Abstract
With the continuous growth of Internet usage, the importance of DNS has also increased, and the large amount of data collected by DNS servers from users’ queries becomes a very valuable data source, since it reveals user patterns and how their Internet usage changes through time. The periodicity in human behavior is also reflected in how users use the Internet and therefore in the DNS queries they generate. Thus, in this paper we propose the use of Machine Learning models in order to capture these Internet usage patterns for predicting DNS traffic, which has a huge relevance since a big difference between the expected DNS traffic and the real one, could be a sign of an anomaly in the data stream caused by an attack or a failure. To the best of the authors’ knowledge this is the first attempt of forecasting DNS traffic using Neural Networks models, in order to propose an unsupervised and lightweight method to perform fast detection of anomalies in DNS data streams observed in DNS servers.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Akinaga, Y., Kaneda, S., Shinagawa, N., Miura, A.: A proposal for a mobile communication traffic forecasting method using time-series analysis for multi-variate data. In: IEEE Global Telecommunications Conference, GLOBECOM 2005, vol. 2, pp. 6-pp. IEEE (2005)
Alsirhani, A., Sampalli, S., Bodorik, P.: DDoS attack detection system: utilizing classification algorithms with apache spark. In: 2018 9th IFIP International Conference on New Technologies, Mobility and Security (NTMS), pp. 1–7. IEEE (2018)
Basu, S., Mukherjee, A., Klivansky, S.: Time series models for internet traffic. In: Fifteenth Annual Joint Conference of the IEEE Computer Societies. Networking the Next Generation. Proceedings IEEE INFOCOM 1996, vol. 2, pp. 611–620. IEEE (1996)
Casas, P., Mazel, J., Owezarski, P.: Unsupervised network intrusion detection systems: detecting the unknown without knowledge. Comput. Commun. 35(7), 772–783 (2012)
Cortez, P., Rio, M., Rocha, M., Sousa, P.: Multi-scale internet traffic forecasting using neural networks and time series methods. Expert Syst. 29(2), 143–155 (2012)
Douligeris, C., Mitrokotsa, A.: Ddos attacks and defense mechanisms: classification and state-of-the-art. Comput. Netw. 44(5), 643–666 (2004)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: Null, p. 303. IEEE (2003)
Gonzalez, M.C., Hidalgo, C.A., Barabasi, A.L.: Understanding individual human mobility patterns. Nature 453(7196), 779 (2008)
Hu, X., Wu, J.: Traffic forecasting based on chaos analysis in GSM communication network. In: International Conference on Computational Intelligence and Security Workshops, CISW 2007, pp. 829–833. IEEE (2007)
Miao, D., Qin, X., Wang, W.: The periodic data traffic modeling based on multiplicative seasonal arima model. In: 2014 Sixth International Conference on Wireless Communications and Signal Processing (WCSP), pp. 1–5. IEEE (2014)
Mirkovic, J., Reiher, P.: A taxonomy of DDoS attack and DDoS defense mechanisms. ACM SIGCOMM Comput. Commun. Rev. 34(2), 39–53 (2004)
Musashi, Y., Kumagai, M., Kubota, S., Sugitani, K.: Detection of Kaminsky DNS cache poisoning attack. In: 2011 4th International Conference on Intelligent Networks and Intelligent Systems (ICINIS), pp. 121–124. IEEE (2011)
Oliveira, E.M.R., Viana, A.C., Sarraute, C., Brea, J., Alvarez-Hamelin, I.: On the regularity of human mobility. Pervasive Mob. Comput. 33, 73–90 (2016)
Papagiannaki, K., Taft, N., Zhang, Z.L., Diot, C.: Long-term forecasting of internet backbone traffic: observations and initial models. In: Twenty-Second Annual Joint Conference of the IEEE Computer and Communications, INFOCOM 2003, IEEE Societies, vol. 2, pp. 1178–1188. IEEE (2003)
Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23–24), 2435–2463 (1999)
Qiao, J.: .nz DNS traffic: trend and anomalies (2017). https://blog.nzrs.net.nz/nz-dns-traffic-trend-and-anomalies/
Roesch, M., et al.: Snort: lightweight intrusion detection for networks. In: Lisa, vol. 99, pp. 229–238 (1999)
Shu, Y., Yu, M., Liu, J., Yang, O.W.: Wireless traffic modeling and prediction using seasonal arima models. In: IEEE International Conference on Communications, ICC 2003, vol. 3, pp. 1675–1679. IEEE (2003)
Taylor, S.J., Letham, B.: Forecasting at scale. Am. Stat. 72(1), 37–45 (2018)
Thomas, M., Mohaisen, A.: Kindred domains: detecting and clustering botnet domains using DNS traffic. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 707–712. ACM (2014)
Wang, H., Xu, F., Li, Y., Zhang, P., Jin, D.: Understanding mobile traffic patterns of large scale cellular towers in urban environment. In: Proceedings of the 2015 Internet Measurement Conference, pp. 225–238. ACM (2015)
Xu, F., et al.: Big data driven mobile traffic understanding and forecasting: a time series approach. IEEE Trans. Serv. Comput. 9(5), 796–805 (2016)
Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis. IEEE/ACM Trans. Netw. 20(5), 1663–1677 (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Madariaga, D., Panza, M., Bustos-Jiménez, J. (2019). DNS Traffic Forecasting Using Deep Neural Networks. In: Renault, É., Mühlethaler, P., Boumerdassi, S. (eds) Machine Learning for Networking. MLN 2018. Lecture Notes in Computer Science(), vol 11407. Springer, Cham. https://doi.org/10.1007/978-3-030-19945-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-19945-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19944-9
Online ISBN: 978-3-030-19945-6
eBook Packages: Computer ScienceComputer Science (R0)