Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network

被引:1
作者
Ashok, Aravind [1 ]
Poornachandran, Prabaharan [1 ]
Pal, Soumajit [1 ]
Sankar, Prem [1 ]
Surendran, K. [1 ]
机构
[1] Amrita Univ, Amrita Vishwa Vidyapeetham, Amrita Ctr Cyber Secur Syst & Networks, Amritapuri Campus, Kollam, Kerala, India
关键词
Domain Name System; anomaly detection; knowledge base; hit analysis; dynamic reputation;
D O I
10.3233/JIFS-169233
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
Anomalous traffics are those unusual and colossal hits a non-popular domain gets for a small epoch period in a day. Regardless of whether these anomalies are malicious or not, it is important to analyze them as they might have a dramatic impact on a customer or an end user. Identifying these traffic anomalies is a challenge, as it requires mining and identifying patterns among huge volume of data. In this paper, we provide a statistical and dynamic reputation based approach to identify unpopular domains receiving huge volumes of traffic within a short period of time. Our aim is to develop and deploy a lightweight framework in a monitored network capable of analyzing DNS traffic and provide early warning alerts regarding domains receiving unusual hits to reduce the collateral damage faced by an end-user or customer. The authors have employed statistical analysis, supervised learning and ensemble based dynamic reputation of domains, IP addresses and name servers to distinguish benign and abnormal domains with very low false positives.
引用
收藏
页码:2901 / 2907
页数:7
相关论文
共 27 条
[1]   Wavelet analysis of long-range-dependent traffic [J].
Abry, P ;
Veitch, D .
IEEE TRANSACTIONS ON INFORMATION THEORY, 1998, 44 (01) :2-15
[2]  
[Anonymous], 1999, LISA
[3]  
Antonakakis M, 2010, USENIX SEC S
[4]  
Balduzzi, 2011, EXPOSURE FINDING MAL
[5]  
Barford P., 2002, P 2 ACM SIGCOMM WORK
[6]  
Barford P., 2001, P 1 ACCM SIGCOMM WOR
[7]  
Caceres R., 1989, Measurements of Wide-Area Internet Traffic
[8]  
Claffy K., 1993, TRCS93328 UCSD
[9]   A Few Investigations of Long-Range Dependence in Network Traffic [J].
Domanska, Joanna ;
Domanska, Adam ;
Czachorski, Tadeusz .
INFORMATION SCIENCES AND SYSTEMS 2014, 2014, :137-144
[10]  
Drazin S., 2012, Machine Learning-Project II, P1