Publication details

Detection of DNS Traffic Anomalies in Large Networks



Type Article in Proceedings
Conference Advances in Communication Networking, Lecture Notes in Computer Science, Vol. 8846
MU Faculty or unit

Institute of Computer Science

Field Informatics
Keywords domain name system; DNS; IP flow monitoring; IPFIX; traffic anomaly detection; internet measurements
Attached files
Description Almost every Internet communication is preceded by a translation of a DNS name to an IP address. Therefore monitoring of DNS traffic can effectively extend capabilities of current methods for network traffic anomaly detection. In order to effectively monitor this traffic, we propose a new flow metering algorithm that saves resources of a flow exporter. Next, to show benefits of the DNS traffic monitoring for anomaly detection, we introduce novel detection methods using DNS extended flows. The evaluation of these methods shows that our approach not only reveals DNS anomalies but also scales well in a campus network.
Related projects: