1 / 23

Client Density Estimation via DNS Cache Probing: Analyzing Cloud Computing and Botnets

This paper presents a novel approach for estimating client population density through DNS cache probing. It examines the intricacies of cloud computing, including its economic benefits and associated security concerns. The authors explore the concept of botnets and how DNS probing can be utilized to track multiple botnets while ensuring benign operations within a testing environment. Furthermore, the research addresses the correlation between website popularity and botnet detection, offering insights into network security and the use of tools like Iperf for network performance measurement.

vina
Télécharger la présentation

Client Density Estimation via DNS Cache Probing: Analyzing Cloud Computing and Botnets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Peeking Through the Cloud: Client Density Estimation via DNS Cache Probing By: MOHEEB ABU RAJAB FABIAN MONROSE NIELS PROVOS Published Date: October 2010

  2. What is DNS ? • Why should we use Cloud Computing? • What is Cache Probing? • What is Botnet?

  3. Introduction • DNS caching Probing receive answers from DNS server for third party domains. • Cloud Computing - “Computing as a Utility” • Issues with cloud computing • Botnets -infected-hosts • Network Security – Activities design to protect your network

  4. DNS • Domain name space consists tree of domain names. • The tree sub – divides into zones at the root zone. • The old zone ceases to authorities to the new zone.

  5. Cloud Computing • Achieve economics of scale • Reduce spending on technology infrastructure • Reduce capital costs • Improve flexibility • Improve accessibility

  6. Estimation Methodology • Growing security and privacy • Approach- Network services use DNS name • DNS cache probing measure the evolution of name in resolver’s cache

  7. Experimental Evaluation • Centralized Scheduler for starting Iperf clients -Predefined serialized schedule file at each VM instance. -Schedule file contains a time stamp along with the nodes that should communicate for a single reading. * Iperf - Network testing tool to measure the network  throughput between end hosts.

  8. Relative estimation error of the number of hosts n with DNS queries per TTL

  9. Evaluation with DNS probing

  10. Web Metering • Website Metering - fastest and easiest way to see website ranks • No manual digging and guessing • Website Popularity is fully automated and runs right from your desktop • The strong correlation between website popularity, benefits and techniques for rank inflation

  11. DNS rank versus Alexa rank for top 100 websites according to Alexa ranking

  12. Alexa provides information - websites including Top sites, Internet Traffic stats and Metrics, Online reviews contact information and Related links and search • Alexa Also found some Fraudulent Inflation by - Click fraud - Direct manipulation attacks • The resolver list is sanitized to extract the “cooperative resolvers”

  13. Botnet • Botnet is used to defined the user network by Bot master • Develop a scalable and robust infrastructure to capture & concurrently track multiple Botnets • IRC tracking, DNS Cache probing (minimal) • Must be benign – not used to infect others outside the testing environment • Analysis of measurements, structural and behavioral aspect of Botnets

  14. Birth of Botnet • Bots are born from program binaries that infect your PC • Self-replicating worms • E-mail viruses • Shell code (scripts)

  15. The IRC tracker (also called a drone) filters traffic and acts as a Bot to trick the IRC room to iteratively probe to find the footprint of particular Botnets • Uses DNS Probing • Acts as a spy

  16. Conclusion • In this paper, we provide a ne technique for Internet demographics, the client population density of service. Also verifying the popularity rank of a website and estimating of botnet infection. A refined techniques for estimating botnet size with improving their benefits.

  17. THANK YOU!!

More Related