eyeDNS: Monitoring a University Campus Network

The Domain Name System (DNS) is responsible for mapping human readable domain names to internet protocol (IP) addresses. DNS is a ubiquitous part of internet and intranet communication, making it a convenient and comprehensive source for data to infer network health, performance, and security. A vic...

Full description

Saved in:
Bibliographic Details
Main Authors: Chowdhury, Chandan, Hahn, Dalton A., French, Matthew R., Vassermann, Eugene Y., Manadhata, Pratyusa K., Bardas, Alexandru G.
Format: Conference Proceeding
Language:English
Subjects:
Blacklisting
Data visualization
IP networks
Monitoring
Real-time systems
Servers
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
cited_by
cites
container_end_page 7
container_issue
container_start_page 1
container_title
container_volume
creator Chowdhury, Chandan
Hahn, Dalton A.
French, Matthew R.
Vassermann, Eugene Y.
Manadhata, Pratyusa K.
Bardas, Alexandru G.
description The Domain Name System (DNS) is responsible for mapping human readable domain names to internet protocol (IP) addresses. DNS is a ubiquitous part of internet and intranet communication, making it a convenient and comprehensive source for data to infer network health, performance, and security. A victim of its own success, monitoring real-time DNS traffic is a challenge due to sheer volume: huge amounts of DNS packets flow through a typical enterprise in a single day. In this paper, we describe eyeDNS, a scalable and extensible system for near real-time aggregation, storage, analysis, and visualization of DNS traffic collected by a hardware back-end. We report on eyeDNS's deployment and data collection on a large public university's network over a timeframe of 15 months. Moreover, we leveraged data from the following 6 months to validate findings made during the initial timeframe. With fast query response, aggregation, and visualization of DNS data, eyeDNS helped identify instances of anomalous network use, malware-specific behaviors, and scamming activities. eyeDNS is currently being used by the university's security personnel and has demonstrated its effectiveness in extracting trends and outliers from large volumes of DNS data collected from a diverse environment, where even commercial tools struggle to provide timely and actionable analysis.
doi_str_mv 10.1109/ICC.2018.8422082
format conference_proceeding
fullrecord <record><control><sourceid>ieee_CHZPO</sourceid><recordid>TN_cdi_ieee_primary_8422082</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8422082</ieee_id><sourcerecordid>8422082</sourcerecordid><originalsourceid>FETCH-LOGICAL-i175t-1d1b8769a1338c19c46137715f4656902ce5210049c1d4525cac6f1a44f242f93</originalsourceid><addsrcrecordid>eNotz7FOwzAQgGGDhERVsiOx-AUS7uyzfWZDAUqlUgboXBnXQQaaVEkA5e0Z6PRvn_QLcYlQIYK_XtZ1pQC5YlIKWJ2IwjtGo9lqZDCnYoZec4nM-lwUw_ABAMoyWcKZqNKU7tYvN_Kpa_PY9bl9l0Fu2vyT-iGPk6zD_vA9yHUaf7v-80KcNeFrSMWxc7F5uH-tH8vV82JZ367KjM6MJe7wjZ31AbXmiD6SRe0cmoassR5UTEYhAPmIOzLKxBBtg4GoUaQar-fi6t_NKaXtoc_70E_b46H-A6uoQW0</addsrcrecordid><sourcetype>Publisher</sourcetype><iscdi>true</iscdi><recordtype>conference_proceeding</recordtype></control><display><type>conference_proceeding</type><title>eyeDNS: Monitoring a University Campus Network</title><source>IEEE Xplore All Conference Series</source><creator>Chowdhury, Chandan ; Hahn, Dalton A. ; French, Matthew R. ; Vassermann, Eugene Y. ; Manadhata, Pratyusa K. ; Bardas, Alexandru G.</creator><creatorcontrib>Chowdhury, Chandan ; Hahn, Dalton A. ; French, Matthew R. ; Vassermann, Eugene Y. ; Manadhata, Pratyusa K. ; Bardas, Alexandru G.</creatorcontrib><description>The Domain Name System (DNS) is responsible for mapping human readable domain names to internet protocol (IP) addresses. DNS is a ubiquitous part of internet and intranet communication, making it a convenient and comprehensive source for data to infer network health, performance, and security. A victim of its own success, monitoring real-time DNS traffic is a challenge due to sheer volume: huge amounts of DNS packets flow through a typical enterprise in a single day. In this paper, we describe eyeDNS, a scalable and extensible system for near real-time aggregation, storage, analysis, and visualization of DNS traffic collected by a hardware back-end. We report on eyeDNS's deployment and data collection on a large public university's network over a timeframe of 15 months. Moreover, we leveraged data from the following 6 months to validate findings made during the initial timeframe. With fast query response, aggregation, and visualization of DNS data, eyeDNS helped identify instances of anomalous network use, malware-specific behaviors, and scamming activities. eyeDNS is currently being used by the university's security personnel and has demonstrated its effectiveness in extracting trends and outliers from large volumes of DNS data collected from a diverse environment, where even commercial tools struggle to provide timely and actionable analysis.</description><identifier>EISSN: 1938-1883</identifier><identifier>EISBN: 9781538631805</identifier><identifier>EISBN: 1538631806</identifier><identifier>DOI: 10.1109/ICC.2018.8422082</identifier><language>eng</language><publisher>IEEE</publisher><subject>Blacklisting ; Data visualization ; IP networks ; Monitoring ; Real-time systems ; Servers</subject><ispartof>2018 IEEE International Conference on Communications (ICC), 2018, p.1-7</ispartof><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8422082$$EHTML$$P50$$Gieee$$H</linktohtml><link.rule.ids>309,310,777,781,786,787,27906,54536,54913</link.rule.ids><linktorsrc>$$Uhttps://ieeexplore.ieee.org/document/8422082$$EView_record_in_IEEE$$FView_record_in_$$GIEEE</linktorsrc></links><search><creatorcontrib>Chowdhury, Chandan</creatorcontrib><creatorcontrib>Hahn, Dalton A.</creatorcontrib><creatorcontrib>French, Matthew R.</creatorcontrib><creatorcontrib>Vassermann, Eugene Y.</creatorcontrib><creatorcontrib>Manadhata, Pratyusa K.</creatorcontrib><creatorcontrib>Bardas, Alexandru G.</creatorcontrib><title>eyeDNS: Monitoring a University Campus Network</title><title>2018 IEEE International Conference on Communications (ICC)</title><addtitle>ICC</addtitle><description>The Domain Name System (DNS) is responsible for mapping human readable domain names to internet protocol (IP) addresses. DNS is a ubiquitous part of internet and intranet communication, making it a convenient and comprehensive source for data to infer network health, performance, and security. A victim of its own success, monitoring real-time DNS traffic is a challenge due to sheer volume: huge amounts of DNS packets flow through a typical enterprise in a single day. In this paper, we describe eyeDNS, a scalable and extensible system for near real-time aggregation, storage, analysis, and visualization of DNS traffic collected by a hardware back-end. We report on eyeDNS's deployment and data collection on a large public university's network over a timeframe of 15 months. Moreover, we leveraged data from the following 6 months to validate findings made during the initial timeframe. With fast query response, aggregation, and visualization of DNS data, eyeDNS helped identify instances of anomalous network use, malware-specific behaviors, and scamming activities. eyeDNS is currently being used by the university's security personnel and has demonstrated its effectiveness in extracting trends and outliers from large volumes of DNS data collected from a diverse environment, where even commercial tools struggle to provide timely and actionable analysis.</description><subject>Blacklisting</subject><subject>Data visualization</subject><subject>IP networks</subject><subject>Monitoring</subject><subject>Real-time systems</subject><subject>Servers</subject><issn>1938-1883</issn><isbn>9781538631805</isbn><isbn>1538631806</isbn><fulltext>true</fulltext><rsrctype>conference_proceeding</rsrctype><creationdate>2018</creationdate><recordtype>conference_proceeding</recordtype><sourceid>6IE</sourceid><recordid>eNotz7FOwzAQgGGDhERVsiOx-AUS7uyzfWZDAUqlUgboXBnXQQaaVEkA5e0Z6PRvn_QLcYlQIYK_XtZ1pQC5YlIKWJ2IwjtGo9lqZDCnYoZec4nM-lwUw_ABAMoyWcKZqNKU7tYvN_Kpa_PY9bl9l0Fu2vyT-iGPk6zD_vA9yHUaf7v-80KcNeFrSMWxc7F5uH-tH8vV82JZ367KjM6MJe7wjZ31AbXmiD6SRe0cmoassR5UTEYhAPmIOzLKxBBtg4GoUaQar-fi6t_NKaXtoc_70E_b46H-A6uoQW0</recordid><startdate>201805</startdate><enddate>201805</enddate><creator>Chowdhury, Chandan</creator><creator>Hahn, Dalton A.</creator><creator>French, Matthew R.</creator><creator>Vassermann, Eugene Y.</creator><creator>Manadhata, Pratyusa K.</creator><creator>Bardas, Alexandru G.</creator><general>IEEE</general><scope>6IE</scope><scope>6IH</scope><scope>CBEJK</scope><scope>RIE</scope><scope>RIO</scope></search><sort><creationdate>201805</creationdate><title>eyeDNS: Monitoring a University Campus Network</title><author>Chowdhury, Chandan ; Hahn, Dalton A. ; French, Matthew R. ; Vassermann, Eugene Y. ; Manadhata, Pratyusa K. ; Bardas, Alexandru G.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-i175t-1d1b8769a1338c19c46137715f4656902ce5210049c1d4525cac6f1a44f242f93</frbrgroupid><rsrctype>conference_proceedings</rsrctype><prefilter>conference_proceedings</prefilter><language>eng</language><creationdate>2018</creationdate><topic>Blacklisting</topic><topic>Data visualization</topic><topic>IP networks</topic><topic>Monitoring</topic><topic>Real-time systems</topic><topic>Servers</topic><toplevel>online_resources</toplevel><creatorcontrib>Chowdhury, Chandan</creatorcontrib><creatorcontrib>Hahn, Dalton A.</creatorcontrib><creatorcontrib>French, Matthew R.</creatorcontrib><creatorcontrib>Vassermann, Eugene Y.</creatorcontrib><creatorcontrib>Manadhata, Pratyusa K.</creatorcontrib><creatorcontrib>Bardas, Alexandru G.</creatorcontrib><collection>IEEE Electronic Library (IEL) Conference Proceedings</collection><collection>IEEE Proceedings Order Plan (POP) 1998-present by volume</collection><collection>IEEE Xplore All Conference Proceedings</collection><collection>IEEE/IET Electronic Library</collection><collection>IEEE Proceedings Order Plans (POP) 1998-present</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Chowdhury, Chandan</au><au>Hahn, Dalton A.</au><au>French, Matthew R.</au><au>Vassermann, Eugene Y.</au><au>Manadhata, Pratyusa K.</au><au>Bardas, Alexandru G.</au><format>book</format><genre>proceeding</genre><ristype>CONF</ristype><atitle>eyeDNS: Monitoring a University Campus Network</atitle><btitle>2018 IEEE International Conference on Communications (ICC)</btitle><stitle>ICC</stitle><date>2018-05</date><risdate>2018</risdate><spage>1</spage><epage>7</epage><pages>1-7</pages><eissn>1938-1883</eissn><eisbn>9781538631805</eisbn><eisbn>1538631806</eisbn><abstract>The Domain Name System (DNS) is responsible for mapping human readable domain names to internet protocol (IP) addresses. DNS is a ubiquitous part of internet and intranet communication, making it a convenient and comprehensive source for data to infer network health, performance, and security. A victim of its own success, monitoring real-time DNS traffic is a challenge due to sheer volume: huge amounts of DNS packets flow through a typical enterprise in a single day. In this paper, we describe eyeDNS, a scalable and extensible system for near real-time aggregation, storage, analysis, and visualization of DNS traffic collected by a hardware back-end. We report on eyeDNS's deployment and data collection on a large public university's network over a timeframe of 15 months. Moreover, we leveraged data from the following 6 months to validate findings made during the initial timeframe. With fast query response, aggregation, and visualization of DNS data, eyeDNS helped identify instances of anomalous network use, malware-specific behaviors, and scamming activities. eyeDNS is currently being used by the university's security personnel and has demonstrated its effectiveness in extracting trends and outliers from large volumes of DNS data collected from a diverse environment, where even commercial tools struggle to provide timely and actionable analysis.</abstract><pub>IEEE</pub><doi>10.1109/ICC.2018.8422082</doi><tpages>7</tpages></addata></record>
fulltext fulltext_linktorsrc
identifier EISSN: 1938-1883
ispartof 2018 IEEE International Conference on Communications (ICC), 2018, p.1-7
issn 1938-1883
language eng
recordid cdi_ieee_primary_8422082
source IEEE Xplore All Conference Series
subjects Blacklisting
Data visualization
IP networks
Monitoring
Real-time systems
Servers
title eyeDNS: Monitoring a University Campus Network
url http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T23%3A07%3A17IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-ieee_CHZPO&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=proceeding&rft.atitle=eyeDNS:%20Monitoring%20a%20University%20Campus%20Network&rft.btitle=2018%20IEEE%20International%20Conference%20on%20Communications%20(ICC)&rft.au=Chowdhury,%20Chandan&rft.date=2018-05&rft.spage=1&rft.epage=7&rft.pages=1-7&rft.eissn=1938-1883&rft_id=info:doi/10.1109/ICC.2018.8422082&rft.eisbn=9781538631805&rft.eisbn_list=1538631806&rft_dat=%3Cieee_CHZPO%3E8422082%3C/ieee_CHZPO%3E%3Cgrp_id%3Ecdi_FETCH-LOGICAL-i175t-1d1b8769a1338c19c46137715f4656902ce5210049c1d4525cac6f1a44f242f93%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_id=info:pmid/&rft_ieee_id=8422082&rfr_iscdi=true