Approximate String Matching for DNS Anomaly Detection

Roni Mateless; Michael Segal

doi:10.1007/978-3-030-24907-6_37

Approximate String Matching for DNS Anomaly Detection

Roni Mateless, Michael Segal

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

3 Scopus citations

Abstract

In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed to a string, which is used by new fast approximate string matching algorithm to detect anomalies. Our approach is generic in its nature and allows fast adaptation to different types of traffic. We evaluate the approach on a large public dataset of DNS traffic based on 10 days, discovering more than order of magnitude DNS attacks in comparison to auto-regression as a baseline. Moreover, the additional comparison has been made including other common regressors such as Linear Regression, Lasso, Random Forest and KNN, all of them showing the superiority of our approach.

Original language	English
Title of host publication	Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings
Editors	Guojun Wang, Jun Feng, Md Zakirul Alam Bhuiyan, Rongxing Lu
Publisher	Springer Verlag
Pages	490-504
Number of pages	15
ISBN (Print)	9783030249069
DOIs	https://doi.org/10.1007/978-3-030-24907-6_37
State	Published - 1 Jan 2019
Event	12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019 - Atlanta, United States Duration: 14 Jul 2019 → 17 Jul 2019

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	11611 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019
Country/Territory	United States
City	Atlanta
Period	14/07/19 → 17/07/19

Keywords

Anomaly detection
Approximate string matching
Similarity measures

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science (all)

Access to Document

10.1007/978-3-030-24907-6_37

Cite this

Mateless, R., & Segal, M. (2019). Approximate String Matching for DNS Anomaly Detection. In G. Wang, J. Feng, M. Z. A. Bhuiyan, & R. Lu (Eds.), Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings (pp. 490-504). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11611 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-030-24907-6_37

Mateless, Roni ; Segal, Michael. / Approximate String Matching for DNS Anomaly Detection. Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings. editor / Guojun Wang ; Jun Feng ; Md Zakirul Alam Bhuiyan ; Rongxing Lu. Springer Verlag, 2019. pp. 490-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{50d0cfa871514d8b861797e577bc6357,

title = "Approximate String Matching for DNS Anomaly Detection",

abstract = "In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed to a string, which is used by new fast approximate string matching algorithm to detect anomalies. Our approach is generic in its nature and allows fast adaptation to different types of traffic. We evaluate the approach on a large public dataset of DNS traffic based on 10 days, discovering more than order of magnitude DNS attacks in comparison to auto-regression as a baseline. Moreover, the additional comparison has been made including other common regressors such as Linear Regression, Lasso, Random Forest and KNN, all of them showing the superiority of our approach.",

keywords = "Anomaly detection, Approximate string matching, Similarity measures",

author = "Roni Mateless and Michael Segal",

note = "Publisher Copyright: {\textcopyright} Springer Nature Switzerland AG 2019.; 12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019 ; Conference date: 14-07-2019 Through 17-07-2019",

year = "2019",

month = jan,

day = "1",

doi = "10.1007/978-3-030-24907-6_37",

language = "English",

isbn = "9783030249069",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "490--504",

editor = "Guojun Wang and Jun Feng and Bhuiyan, {Md Zakirul Alam} and Rongxing Lu",

booktitle = "Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings",

address = "Germany",

}

Mateless, R & Segal, M 2019, Approximate String Matching for DNS Anomaly Detection. in G Wang, J Feng, MZA Bhuiyan & R Lu (eds), Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 11611 LNCS, Springer Verlag, pp. 490-504, 12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019, Atlanta, United States, 14/07/19. https://doi.org/10.1007/978-3-030-24907-6_37

Approximate String Matching for DNS Anomaly Detection. / Mateless, Roni; Segal, Michael.

Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings. ed. / Guojun Wang; Jun Feng; Md Zakirul Alam Bhuiyan; Rongxing Lu. Springer Verlag, 2019. p. 490-504 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 11611 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Approximate String Matching for DNS Anomaly Detection

AU - Mateless, Roni

AU - Segal, Michael

N1 - Publisher Copyright: © Springer Nature Switzerland AG 2019.

PY - 2019/1/1

Y1 - 2019/1/1

N2 - In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed to a string, which is used by new fast approximate string matching algorithm to detect anomalies. Our approach is generic in its nature and allows fast adaptation to different types of traffic. We evaluate the approach on a large public dataset of DNS traffic based on 10 days, discovering more than order of magnitude DNS attacks in comparison to auto-regression as a baseline. Moreover, the additional comparison has been made including other common regressors such as Linear Regression, Lasso, Random Forest and KNN, all of them showing the superiority of our approach.

AB - In this paper we propose a novel approach to identify anomalies in DNS traffic. The traffic time-points data is transformed to a string, which is used by new fast approximate string matching algorithm to detect anomalies. Our approach is generic in its nature and allows fast adaptation to different types of traffic. We evaluate the approach on a large public dataset of DNS traffic based on 10 days, discovering more than order of magnitude DNS attacks in comparison to auto-regression as a baseline. Moreover, the additional comparison has been made including other common regressors such as Linear Regression, Lasso, Random Forest and KNN, all of them showing the superiority of our approach.

KW - Anomaly detection

KW - Approximate string matching

KW - Similarity measures

UR - http://www.scopus.com/inward/record.url?scp=85069802068&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-24907-6_37

DO - 10.1007/978-3-030-24907-6_37

M3 - Conference contribution

AN - SCOPUS:85069802068

SN - 9783030249069

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 490

EP - 504

BT - Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings

A2 - Wang, Guojun

A2 - Feng, Jun

A2 - Bhuiyan, Md Zakirul Alam

A2 - Lu, Rongxing

PB - Springer Verlag

T2 - 12th International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage, SpaCCS 2019

Y2 - 14 July 2019 through 17 July 2019

ER -

Mateless R, Segal M. Approximate String Matching for DNS Anomaly Detection. In Wang G, Feng J, Bhuiyan MZA, Lu R, editors, Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings. Springer Verlag. 2019. p. 490-504. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-24907-6_37

Approximate String Matching for DNS Anomaly Detection

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this