DNS Traffic Analysis Platform with Hadoop Framework

摘要

Recently, cyber threats have rapidly grown in regarding to the large scale of botnets as well as the financial damages from the threat. Botnet is organized numerous bot PCs that are compromised and allow to run criminal software by unauthorized access. Detecting each bot PC represents an important issue in the cyber security, and various approach are contributed to develop detection algorithms. DNS traffic analysis is. one of the detection approaches and aims at characterizing malwares' footprints. While bot PCs tend to query some distinctive domain names, the analysis of the characteristics enables to detect botnets. This paper hereby introduces a suitable infrastructure for DNS traffic analysis in which various DNS analysis methodologies are adoptable. The paper also proposes the schemes not only for DNS traffic analysis, but also for the analysis methodologies of other incidents, in order to develop a collaborative analysis method across multiple cyber threats.