Academic Journals Database
Disseminating quality controlled scientific knowledge

Entropy Based Analysis of DNS Query Traffic in the Campus Network

ADD TO MY LIST
 
Author(s): Dennis Arturo Ludeña Romaña | Yasuo Musashi

Journal: Journal of Systemics, Cybernetics and Informatics
ISSN 1690-4532

Volume: 6;
Issue: 5;
Start page: 42;
Date: 2008;
Original page

ABSTRACT
We carried out the entropy based study on the DNS query traffic from the campus network in a university through January 1st, 2006 to March 31st, 2007. The results are summarized, as follows: (1) The source IP addresses- and query keyword-based entropies change symmetrically in the DNS query traffic from the outside of the campus network when detecting the spam bot activity on the campus network. On the other hand (2), the source IP addresses- and query keywordbased entropies change similarly each other when detecting big DNS query traffic caused by prescanning or distributed denial of service (DDoS) attack from the campus network. Therefore, we can detect the spam bot and/or DDoS attack bot by only watching DNS query access traffic.
Why do you need a reservation system?      Save time & money - Smart Internet Solutions