- Balkan Journal of Electrical and Computer Engineering
- Vol: 6 Issue: 3
- Identification of abnormal DNS traffic with Hurst parameter
Identification of abnormal DNS traffic with Hurst parameter
Authors : Ali Gezer
Pages : 191-197
Doi:10.17694/bajece.435230
View : 12 | Download : 8
Publication Date : 2018-07-31
Article Type : Research
Abstract :It is a necessity for effective network management to be aware of the activities taking place on computer networks. Network managers should always be alarmed about what is happening now, what might be, or what will be in the future for the sake of network. To gather information about a computer system or a network, attackers mostly exploit networking tools to gain some privileges and login systems. Penetration testers also use these tools to gather information about systems, but their main concern is to discover the vulnerabilities of the system, and to find out what kind of measures could be applied to make the system more resistant to these vulnerabilities. In this study, we propose an abnormal DNS traffic identification method via utilizing Hurst parameter estimation. To do so, we employ DNS information gathering tools in Kali Linux to generate abnormal DNS flows. Then, we estimate its self-similarity degree to compare the differences between normal DNS traffic flows and abnormal ones. Obtained results show that abnormal DNS traffic show higher self-similarity degrees. Another interesting finding is that abnormal DNS traffic shows different distribution characteristic.Keywords : Traffic analysis, DNS protocol, distribution fitting, abnormal traffic detection