DNS-based Network Anomaly Detection and Eradicating Scheme

Nowadays, most Internet services are based on the working model that there will be some Domain Name System (DNS) [1] queries before the communication activities. Thus, for supporting DNS-based anomaly detection, the key problem is how to identify the clusters (sequences) of inappropriate DNS queries form the DNS traffic mixture that are directly generated or indirectly induced by internetworking hosts that are abnormal (i.e., including compromised and/or the original abusers). In this paper, we design and implement a DNS-based network anomalous detection and intrusion eradication scheme, combining the DNS-based anomaly detection and IEEE 802.1x-based authentication scheme for supporting the intrusion eradicating process.