direkt zum Inhalt springen

direkt zum Hauptnavigationsmenü

Sie sind hier

TU Berlin

Inhalt des Dokuments

Es gibt keine deutsche Übersetzung dieser Webseite.

Nikolaos Chatzis' Publications

Similarity Search over DNS Query Streams for Email Worm Detection
Zitatschlüssel CB-SSDQSEWD-09
Autor Chatzis, Nikolaos and Brownlee, Nevil
Buchtitel Proceedings of the 23rd International Conference on Advanced Information Networking and Applications (AINA '09)
Seiten 588–595
Jahr 2009
DOI http://dx.doi.org/10.1109/AINA.2009.132
Adresse New York, NY, USA
Verlag IEEE
Zusammenfassung Email worms and the high amount of unsolicited email traffic on the Internet continue to be persistent operational security issues. In this work, we present a method to detect email worms soon after they appear at the local name server, which is topologically near the infected machines. Our method analyses at flow level the communication patterns between user machines and the local name server. With respect to this, it uses exact similarity search over time series produced by the Domain Name System (DNS) query streams of user machines, and unsupervised learning. To evaluate our method, we have constructed and used a DNS query dataset that consists of 71 recent email worms. We demonstrate that our method is remarkably effective in the long run, and that time series similarity search can be a useful tool for intrusion detection, one that has not yet been adequately explored.
Download Bibtex Eintrag

Zusatzinformationen / Extras

Direktzugang:

Schnellnavigation zur Seite über Nummerneingabe