DNS-based network anomaly detection and eradicating scheme

Chang-Sheng Chen; Shang Rung Wang; Ta Chung Liu

DNS-based network anomaly detection and eradicating scheme

Chang-Sheng Chen^*, Shang Rung Wang, Ta Chung Liu

^*Corresponding author for this work

Center for Information Technology Services

Research output: Contribution to journal › Article › peer-review

Abstract

Nowadays, most Internet services are based on the working model that there will be some Domain Name System (DNS) [1] queries before the communication activities. Thus, for supporting DNS-based anomaly detection, the key problem is how to identify the clusters (sequences) of inappropriate DNS queries form the DNS traffic mixture that are directly generated or indirectly induced by internetworking hosts that are abnormal (i.e., including compromised and/or the original abusers). In this paper, we design and implement a DNS-based network anomalous detection and intrusion eradication scheme, combining the DNS-based anomaly detection and IEEE 802.1x-based authentication scheme for supporting the intrusion eradicating process.

Original language	English
Pages (from-to)	329-335
Number of pages	7
Journal	Journal of Internet Technology
Volume	8
Issue number	3
State	Published - 1 Jul 2007

Keywords

DNS
IEEE 802. 1x
Intrusion detection
Intrusion eradication

Cite this

@article{54a6960ce9774a5ea4ff6d236f7ccc44,

title = "DNS-based network anomaly detection and eradicating scheme",

abstract = "Nowadays, most Internet services are based on the working model that there will be some Domain Name System (DNS) [1] queries before the communication activities. Thus, for supporting DNS-based anomaly detection, the key problem is how to identify the clusters (sequences) of inappropriate DNS queries form the DNS traffic mixture that are directly generated or indirectly induced by internetworking hosts that are abnormal (i.e., including compromised and/or the original abusers). In this paper, we design and implement a DNS-based network anomalous detection and intrusion eradication scheme, combining the DNS-based anomaly detection and IEEE 802.1x-based authentication scheme for supporting the intrusion eradicating process.",

keywords = "DNS, IEEE 802. 1x, Intrusion detection, Intrusion eradication",

author = "Chang-Sheng Chen and Wang, {Shang Rung} and Liu, {Ta Chung}",

year = "2007",

month = jul,

day = "1",

language = "English",

volume = "8",

pages = "329--335",

journal = "Journal of Internet Technology",

issn = "1607-9264",

publisher = "Taiwan Academic Network Management Committee",

number = "3",

}

TY - JOUR

T1 - DNS-based network anomaly detection and eradicating scheme

AU - Chen, Chang-Sheng

AU - Wang, Shang Rung

AU - Liu, Ta Chung

PY - 2007/7/1

Y1 - 2007/7/1

N2 - Nowadays, most Internet services are based on the working model that there will be some Domain Name System (DNS) [1] queries before the communication activities. Thus, for supporting DNS-based anomaly detection, the key problem is how to identify the clusters (sequences) of inappropriate DNS queries form the DNS traffic mixture that are directly generated or indirectly induced by internetworking hosts that are abnormal (i.e., including compromised and/or the original abusers). In this paper, we design and implement a DNS-based network anomalous detection and intrusion eradication scheme, combining the DNS-based anomaly detection and IEEE 802.1x-based authentication scheme for supporting the intrusion eradicating process.

AB - Nowadays, most Internet services are based on the working model that there will be some Domain Name System (DNS) [1] queries before the communication activities. Thus, for supporting DNS-based anomaly detection, the key problem is how to identify the clusters (sequences) of inappropriate DNS queries form the DNS traffic mixture that are directly generated or indirectly induced by internetworking hosts that are abnormal (i.e., including compromised and/or the original abusers). In this paper, we design and implement a DNS-based network anomalous detection and intrusion eradication scheme, combining the DNS-based anomaly detection and IEEE 802.1x-based authentication scheme for supporting the intrusion eradicating process.

KW - DNS

KW - IEEE 802. 1x

KW - Intrusion detection

KW - Intrusion eradication

UR - http://www.scopus.com/inward/record.url?scp=34547830995&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:34547830995

VL - 8

SP - 329

EP - 335

JO - Journal of Internet Technology

JF - Journal of Internet Technology

SN - 1607-9264

IS - 3

ER -

DNS-based network anomaly detection and eradicating scheme

Abstract

Keywords

Other files and links

Fingerprint

Cite this