Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network

Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network

Anomalous traffics are those unusual and colossal hits a non-popular domain gets for a small epoch period in a day. Regardless of whether these anomalies are malicious or not, it is important to analyze them as they might have a dramatic impact on a customer or an end user. Identifying these traffic...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of intelligent & fuzzy systems 2017-01, Vol.32 (4), p.2901-2907
Hauptverfasser: Ashok, Aravind, Poornachandran, Prabaharan, Pal, Soumajit, Sankar, Prem, Surendran, K.
Format: Artikel
Sprache:eng
Schlagworte:
Anomalies
Data mining
Domain names
IP (Internet Protocol)
Statistical analysis
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 2907
container_issue 4
container_start_page 2901
container_title Journal of intelligent & fuzzy systems
container_volume 32
creator Ashok, Aravind
Poornachandran, Prabaharan
Pal, Soumajit
Sankar, Prem
Surendran, K.
description Anomalous traffics are those unusual and colossal hits a non-popular domain gets for a small epoch period in a day. Regardless of whether these anomalies are malicious or not, it is important to analyze them as they might have a dramatic impact on a customer or an end user. Identifying these traffic anomalies is a challenge, as it requires mining and identifying patterns among huge volume of data. In this paper, we provide a statistical and dynamic reputation based approach to identify unpopular domains receiving huge volumes of traffic within a short period of time. Our aim is to develop and deploy a lightweight framework in a monitored network capable of analyzing DNS traffic and provide early warning alerts regarding domains receiving unusual hits to reduce the collateral damage faced by an end–user or customer. The authors have employed statistical analysis, supervised learning and ensemble based dynamic reputation of domains, IP addresses and name servers to distinguish benign and abnormal domains with very low false positives.
doi_str_mv 10.3233/JIFS-169233
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_1993977381</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>1993977381</sourcerecordid><originalsourceid>FETCH-LOGICAL-c219t-fe413d60e424b30a73d0095f4a4ef9a759355fd00c6ba2295b2b6369cb3d392d3</originalsourceid><addsrcrecordid>eNotkE1LAzEURYMoWKsr_0DApYzmY5I0K5FqtVJwoeLCRchkkpraSWqSUfrvnVJX73K43AcHgHOMriih9PppPnupMJdDPgAjPBGsmkguDoeMeF1hUvNjcJLzCiEsGEEj8PH-uYU5Qt2EmDq9voF3tlhTfFjCNnbahwyTNdb_7IgOA1rHPsPcp6WFJWnnvIE-QA27GHyJybYw2PIb09cpOHJ6ne3Z_x2Dt9n96_SxWjw_zKe3i8oQLEvlbI1py5GtSd1QpAVtEZLM1bq2TmrBJGXMDczwRhMiWUMaTrk0DW2pJC0dg4v97ibF797molaxT2F4qbCUVApBJ3hoXe5bJsWck3Vqk3yn01ZhpHb21M6e2tujf4Y4YmM</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1993977381</pqid></control><display><type>article</type><title>Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network</title><source>EBSCOhost Business Source Complete</source><creator>Ashok, Aravind ; Poornachandran, Prabaharan ; Pal, Soumajit ; Sankar, Prem ; Surendran, K.</creator><contributor>El-Alfy, El-Sayed M. ; Thampi, Sabu M.</contributor><creatorcontrib>Ashok, Aravind ; Poornachandran, Prabaharan ; Pal, Soumajit ; Sankar, Prem ; Surendran, K. ; El-Alfy, El-Sayed M. ; Thampi, Sabu M.</creatorcontrib><description>Anomalous traffics are those unusual and colossal hits a non-popular domain gets for a small epoch period in a day. Regardless of whether these anomalies are malicious or not, it is important to analyze them as they might have a dramatic impact on a customer or an end user. Identifying these traffic anomalies is a challenge, as it requires mining and identifying patterns among huge volume of data. In this paper, we provide a statistical and dynamic reputation based approach to identify unpopular domains receiving huge volumes of traffic within a short period of time. Our aim is to develop and deploy a lightweight framework in a monitored network capable of analyzing DNS traffic and provide early warning alerts regarding domains receiving unusual hits to reduce the collateral damage faced by an end–user or customer. The authors have employed statistical analysis, supervised learning and ensemble based dynamic reputation of domains, IP addresses and name servers to distinguish benign and abnormal domains with very low false positives.</description><identifier>ISSN: 1064-1246</identifier><identifier>EISSN: 1875-8967</identifier><identifier>DOI: 10.3233/JIFS-169233</identifier><language>eng</language><publisher>Amsterdam: IOS Press BV</publisher><subject>Anomalies ; Data mining ; Domain names ; IP (Internet Protocol) ; Statistical analysis</subject><ispartof>Journal of intelligent &amp; fuzzy systems, 2017-01, Vol.32 (4), p.2901-2907</ispartof><rights>Copyright IOS Press BV 2017</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><cites>FETCH-LOGICAL-c219t-fe413d60e424b30a73d0095f4a4ef9a759355fd00c6ba2295b2b6369cb3d392d3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><contributor>El-Alfy, El-Sayed M.</contributor><contributor>Thampi, Sabu M.</contributor><creatorcontrib>Ashok, Aravind</creatorcontrib><creatorcontrib>Poornachandran, Prabaharan</creatorcontrib><creatorcontrib>Pal, Soumajit</creatorcontrib><creatorcontrib>Sankar, Prem</creatorcontrib><creatorcontrib>Surendran, K.</creatorcontrib><title>Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network</title><title>Journal of intelligent &amp; fuzzy systems</title><description>Anomalous traffics are those unusual and colossal hits a non-popular domain gets for a small epoch period in a day. Regardless of whether these anomalies are malicious or not, it is important to analyze them as they might have a dramatic impact on a customer or an end user. Identifying these traffic anomalies is a challenge, as it requires mining and identifying patterns among huge volume of data. In this paper, we provide a statistical and dynamic reputation based approach to identify unpopular domains receiving huge volumes of traffic within a short period of time. Our aim is to develop and deploy a lightweight framework in a monitored network capable of analyzing DNS traffic and provide early warning alerts regarding domains receiving unusual hits to reduce the collateral damage faced by an end–user or customer. The authors have employed statistical analysis, supervised learning and ensemble based dynamic reputation of domains, IP addresses and name servers to distinguish benign and abnormal domains with very low false positives.</description><subject>Anomalies</subject><subject>Data mining</subject><subject>Domain names</subject><subject>IP (Internet Protocol)</subject><subject>Statistical analysis</subject><issn>1064-1246</issn><issn>1875-8967</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2017</creationdate><recordtype>article</recordtype><recordid>eNotkE1LAzEURYMoWKsr_0DApYzmY5I0K5FqtVJwoeLCRchkkpraSWqSUfrvnVJX73K43AcHgHOMriih9PppPnupMJdDPgAjPBGsmkguDoeMeF1hUvNjcJLzCiEsGEEj8PH-uYU5Qt2EmDq9voF3tlhTfFjCNnbahwyTNdb_7IgOA1rHPsPcp6WFJWnnvIE-QA27GHyJybYw2PIb09cpOHJ6ne3Z_x2Dt9n96_SxWjw_zKe3i8oQLEvlbI1py5GtSd1QpAVtEZLM1bq2TmrBJGXMDczwRhMiWUMaTrk0DW2pJC0dg4v97ibF797molaxT2F4qbCUVApBJ3hoXe5bJsWck3Vqk3yn01ZhpHb21M6e2tujf4Y4YmM</recordid><startdate>20170101</startdate><enddate>20170101</enddate><creator>Ashok, Aravind</creator><creator>Poornachandran, Prabaharan</creator><creator>Pal, Soumajit</creator><creator>Sankar, Prem</creator><creator>Surendran, K.</creator><general>IOS Press BV</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20170101</creationdate><title>Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network</title><author>Ashok, Aravind ; Poornachandran, Prabaharan ; Pal, Soumajit ; Sankar, Prem ; Surendran, K.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c219t-fe413d60e424b30a73d0095f4a4ef9a759355fd00c6ba2295b2b6369cb3d392d3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2017</creationdate><topic>Anomalies</topic><topic>Data mining</topic><topic>Domain names</topic><topic>IP (Internet Protocol)</topic><topic>Statistical analysis</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Ashok, Aravind</creatorcontrib><creatorcontrib>Poornachandran, Prabaharan</creatorcontrib><creatorcontrib>Pal, Soumajit</creatorcontrib><creatorcontrib>Sankar, Prem</creatorcontrib><creatorcontrib>Surendran, K.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Journal of intelligent &amp; fuzzy systems</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Ashok, Aravind</au><au>Poornachandran, Prabaharan</au><au>Pal, Soumajit</au><au>Sankar, Prem</au><au>Surendran, K.</au><au>El-Alfy, El-Sayed M.</au><au>Thampi, Sabu M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network</atitle><jtitle>Journal of intelligent &amp; fuzzy systems</jtitle><date>2017-01-01</date><risdate>2017</risdate><volume>32</volume><issue>4</issue><spage>2901</spage><epage>2907</epage><pages>2901-2907</pages><issn>1064-1246</issn><eissn>1875-8967</eissn><abstract>Anomalous traffics are those unusual and colossal hits a non-popular domain gets for a small epoch period in a day. Regardless of whether these anomalies are malicious or not, it is important to analyze them as they might have a dramatic impact on a customer or an end user. Identifying these traffic anomalies is a challenge, as it requires mining and identifying patterns among huge volume of data. In this paper, we provide a statistical and dynamic reputation based approach to identify unpopular domains receiving huge volumes of traffic within a short period of time. Our aim is to develop and deploy a lightweight framework in a monitored network capable of analyzing DNS traffic and provide early warning alerts regarding domains receiving unusual hits to reduce the collateral damage faced by an end–user or customer. The authors have employed statistical analysis, supervised learning and ensemble based dynamic reputation of domains, IP addresses and name servers to distinguish benign and abnormal domains with very low false positives.</abstract><cop>Amsterdam</cop><pub>IOS Press BV</pub><doi>10.3233/JIFS-169233</doi><tpages>7</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1064-1246
ispartof Journal of intelligent & fuzzy systems, 2017-01, Vol.32 (4), p.2901-2907
issn 1064-1246
1875-8967
language eng
recordid cdi_proquest_journals_1993977381
source EBSCOhost Business Source Complete
subjects Anomalies
Data mining
Domain names
IP (Internet Protocol)
Statistical analysis
title Why so abnormal? Detecting domains receiving anomalous surge traffic in a monitored network
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-30T15%3A50%3A00IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Why%20so%20abnormal?%20Detecting%20domains%20receiving%20anomalous%20surge%20traffic%20in%20a%20monitored%20network&rft.jtitle=Journal%20of%20intelligent%20&%20fuzzy%20systems&rft.au=Ashok,%20Aravind&rft.date=2017-01-01&rft.volume=32&rft.issue=4&rft.spage=2901&rft.epage=2907&rft.pages=2901-2907&rft.issn=1064-1246&rft.eissn=1875-8967&rft_id=info:doi/10.3233/JIFS-169233&rft_dat=%3Cproquest_cross%3E1993977381%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1993977381&rft_id=info:pmid/&rfr_iscdi=true