Open AccessStatistical Study of Unusual DNS Query Traffic
Author(s) -
Dennis Arturo Ludeña Romaña,
Yasuo Musashi,
Hirofumi Nagatomi,
Kenichi Sugitani
Publication year - 2007
Publication title -
ecti transactions on electrical eng. / electronics and communications
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.148
H-Index - 7
ISSN - 1685-9545
DOI - 10.37936/ecti-eec.200862.171793
Subject(s) - domain name system , computer science , denial of service attack , database , information retrieval , computer network , world wide web , data mining , the internet
We statistically investigated on the unusual big DNS resolution tra±c toward the top domain DNS server from a university local campus network in April 11th, 2006. The following results are obtained: (1) In April 11th, the DNS query tra±c includes a lot of fully qualified domain names (FQDNs) of several specific web sites as name resolution keywords. (2) Also, the DNS query traffic includes a plenty of source IP addresses of PC clients. Also (3), the several DNS query keywords including speci¯c well-known web sites can be found in the DNS traffic. Therefore, it can be concluded that we can detect the unusual tra±c and bots worm activity (DDoS attacks and/or prescannings) by assuming a threshold based statistifical detection model and checking the several specific keywords of web sites in the DNS resolution traffic.