[Nrg-l] Reminder TODAY: NRG Presentation: Feb/23/2009 - 4:00pm

Jorge Londoño jmlon at cs.bu.edu
Mon Feb 23 09:23:12 EST 2009

Invited speaker: Dave Plonka - U. Wisconsin-Madison

Title: Context-aware Clustering of DNS Query Traffic


    The Domain Name System (DNS) is a one of the most widely used
    services in the Internet.  In this talk, we consider the question
    of how DNS traffic monitoring can provide an important and useful
    perspective on network traffic in an enterprise.  We approach this
    problem by considering three classes of DNS traffic: canonical
    (i.e., RFC-intended behaviors), overloaded (e.g., black-list
    services), and unwanted (i.e., queries that will never succeed).
    We describe a context-aware clustering methodology that is
    applied to DNS query-responses to generate the desired aggregates.
    Our method enables the analysis to be scaled to expose the desired
    level of detail of each traffic type, and to expose their time
    varying characteristics.

    We implement our method in a tool we call TreeTop, which can be used
    to analyze and visualize DNS traffic in real-time.  We demonstrate
    the capabilities of our methodology and the utility of TreeTop
    using a set of DNS traces that we collected from our campus network
    over a period of three months.  Our evaluation highlights both the
    coarse and fine level of detail that can be revealed by our method.
    Finally, we show how DNS analysis can be coupled with general
    network traffic monitoring to provide a useful perspective for
    network management and operations.

Paper pointer:

Time and Place:
Grad Lounge - 4:00pm

More information about the Nrg-l mailing list