Can We Learn what People are Doing from Raw DNS Queries?

Jianfeng Li, Xiaobo Ma, Li Guodong, Xiapu Luo, Junjie Zhang, Wei Li, Xiaohong Guan

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review

14 Citations (Scopus)

Abstract

Domain Name System (DNS) is one of the pillars of today's Internet. Due to its appealing properties such as low data volume, wide-ranging applications and encryption free, DNS traffic has been extensively utilized for network monitoring. Most existing studies of DNS traffic, however, focus on domain name reputation. Little attention has been paid to understanding and profiling what people are doing from DNS traffic, a fundamental problem in the areas including Internet demographics and network behavior analysis. Consequently, simple questions like 'How to determine whether a DNS query for www.google.com means searching or any other behaviors?' cannot be answered by existing studies. In this paper, we take the first step to identify user activities from raw DNS queries. We advance a multiscale hierarchical framework to tackle two practical challenges, i.e., behavior ambiguity and behavior polymorphism. Under this framework, a series of novel methods, such as pattern upward mapping and multi-scale random forest classifier, are proposed to characterize and identify user activities of interest. Evaluation using both synthetic and real-world DNS traces demonstrates the effectiveness of our method.

Original languageEnglish
Title of host publicationINFOCOM 2018 - IEEE Conference on Computer Communications
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages2240-2248
Number of pages9
ISBN (Electronic)9781538641286
DOIs
Publication statusPublished - 8 Oct 2018
Event2018 IEEE Conference on Computer Communications, INFOCOM 2018 - Honolulu, United States
Duration: 15 Apr 201819 Apr 2018

Publication series

NameProceedings - IEEE INFOCOM
Volume2018-April
ISSN (Print)0743-166X

Conference

Conference2018 IEEE Conference on Computer Communications, INFOCOM 2018
Country/TerritoryUnited States
CityHonolulu
Period15/04/1819/04/18

ASJC Scopus subject areas

  • General Computer Science
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Can We Learn what People are Doing from Raw DNS Queries?'. Together they form a unique fingerprint.

Cite this