Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
AINA
2009
IEEE
2009
IEEE
Similarity Search over DNS Query Streams for Email Worm Detection
Email worms continue to be a persistent problem, indicating that current approaches against this class of selfpropagating malicious code yield rather meagre results. Additionally, these approaches are intrinsically incapable of reducing the high amount of the unwanted email traffic on the Internet because they are deployed in the network of the potential victims. In this work we present a method to detect email worms soon after they appear at the local name server, which is topologically near the infected machines, by analysing at flow level the Domain Name System (DNS) traffic of user machines. Our method uses exact similarity search over time series produced by DNS query streams that user machines generate, and cluster analysis. To evaluate our method, we have constructed and used a DNS query dataset that consists of 71 recent email worms1 , and demonstrate that our method is remarkably effective in detecting email worm activity in the long run. As a secondary result, our work hi...
Real-time Traffic| Added | 18 May 2010 |
| Updated | 18 May 2010 |
| Type | Conference |
| Year | 2009 |
| Where | AINA |
| Authors | Nikolaos Chatzis, Nevil Brownlee |
Comments (0)
Researcher Info
|
