Improving Long-term Accuracy of DNS
Backscatter for Monitoring of Internet-Wide Malicious Activity (poster)
Abdul Qadeer, John Heidemann and Kensuke Fukuda
USC/Information Sciences Institute
Citation
Abdul Qadeer, John Heidemann and Kensuke Fukuda. Improving Long-term Accuracy of DNS Backscatter for Monitoring of Internet-Wide Malicious Activity (poster). Technical Report ISI-TR-2016-707. USC/Information Sciences Institute. [PDF] [alt PDF] [Dataset]
Abstract
Internet-wide malicious activities are prevalent on the Internet. Such activities include the malicious, like spamming and scanning, and the benign, like large e-mailing lists and content delivery networks. We’ve previously shown that they can be detected centrally with DNS backscatter, and developed a classifier using supervised learning. However, long-term detection is difficult because activities rapidly change with time to evade detection or as they naturally evolve, and manual training is expensive. Our solution: we extend backscatter-based detection by identifying: how behavior evolves, how often we need to retrain, and how to retrain without human supervision. Details are in the attached poster.Bibtex Citation
@techreport{Qadeer16a, author = {Qadeer, Abdul and Heidemann, John and Fukuda, Kensuke}, title = {Improving Long-term Accuracy of DNS Backscatter for Monitoring of Internet-Wide Malicious Activity (poster)}, institution = {USC/Information Sciences Institute}, year = {2016}, sortdate = {2016-04-29}, project = {ant, lacrend, retrofuture}, jsubject = {dns}, number = {ISI-TR-2016-707}, month = apr, jlocation = {johnh: pafile}, keywords = {network outage detection, hurricane sandy}, url = {https://ant.isi.edu/%7ejohnh/PAPERS/Qadeer16a.html}, pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Qadeer16a.pdf}, dataseturl = {https://ant.isi.edu/datasets/dns_backscatter/index.html}, myorganization = {USC/Information Sciences Institute}, copyrightholder = {authors} }