DNS abnormal behavior detection based on IPFIX

DNS abnormal behavior detection based on IPFIX

An algorithm based on IPFIX network flow data is proposed.By using proposed algorithm,suspicious and abnormal DNS will be detected accurately,and DNS traffic amplification attack will be distinguished rapidly.This algorithm has been applied in the Tsinghua University campus network.In our practice,D...

Full description

Saved in:
Bibliographic Details
Main Authors: Yun-long MA, Cai-ping JIANG, Qian-li ZHANG, Ji-long WANG
Format: Article
Language:zho
Published: Editorial Department of Journal on Communications 2014-10-01
Series:Tongxin xuebao
Subjects:
abnormal behavior
network security
IPFIX
traffic analysis
Online Access:http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.z1.002/
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:An algorithm based on IPFIX network flow data is proposed.By using proposed algorithm,suspicious and abnormal DNS will be detected accurately,and DNS traffic amplification attack will be distinguished rapidly.This algorithm has been applied in the Tsinghua University campus network.In our practice,DNS abnormal behaviors have been detected and alarm information has been sent to administrators.Thus,abnormal attack behaviors are restrained in time,and the monitoring and warning for abnormal traffic are all realized.
ISSN:1000-436X

Similar Items