{"title":"实时DNS流量分析增强的国家级网络检测设计","authors":"Muhammad Salahuddien Manggalanny, K. Ramli","doi":"10.1109/ISITIA.2017.8124046","DOIUrl":null,"url":null,"abstract":"A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.","PeriodicalId":308504,"journal":{"name":"2017 International Seminar on Intelligent Technology and Its Applications (ISITIA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Real time DNS traffic profiling enhanced detection design for national level network\",\"authors\":\"Muhammad Salahuddien Manggalanny, K. Ramli\",\"doi\":\"10.1109/ISITIA.2017.8124046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.\",\"PeriodicalId\":308504,\"journal\":{\"name\":\"2017 International Seminar on Intelligent Technology and Its Applications (ISITIA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 International Seminar on Intelligent Technology and Its Applications (ISITIA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ISITIA.2017.8124046\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 International Seminar on Intelligent Technology and Its Applications (ISITIA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISITIA.2017.8124046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Real time DNS traffic profiling enhanced detection design for national level network
A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
