Detecting anomalies in DNS protocol traces via Passive Testing and Process Mining

Saint-Pierre Cortés, Cecilia; Cifuentes, F; Bustos-Jiménez, J.

Detecting anomalies in DNS protocol traces via Passive Testing and Process Mining

Files

Detecting anomalies in DNS protocol traces via Passive Testing and Process Mining.pdf(2.66 KB)

Date

2014

Authors

Saint-Pierre Cortés, Cecilia

Cifuentes, F

Bustos-Jiménez, J.

Publisher

IEEE

Abstract

In this article we present our first approach in using Passive Testing (used in protocol and software conformance checking) and Process Mining (used in enterprise workflow analysis) techniques for analyzing DNS operation traces. We propose a process approach for DNS protocol, modeling it as a sequence of structured activities, queries and responses that are executed by actors, in this case clients and servers, with the objective of exchange some valuable information. As an example, we applied our techniques over A Day in Internet Life DNS traces for showing how easily a mail bonnet attack can be discovered. We conclude that with our first approach this techniques have promising future in order to analyze DNS traces, and plan to extend the testing for conformance against the formal definition of DNS presented in the RFC 1035.

Keywords

Protocols, Testing, Servers, Internet, Business, Electronic mail, Data mining

URI

https://doi.org/10.1109/CNS.2014.6997534
https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=6997534
https://repositorio.uc.cl/handle/11534/63882

Collections

Artículos de conferencia

Full item page