DNSSM: A Large Scale Passive DNS Security Monitoring Framework

Abstract : We present a monitoring approach and the supporting software architecture for passive DNS traffic. Monitoring DNS traffic can reveal essential network and system level activity profiles. Worm infected and botnet participating hosts can be identified and malicious backdoor communications can be detected. Any passive DNS monitoring solution needs to address several challenges that range from architectural approaches for dealing with large volumes of data up to specific Data Mining approaches for this purpose. We describe a framework that leverages state of the art distributed processing facilities with clustering techniques in order to detect anomalies in both online and offline DNS traffic. This framework entitled DNSSM is implemented and operational on several networks. We validate the framework against two large trace sets.
Document type :
Conference papers
Complete list of metadatas

Cited literature [20 references]  Display  Hide  Download

Contributor : Jérôme François <>
Submitted on : Wednesday, November 7, 2012 - 9:22:40 AM
Last modification on : Thursday, February 7, 2019 - 2:59:32 PM
Long-term archiving on : Saturday, December 17, 2016 - 8:23:52 AM


Files produced by the author(s)




Samuel Marchal, Jérôme François, Cynthia Wagner, Radu State, Alexandre Dulaunoy, et al.. DNSSM: A Large Scale Passive DNS Security Monitoring Framework. Network Operations and Management Symposium, Apr 2012, Lahaina, United States. pp.988 - 993, ⟨10.1109/NOMS.2012.6212019⟩. ⟨hal-00749243⟩



Record views


Files downloads