A distributed intrusion detection model for the domain name system

Chang-Sheng Chen*, Shian Shyong Tseng, Chien-Liang Liu

*此作品的通信作者

研究成果: Article同行評審

2 引文 斯高帕斯(Scopus)

摘要

We have investigated the problem of detecting DoS-like DNS anomalies in DNS system. In this paper, we propose a distributed Two-phase DNS anomaly detection model for solving the problem. Three sets of algorithms corresponding to different configurations are proposed, including one sequential algorithm and two distributed algorithms, each with an increasing level of parallelism. The complexity of these algorithms have been found to be O (n log n). The distributed algorithms show at least a constant (1-1/Ck), Ck > 1, improvement over the sequential one. To evaluate the performance, we have implemented the algorithms and applied them to a number of examples. The experimental result shows a speed up of about 1.68 on the test example for running on an enhanced distributed architecture with C-IDS over the sequential one. A higher speed up might be common because DNS anomalies will make the traffic distribution more concentrated on the outliers, and the computation will usually converge much more quickly.

原文English
頁(從 - 到)999-1009
頁數11
期刊Journal of Information Science and Engineering
18
發行號6
DOIs
出版狀態Published - 11月 2002

指紋

深入研究「A distributed intrusion detection model for the domain name system」主題。共同形成了獨特的指紋。

引用此