Improving Long-term Accuracy of DNS
Backscatter for Monitoring of Internet-Wide Malicious Activity (poster)
Abdul Qadeer, John Heidemann and Kensuke Fukuda
USC/Information Sciences Institute
Citation
Abdul Qadeer, John Heidemann and Kensuke Fukuda. Improving Long-term Accuracy of DNS Backscatter for Monitoring of Internet-Wide Malicious Activity (poster). Technical Report ISI-TR-2016-707. USC/Information Sciences Institute. [PDF] [alt PDF] [Dataset]
Abstract
Internet-wide malicious activities are prevalent on the Internet. Such activities include the malicious, like spamming and scanning, and the benign, like large e-mailing lists and content delivery networks. We’ve previously shown that they can be detected centrally with DNS backscatter, and developed a classifier using supervised learning. However, long-term detection is difficult because activities rapidly change with time to evade detection or as they naturally evolve, and manual training is expensive. Our solution: we extend backscatter-based detection by identifying: how behavior evolves, how often we need to retrain, and how to retrain without human supervision. Details are in the attached poster.Bibtex Citation
@techreport{Qadeer16a,
author = {Qadeer, Abdul and Heidemann, John and Fukuda, Kensuke},
title = {Improving Long-term Accuracy of DNS
Backscatter for Monitoring of Internet-Wide Malicious Activity (poster)},
institution = {USC/Information Sciences Institute},
year = {2016},
sortdate = {2016-04-29},
project = {ant, lacrend, retrofuture},
jsubject = {dns},
number = {ISI-TR-2016-707},
month = apr,
jlocation = {johnh: pafile},
keywords = {network outage detection, hurricane sandy},
url = {https://ant.isi.edu/%7ejohnh/PAPERS/Qadeer16a.html},
pdfurl = {https://ant.isi.edu/%7ejohnh/PAPERS/Qadeer16a.pdf},
dataseturl = {https://ant.isi.edu/datasets/dns_backscatter/index.html},
myorganization = {USC/Information Sciences Institute},
copyrightholder = {authors}
}