Visualizing DNS traffic

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Visualizing DNS traffic

Full text

Pdf (1.70 MB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 3rd international workshop on Visualization for computer security table of contents

Alexandria, Virginia, USA

SESSION: Long papers table of contents

Pages: 23 - 30

Year of Publication: 2006

ISBN:1-59593-549-5

Authors

Pin Ren	Northwestern University
John Kristoff	Neustar
Bruce Gooch	University of Victoria

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
ACM: Association for Computing Machinery

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 15, Downloads (12 Months): 156, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1179576.1179582 What is a DOI?

ABSTRACT

This paper proposes a visualization approach to address Domain Name System (DNS) security challenges, such as distributed denial of service (DDoS) and cache poisoning attacks.We present Flying Term, a new perceptually motivated visual metaphor for visualizing the dynamic nature of DNS queries. The addition of visual metaphors such as Stacking Graphs, Two Tone Pseudo Color, and Chernoff Face Glyph within the same application framework provide enhanced monitoring capability and situational awareness for visualizing DNS queries. We demonstrate our visualization's capability to help administrators identify and understand DNS querying behavior due to anomalies such as misconfiguration and security events with DNS query data acquired from a diverse set of caching servers on the Internet.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Internet Systems Consortium(ISC) BIND. http://www.isc.org.
	2	CERT Advisory CA-1997-22 BIND- the Berkeley Internet Name Daemon, 1997. http://www.cert.org/advisories/CA-1997-22.html.
	3	The Measurement Factory: DNS Survey, May 2005. http://dns.measurement-factory.com/surveys/sum1.html.
	4	ANA Spoofer Project, 2006. http://spoofer.csail.mit.edu/.
	5	DNS Providers Blacklist, 2006. http://www.dnsbl.org/.
	6	Report from the ICANN Security and Stability Advisory Committee, Mar. 2006. http://www.icann.org/committees/security/dns-ddos-advisory-31mar06.pdf.
	7	The Measurement Factory: dnstop Tool, 2006. http://dns.measurement-factory.com/tools/dnstop/.
	8	The Measurement Factory: dsc - DNS Statistics Collector, 2006. http://dns.measurement-factory.com/tools/dsc/.
	9	Conrad Albrecht-Buehler , Benjamin Watson , David A. Shamma, Visualizing Live Text Streams Using Motion and Temporal Pooling, IEEE Computer Graphics and Applications, v.25 n.3, p.52-59, May 2005 [doi>10.1109/MCG.2005.70]
	10	Steven M. Bellovin, A Look Back at "Security Problems in the TCP/IP Protocol Suite", Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC'04), p.229-249, December 06-10, 2004 [doi>10.1109/CSAC.2004.3]
	11	Ulrik Brandes , Daniel Fleischer , Jurgen Lerner, Highlighting Conflict Dynamics in Event Data, Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization, p.14, October 23-25, 2005 [doi>10.1109/INFOVIS.2005.15]
	12	H. Chernoff. Using faces to represent points in k-dimensional space. Journal of the American Statistical Association, 68:361--368, 1973.
	13	J.A. Fitzpatrick, J. Reffell, and M. Aydelott. Breakingstory: visualizing change in online news. In CHI Extended Abstracts, pages 900--901, 2003.
	14	Susan Havre , Elizabeth Hetzler , Paul Whitney , Lucy Nowell, ThemeRiver: Visualizing Thematic Changes in Large Document Collections, IEEE Transactions on Visualization and Computer Graphics, v.8 n.1, p.9-20, January 2002 [doi>10.1109/2945.981848]
	15	J. Kristoff. An Automated Incident Response System Using BIND Query Logs, 2006. http://public.oarci.net/files/jtk-dnsbotmon.pdf.
	16	J. Kristoff. A brief look at some dns query data, 2006. http://www.nanog.org/mtg-0602/lightning.html.
	17	Yarden Livnat , Jim Agutter , Shaun Moon , Stefano Foresti, Visual Correlation for Situational Awareness, Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization, p.13, October 23-25, 2005 [doi>10.1109/INFOVIS.2005.36]
	18	V. Ramasubramanian and E.G. Sirer. Perils of transitive trust in the domain name system. In Proceedings of the Internet Measurement Conference (IMC), Berkeley, California, October 2005.
	19	Takafumi Saito , Hiroko Nakamura Miyamura , Mitsuyoshi Yamamoto , Hiroki Saito , Yuka Hoshiya , Takumi Kaseda, Two-Tone Pseudo Coloring: Compact Visualization for One-Dimensional Data, Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization, p.23, October 23-25, 2005 [doi>10.1109/INFOVIS.2005.35]
	20	C. Schuba. Addressing Weakness in the Domain Name System Protocol, 1993. Master Thesis, Purdue University.
	21	J. Stewart. DNS Cache Poisoning - The Next Generation. http://www.lurhq.com/dnscache.pdf.
	22	Martin Wattenberg, Baby Names, Visualization, and Social Data Analysis, Proceedings of the Proceedings of the 2005 IEEE Symposium on Information Visualization, p.1, October 23-25, 2005 [doi>10.1109/INFOVIS.2005.7]

CITED BY 2

	Pin Ren, Ensuring the continuing success of vizsec, Proceedings of the 3rd international workshop on Visualization for computer security, November 03-03, 2006, Alexandria, Virginia, USA
	David Plonka , Paul Barford, Context-aware clustering of DNS query traffic, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, October 20-22, 2008, Vouliagmeni, Greece