loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Paper Unlock

Authors: Wenbo Wang 1 ; Tianning Zang 2 and Yuqing Lan 1

Affiliations: 1 School of Computer Science and Engineering and Beihang University, China ; 2 National Internet Emergency Center, China

Keyword(s): DNS, Amplification Attack, Random Subdomain Attack, Domain Generation Algorithm, Malicious Domain Name.

Abstract: The network traffic is filled with numerous malicious requests, most of which is generated by amplified at-tacks, random subdomain name attacks and botnets. Through using DNS traffic for malicious behavior anal-ysis, we often need to test each domain alone. Besides, the amount of data is very large and simple filtering cannot quickly reduce the need to detect the number of domain names. As a result, it takes a lot of time to calculate on the premise of limited resources. Therefore, this paper introduces a extraction scheme for DNS traffic. We designed a simple and efficient method for extracting three kinds of attack traffic with the largest proportion of traffic. Besides, the method of statistics and classification was used to deal with all the traffic. We implemented a prototype system and evaluated it on real-world DNS traffic. In the meanwhile, as the recall rate reached almost 100%, the number of secondary domain names to be detected was reduced to 8% of the original quantity, a nd the DNS record to be detected was reduced to 1% of the original number. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 35.175.174.36

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Wang, W.; Zang, T. and Lan, Y. (2018). The Rapid Extraction of Suspicious Traffic from Passive DNS. In Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP; ISBN 978-989-758-282-0; ISSN 2184-4356, SciTePress, pages 190-198. DOI: 10.5220/0006543401900198

@conference{icissp18,
author={Wenbo Wang. and Tianning Zang. and Yuqing Lan.},
title={The Rapid Extraction of Suspicious Traffic from Passive DNS},
booktitle={Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP},
year={2018},
pages={190-198},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006543401900198},
isbn={978-989-758-282-0},
issn={2184-4356},
}

TY - CONF

JO - Proceedings of the 4th International Conference on Information Systems Security and Privacy - ICISSP
TI - The Rapid Extraction of Suspicious Traffic from Passive DNS
SN - 978-989-758-282-0
IS - 2184-4356
AU - Wang, W.
AU - Zang, T.
AU - Lan, Y.
PY - 2018
SP - 190
EP - 198
DO - 10.5220/0006543401900198
PB - SciTePress