Networking Investigate

Context-Aware Clustering of DNS Query Traffic

Download now Free registration required

Executive Summary

The Domain Name System (DNS) is a one of the most widely used services in the Internet. In this paper, the authors consider the question of how DNS traffic monitoring can provide an important and useful perspective on network traffic in an enterprise. They approach this problem by considering three classes of DNS traffic: canonical (i.e., RFC-intended behaviors), overloaded (e.g., Black-list services), and unwanted (i.e., Queries that will never succeed). They describe a context-aware clustering methodology that is applied to DNS query-responses to generate the desired aggregates. The method enables the analysis to be scaled to expose the desired level of detail of each traffic type, and to expose their time varying characteristics.

  • Format: PDF
  • Size: 2406.4 KB