Back to Search Start Over

Visualizing and characterizing DNS lookup behaviors via log-mining

Visualizing and characterizing DNS lookup behaviors via log-mining

Authors :
Changling Zhou
Shiyang Chen
Hao Ma
Qingnan Lai
Zhen Wu
Source :
Neurocomputing. 169:100-109
Publication Year :
2015
Publisher :
Elsevier BV, 2015.

Abstract

The Domain Name System (DNS) is a critical Internet service, which translates easily memorized domain names to numerical IP addresses for locating computer resources and services. In this paper, we try to explore the behaviors of DNS lookup by mining DNS logs from three primary DNS servers in a large university campus network in China. Our dataset is made up of two parts, namely DNS query logs and messages received or send by DNS servers. Firstly, through analyzing these DNS query logs, we are able to understand the overall trend of users’ surfing. For dealing with huge DNS dataset, we introduce an algorithm we call DNSReduce , which can be used to dig out top 10 client IP addresses and top 10 destination domain names efficiently. Moreover, we make comparative analysis of lookup behavior between wired and wireless users. Secondly, with messages received or send by DNS servers we can find these DNS servers׳ behaviors, i.e., TTLs, equivalent answers and are able to accurately identify domain names with dynamic IP addresses. We provide different and specific visualization techniques for presenting these analysis results and show these techniques are very useful for understanding user behaviors, analyzing security events and characterizing overall tendency in campus network management.

Details

ISSN :
09252312
Volume :
169
Database :
OpenAIRE
Journal :
Neurocomputing
Accession number :
edsair.doi...........953a8f74135ae1e692e72bf1936e4926
Full Text :
https://doi.org/10.1016/j.neucom.2014.09.099