Big Data for Security: On Using DNS Logs for Security Threat Detection

I am particularly interested in the area resulting from the intersection of the following topics: big data for security, big data analytics, distributed programming and data analysis solutions, security and cloud.

 

In particular I am interested in public case studies, business cases and trials involving the usage of (large amounts of) DNS data to detect new security threats and issues.

 

Here are some key related work and approaches:

·         EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis;

·         Large scale DNS analysis

·         Identifying malicious domains in large DNS resolver datasets using Hadoop

·         Emerging trends around big data analytics and security: Panel

·         Botnet detection by monitoring group activities in DNS traffic

·         DNS Based Security Incidents Detection in Campus Network

·         DNS-based Detection of Scanning Worms in an Enterprise Network

·         Cache poisoning detection method for improving security of recursive DNS

·         Preserving the big picture: Visual network traffic analysis with tnv

  

--- Posted by Marco Casassa Mont (here and here)  ---

--- NOTE:  use this mirror blog if you prefer posting on an external blog site  ---

--- NOTE:  my original HP blog can be found here  ---