BDBComp
Parceria:
SBC
Identificação e Caracterizacção de Comportamentos Suspeitos Através da Análise do Tráfego DNS

Kaio R. S. BarbosaEduardo SoutoEduardo FeitosaGilbert B. Martins

The Domain Name System (DNS) provides mechanisms for translating domain names into IP address. This service is used by both legitimate users and suspicious applications which may request mail servers' address before sending spam. This paper presents a methodology based on graph theory that distinguishes between legitimate and malicious traffic queries patterns. Name resolutions are modeled in a graph that illustrates the communication patterns between hosts and how the queries were held. To validate the proposal, the .br DNS domain traffic is investigated. The results show a 35% reduction of the hosts to be analyzed and the presence of suspicious behavior.

http://www.lbd.dcc.ufmg.br/colecoes/sbseg/2014/0013.pdf

Caso o link acima esteja inválido, faça uma busca pelo texto completo na Web: Buscar na Web

Biblioteca Digital Brasileira de Computação - Contato: bdbcomp@lbd.dcc.ufmg.br
     Mantida por:
LBD