John Heidemann

Improving Long-term Accuracy of DNS Backscatter for Monitoring of Internet-Wide Malicious Activity (poster)

TitleImproving Long-term Accuracy of DNS Backscatter for Monitoring of Internet-Wide Malicious Activity (poster)
Publication TypeTechnical Report
Year of Publication2016
AuthorsA. Qadeer, J. Heidemann, and K. Fukuda
Date Publishedapr
InstitutionUSC/Information Sciences Institute
Abstract

Internet-wide malicious activities are prevalent on the Internet. Such activities include the malicious, like spamming and scanning, and the benign, like large e-mailing lists and content delivery "NETWORKS". We've previously shown that they can be detected centrally with DNS backscatter, and developed a classifier using supervised learning. However, long-term detection is difficult because activities rapidly change with time to evade detection or as they naturally evolve, and manual training is expensive. Our solution: we extend backscatter-based detection by identifying: how behavior evolves, how often we need to retrain, and how to retrain without human supervision. Details are in the attached poster.

URLhttp://www.isi.edu/%7ejohnh/PAPERS/Qadeer16a.html
Groups: