Identifying and Classifying Suspicious Network Behavior Using Passive DNS Analysis


Global Domain Name System (DNS) traffic provides a unique perspective on domain names usage by both legitimate users and suspicious applications. Beyond conventional DNS analysis queries and responses altogether, in this paper we investigate domain name queries to identify suspicious network traffic country code Top-Level Domain (ccTLD) authoritative… (More)
DOI: 10.1109/CIT/IUCC/DASC/PICOM.2015.25


8 Figures and Tables

Slides referencing similar topics