The Rapid Extraction of Suspicious Traffic from Passive DNS

Wenbo Wang, Tianning Zang, Yuqing Lan

Abstract

The network traffic is filled with numerous malicious requests, most of which is generated by amplified at-tacks, random subdomain name attacks and botnets. Through using DNS traffic for malicious behavior anal-ysis, we often need to test each domain alone. Besides, the amount of data is very large and simple filtering cannot quickly reduce the need to detect the number of domain names. As a result, it takes a lot of time to calculate on the premise of limited resources. Therefore, this paper introduces a extraction scheme for DNS traffic. We designed a simple and efficient method for extracting three kinds of attack traffic with the largest proportion of traffic. Besides, the method of statistics and classification was used to deal with all the traffic. We implemented a prototype system and evaluated it on real-world DNS traffic. In the meanwhile, as the recall rate reached almost 100%, the number of secondary domain names to be detected was reduced to 8% of the original quantity, and the DNS record to be detected was reduced to 1% of the original number.

Download


Paper Citation


in Harvard Style

Wang W., Zang T. and Lan Y. (2018). The Rapid Extraction of Suspicious Traffic from Passive DNS.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 190-198. DOI: 10.5220/0006543401900198


in Bibtex Style

@conference{icissp18,
author={Wenbo Wang and Tianning Zang and Yuqing Lan},
title={The Rapid Extraction of Suspicious Traffic from Passive DNS},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,},
year={2018},
pages={190-198},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006543401900198},
isbn={978-989-758-282-0},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,
TI - The Rapid Extraction of Suspicious Traffic from Passive DNS
SN - 978-989-758-282-0
AU - Wang W.
AU - Zang T.
AU - Lan Y.
PY - 2018
SP - 190
EP - 198
DO - 10.5220/0006543401900198