Approximate String Matching for DNS Anomaly Detection

05/23/2019
by   Roni Mateless, et al.
0

In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed to a string, which is used by new fast appproximate string matching algorithm to detect anomalies. Our approach is generic in its nature and allows fast adaptation to different types of traffic. We evaluate the approach on a large public dataset of DNS traffic based on 10 days, discovering more than order of magnitude DNS attacks in comparison to auto-regression as a baseline. Moreover, the additional comparison has been made including other common regressors such as Linear Regression, Lasso, Random Forest and KNN, all of them showing the superiority of our approach.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
11/24/2017

SENATUS: An Approach to Joint Traffic Anomaly Detection and Root Cause Analysis

In this paper, we propose a novel approach, called SENATUS, for joint tr...
research
12/08/2019

PIDForest: Anomaly Detection via Partial Identification

We consider the problem of detecting anomalies in a large dataset. We pr...
research
03/02/2019

Unsupervised Traffic Accident Detection in First-Person Videos

Recognizing abnormal events such as traffic violations and accidents in ...
research
01/02/2019

Anomaly Detection in Networks with Application to Financial Transaction Networks

This paper is motivated by the task of detecting anomalies in networks o...
research
03/17/2014

Multi-task Feature Selection based Anomaly Detection

Network anomaly detection is still a vibrant research area. As the fast ...
research
11/12/2019

Detecting Network Disruptions At Colocation Facilities

Colocation facilities and Internet eXchange Points (IXPs) provide neutra...

Please sign up or login with your details

Forgot password? Click here to reset