DNS abnormal behavior detection based on IPFIX
An algorithm based on IPFIX network flow data is proposed.By using proposed algorithm,suspicious and abnormal DNS will be detected accurately,and DNS traffic amplification attack will be distinguished rapidly.This algorithm has been applied in the Tsinghua University campus network.In our practice,D...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2014-10-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.z1.002/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539711390187520 |
|---|---|
| author | Yun-long MA Cai-ping JIANG Qian-li ZHANG Ji-long WANG |
| author_facet | Yun-long MA Cai-ping JIANG Qian-li ZHANG Ji-long WANG |
| author_sort | Yun-long MA |
| collection | DOAJ |
| description | An algorithm based on IPFIX network flow data is proposed.By using proposed algorithm,suspicious and abnormal DNS will be detected accurately,and DNS traffic amplification attack will be distinguished rapidly.This algorithm has been applied in the Tsinghua University campus network.In our practice,DNS abnormal behaviors have been detected and alarm information has been sent to administrators.Thus,abnormal attack behaviors are restrained in time,and the monitoring and warning for abnormal traffic are all realized. |
| format | Article |
| id | doaj-art-1f0cf5b2ed4047ffb255c0ec4ae9e474 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2014-10-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-1f0cf5b2ed4047ffb255c0ec4ae9e4742025-01-14T06:44:44ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2014-10-01355959687956DNS abnormal behavior detection based on IPFIXYun-long MACai-ping JIANGQian-li ZHANGJi-long WANGAn algorithm based on IPFIX network flow data is proposed.By using proposed algorithm,suspicious and abnormal DNS will be detected accurately,and DNS traffic amplification attack will be distinguished rapidly.This algorithm has been applied in the Tsinghua University campus network.In our practice,DNS abnormal behaviors have been detected and alarm information has been sent to administrators.Thus,abnormal attack behaviors are restrained in time,and the monitoring and warning for abnormal traffic are all realized.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.z1.002/abnormal behaviornetwork securityIPFIX traffic analysis |
| spellingShingle | Yun-long MA Cai-ping JIANG Qian-li ZHANG Ji-long WANG DNS abnormal behavior detection based on IPFIX Tongxin xuebao abnormal behavior network security IPFIX traffic analysis |
| title | DNS abnormal behavior detection based on IPFIX |
| title_full | DNS abnormal behavior detection based on IPFIX |
| title_fullStr | DNS abnormal behavior detection based on IPFIX |
| title_full_unstemmed | DNS abnormal behavior detection based on IPFIX |
| title_short | DNS abnormal behavior detection based on IPFIX |
| title_sort | dns abnormal behavior detection based on ipfix |
| topic | abnormal behavior network security IPFIX traffic analysis |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2014.z1.002/ |
| work_keys_str_mv | AT yunlongma dnsabnormalbehaviordetectionbasedonipfix AT caipingjiang dnsabnormalbehaviordetectionbasedonipfix AT qianlizhang dnsabnormalbehaviordetectionbasedonipfix AT jilongwang dnsabnormalbehaviordetectionbasedonipfix |