Approximate String Matching for DNS Anomaly Detection

Roni Mateless, Michael Segal

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed to a string, which is used by new fast approximate string matching algorithm to detect anomalies. Our approach is generic in its nature and allows fast adaptation to different types of traffic. We evaluate the approach on a large public dataset of DNS traffic based on 10 days, discovering more than order of magnitude DNS attacks in comparison to auto-regression as a baseline. Moreover, the additional comparison has been made including other common regressors such as Linear Regression, Lasso, Random Forest and KNN, all of them showing the superiority of our approach.

Original languageAmerican English
Title of host publicationSecurity, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings
EditorsGuojun Wang, Jun Feng, Md Zakirul Alam Bhuiyan, Rongxing Lu
PublisherSpringer Verlag
Pages490-504
Number of pages15
ISBN (Print)9783030249069
DOIs
StatePublished - 1 Jan 2019
Event12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019 - Atlanta, United States
Duration: 14 Jul 201917 Jul 2019

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume11611 LNCS

Conference

Conference12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019
Country/TerritoryUnited States
CityAtlanta
Period14/07/1917/07/19

Keywords

  • Anomaly detection
  • Approximate string matching
  • Similarity measures

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Approximate String Matching for DNS Anomaly Detection'. Together they form a unique fingerprint.

Cite this