direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Nikolaos Chatzis' Publications

Email Worm Detection by Wavelet Analysis of DNS Query Streams
Zitatschlüssel CPB-EWDWADQS-09
Autor Chatzis, Nikolaos and Popescu-Zeletin, Radu and Brownlee, Nevil
Buchtitel Proceedings of the IEEE Symposium on Computational Intelligence in Cyber Security (CICS '09)
Seiten 53–60
Jahr 2009
DOI http://dx.doi.org/10.1109/CICYBS.2009.4925090
Adresse New York, NY, USA
Verlag IEEE
Zusammenfassung The high prevalence of email worms indicates that current in-network defence mechanisms are incapable of mitigating this Internet threat. Moreover, commonly applied approaches against this class of propagating malicious program do not target reducing unwanted email traffic traversing the Internet. In this paper, we take a step toward better understanding of email worms, and explore their effect on the flow-level characteristics of domain name system (DNS) query streams that user machines generate. We propose a novel method, which uses time series analysis and unsupervised learning, to detect email worms as they appear on local name servers. To evaluate our detection method, we have constructed a DNS query dataset that consists of 71 email worms. We demonstrate that our method is very effective.
Download Bibtex Eintrag

Zusatzinformationen / Extras

Direktzugang:

Schnellnavigation zur Seite über Nummerneingabe