Skip to main content

Assessing the Real-World Dynamics of DNS

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNCCN,volume 7189)

Abstract

The DNS infrastructure is a key component of the Internet and is thus used by a multitude of services, both legitimate and malicious. Recently, several works demonstrated that malicious DNS activity usually exhibits observable dynamics that may be exploited for detection and mitigation. Clearly, reliable differentiation requires legitimate activity to not show these dynamics. In this paper, we show that this is often not the case, and propose a set of DNS stability metrics that help to efficiently categorize the DNS activity of a diverse set of Internet sites.

Keywords

  • Stable Mapping
  • Bloom Filter
  • Domain Name System
  • Malicious Activity
  • Content Distribution Network

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (Canada)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (Canada)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Proc. of USENIX Security, Berkeley, CA (2010)

    Google Scholar 

  2. Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N., Dagon, D.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Security, Berkeley, CA (2011)

    Google Scholar 

  3. Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: Finding malicious domains using passive DNS analysis. In: Proc. of NDSS, San Diego, CA (2011)

    Google Scholar 

  4. Bloom, B.H.: Space/Time trade-offs in hash coding with allowable errors. Communications of the ACM 13, 422–426 (1970)

    CrossRef  MATH  Google Scholar 

  5. Hao, S., Feamster, N., Pandrangi, R.: An internet wide view into DNS lookup patterns. Tech. rep., VeriSign Incorporated (June 2010)

    Google Scholar 

  6. Hu, X., Knysz, M., Shin, K.G.: Measurement and analysis of global IP-usage patterns of fast-flux botnets. In: Proc. of INFOCOM, Shanghai, China, pp. 2633–2641 (April 2011)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Berger, A., Natale, E. (2012). Assessing the Real-World Dynamics of DNS. In: Pescapè, A., Salgarelli, L., Dimitropoulos, X. (eds) Traffic Monitoring and Analysis. TMA 2012. Lecture Notes in Computer Science, vol 7189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28534-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28534-9_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28533-2

  • Online ISBN: 978-3-642-28534-9

  • eBook Packages: Computer ScienceComputer Science (R0)