This HTML5 document contains 44 embedded RDF statements represented using HTML+Microdata notation.

The embedded RDF content will be recognized by any processor of HTML5 Microdata.

Namespace Prefixes

Prefix	IRI
n22	http://linked.opendata.cz/ontology/domain/vavai/riv/typAkce/
dcterms	http://purl.org/dc/terms/
n18	http://purl.org/net/nknouf/ns/bibtex#
n13	http://linked.opendata.cz/resource/domain/vavai/projekt/
n7	http://linked.opendata.cz/resource/domain/vavai/riv/tvurce/
n20	http://linked.opendata.cz/ontology/domain/vavai/
n19	https://schema.org/
s	http://schema.org/
n4	http://linked.opendata.cz/ontology/domain/vavai/riv/
rdfs	http://www.w3.org/2000/01/rdf-schema#
skos	http://www.w3.org/2004/02/skos/core#
n11	http://bibframe.org/vocab/
n2	http://linked.opendata.cz/resource/domain/vavai/vysledek/
rdf	http://www.w3.org/1999/02/22-rdf-syntax-ns#
n8	http://linked.opendata.cz/resource/domain/vavai/vysledek/RIV%2F63839172%3A_____%2F14%3A10130411%21RIV15-MSM-63839172/
n5	http://linked.opendata.cz/ontology/domain/vavai/riv/klicoveSlovo/
n21	http://linked.opendata.cz/ontology/domain/vavai/riv/duvernostUdaju/
xsdh	http://www.w3.org/2001/XMLSchema#
n17	http://linked.opendata.cz/ontology/domain/vavai/riv/aktivita/
n12	http://linked.opendata.cz/ontology/domain/vavai/riv/jazykVysledku/
n16	http://linked.opendata.cz/ontology/domain/vavai/riv/druhVysledku/
n14	http://linked.opendata.cz/ontology/domain/vavai/riv/obor/
n10	http://reference.data.gov.uk/id/gregorian-year/

Statements

Subject Item

n2:RIV%2F63839172%3A_____%2F14%3A10130411%21RIV15-MSM-63839172

rdf:type

skos:Concept n20:Vysledek

rdfs:seeAlso

http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7033254

dcterms:description

The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel that lasts over 30 seconds can be detected in a minute. During the on-line testing on a real traffic from production network, the module signalized on average over 60 confirmed alerts including DNS tunnels per day. The Domain Name System (DNS) belongs to crucial services in a computer network. Because of its importance, DNS is usually allowed in security policies. That opens a way to break policies and to transfer data from/to restricted area due to misusage of a DNS infrastructure. This paper is focused on a detection of communication tunnels and other anomalies in a DNS traffic. The proposed detection module is designed to process huge volume of data and to detect anomalies at near real-time. It is based on combination of statistical analysis of several observed features including application layer information. Our aim is a stream-wise processing of huge volume of DNS data from backbone networks. To achieve these objectives with minimal resource consumption, the detection module uses efficient extended data structures. The performance evaluation has shown that the detector is able to process approximately 511 thousand DNS flow records per second. In addition, according to experiments, a tunnel that lasts over 30 seconds can be detected in a minute. During the on-line testing on a real traffic from production network, the module signalized on average over 60 confirmed alerts including DNS tunnels per day.

dcterms:title

Stream-wise Detection of Surreptitious Traffic over DNS Stream-wise Detection of Surreptitious Traffic over DNS

skos:prefLabel

Stream-wise Detection of Surreptitious Traffic over DNS Stream-wise Detection of Surreptitious Traffic over DNS

skos:notation

RIV/63839172:_____/14:10130411!RIV15-MSM-63839172

n4:aktivita

n17:P

n4:aktivity

P(LM2010005)

n4:dodaniDat

n10:2015

n4:domaciTvurceVysledku

n7:7697406

n4:druhVysledku

n16:D

n4:duvernostUdaju

n21:S

n4:entitaPredkladatele

n8:predkladatel

n4:idSjednocenehoVysledku

47681

n4:idVysledku

RIV/63839172:_____/14:10130411

n4:jazykVysledku

n12:eng

n4:klicovaSlova

iodine; communication tunnels; DNS; anomaly detection; stream-wise detection

n4:klicoveSlovo

n5:communication%20tunnels n5:stream-wise%20detection n5:DNS n5:iodine n5:anomaly%20detection

n4:kontrolniKodProRIV

[9E7EC11CFD13]

n4:mistoKonaniAkce

Athens

n4:mistoVydani

Pomona, California, USA

n4:nazevZdroje

2014 IEEE 19th International Workshop on Computer Aided Modeling and Design of Communication Links and Networks (CAMAD) (CAMAD 2014)

n4:obor

n14:IN

n4:pocetDomacichTvurcuVysledku

1

n4:pocetTvurcuVysledku

3

n4:projekt

n13:LM2010005

n4:rokUplatneniVysledku

n10:2014

n4:tvurceVysledku

Kubátová, Hana Rosa, Zdeněk Čejka, Tomáš

n4:typAkce

n22:WRD

n4:zahajeniAkce

2014-12-01+01:00

s:numberOfPages

5

n11:doi

10.1109/CAMAD.2014.7033254

n18:hasPublisher

IEEE Communications Society

n19:isbn

978-1-4799-5725-5