Data Mining-based DNS Log Analysis

Hongyuan Cui, Jiajun Yang, Ying Liu, Zheng Zheng, Kaichao Wu
2014 Annals of Data Science  
Domain name system (DNS) provides a critical function in directing Internet traffic. Defending DNS servers from bandwidth attacks is a significant task of DNS service providers. Traditional rule-based anomaly or intrusion detection methods are not able to update the rules dynamically. Data mining based approaches are able to find various patterns in the massive dynamic query traffic data. The patterns may assist the DNS service providers to detect anomalies in real time. In this paper, a novel
more » ... requent episode mining algorithm is proposed, as well as a volume trend prediction method which allows anomalies to be detected in real time. Density-based clustering approach is adopted to partition numerous domain names into different groups based on the characteristics of their query volume time series. Consistent episode mining method is proposed to find how the query traffic 'propagate' at different time between different domain names. Experiments are performed on a real-word DNS log data
doi:10.1007/s40745-014-0023-7 fatcat:tn6i2tp3gfdcziftaii6lwpteu