DNS-based network anomaly detection and eradicating scheme

Chang-Sheng Chen*, Shang Rung Wang, Ta Chung Liu

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Nowadays, most Internet services are based on the working model that there will be some Domain Name System (DNS) [1] queries before the communication activities. Thus, for supporting DNS-based anomaly detection, the key problem is how to identify the clusters (sequences) of inappropriate DNS queries form the DNS traffic mixture that are directly generated or indirectly induced by internetworking hosts that are abnormal (i.e., including compromised and/or the original abusers). In this paper, we design and implement a DNS-based network anomalous detection and intrusion eradication scheme, combining the DNS-based anomaly detection and IEEE 802.1x-based authentication scheme for supporting the intrusion eradicating process.

Original languageEnglish
Pages (from-to)329-335
Number of pages7
JournalJournal of Internet Technology
Volume8
Issue number3
StatePublished - 1 Jul 2007

Keywords

  • DNS
  • IEEE 802. 1x
  • Intrusion detection
  • Intrusion eradication

Fingerprint Dive into the research topics of 'DNS-based network anomaly detection and eradicating scheme'. Together they form a unique fingerprint.

Cite this