A distributed intrusion detection model for the domain name system

Chang-Sheng Chen*, Shian Shyong Tseng, Chien-Liang Liu


研究成果: Article同行評審

2 引文 斯高帕斯(Scopus)


We have investigated the problem of detecting DoS-like DNS anomalies in DNS system. In this paper, we propose a distributed Two-phase DNS anomaly detection model for solving the problem. Three sets of algorithms corresponding to different configurations are proposed, including one sequential algorithm and two distributed algorithms, each with an increasing level of parallelism. The complexity of these algorithms have been found to be O (n log n). The distributed algorithms show at least a constant (1-1/Ck), Ck > 1, improvement over the sequential one. To evaluate the performance, we have implemented the algorithms and applied them to a number of examples. The experimental result shows a speed up of about 1.68 on the test example for running on an enhanced distributed architecture with C-IDS over the sequential one. A higher speed up might be common because DNS anomalies will make the traffic distribution more concentrated on the outliers, and the computation will usually converge much more quickly.

頁(從 - 到)999-1009
期刊Journal of Information Science and Engineering
出版狀態Published - 1 11月 2002


深入研究「A distributed intrusion detection model for the domain name system」主題。共同形成了獨特的指紋。