DNS Monitoring, looking out for anomalies using the time frame Name – IP association

Lautaro Dolberg, Interdisciplinary Centre for Security, Reliability and Trust (SnT), Université du Luxembourg
Jeudi 09 octobre 2014 à 10h, salle 25-26/101
DNS is an essential service in the Internet as it allows to translate human language based domain names into IP addresses. DNS traffic reflects the user activities and behaviours  It is thus a helpful source of information in the context of large scale network monitoring. In particular, passive DNS monitoring garnered much interest for the security perspectives by highlighting the services the machines want to access. I’m going to show a method for assessing the dynamics of the match between DNS names and IP subnetworks using an efficient aggregating scheme combined with relevant steadiness metrics. The evaluation relies on real data collected over several months and is able to detect anomalies related to malicious domains.
This entry was posted in Events