[Nrg-l] NRG Presentation: Feb/23/2009 - 4:00pm
jmlon at cs.bu.edu
Thu Feb 19 09:50:20 EST 2009
Invited speaker: Dave Plonka - U. Wisconsin-Madison
Title: Context-aware Clustering of DNS Query Traffic
The Domain Name System (DNS) is a one of the most widely used
services in the Internet. In this talk, we consider the question
of how DNS traffic monitoring can provide an important and useful
perspective on network traffic in an enterprise. We approach this
problem by considering three classes of DNS traffic: canonical
(i.e., RFC-intended behaviors), overloaded (e.g., black-list
services), and unwanted (i.e., queries that will never succeed).
We describe a context-aware clustering methodology that is
applied to DNS query-responses to generate the desired aggregates.
Our method enables the analysis to be scaled to expose the desired
level of detail of each traffic type, and to expose their time
We implement our method in a tool we call TreeTop, which can be used
to analyze and visualize DNS traffic in real-time. We demonstrate
the capabilities of our methodology and the utility of TreeTop
using a set of DNS traces that we collected from our campus network
over a period of three months. Our evaluation highlights both the
coarse and fine level of detail that can be revealed by our method.
Finally, we show how DNS analysis can be coupled with general
network traffic monitoring to provide a useful perspective for
network management and operations.
Time and Place:
Grad Lounge - 4:00pm
More information about the Nrg-l