012. Lecture Notes in Computer Science, vol 7279. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-30633-4_20
Download citation
DOI: https://doi.org/10.1007/978-3-642-30633-4_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-30632-7
Online ISBN: 978-3-642-30633-4
eBook Packages: Computer ScienceComputer Science (R0)