Speaker
Mr
zaifeng zhang
(QIHOO 360)
Description
Cluster the DNS domains is a basic but very important work in analyzing the dizzy businesses of the Internet. Only based on the accurate clustered domain result, we can discern and analyze all kinds of DNS data. Now, most of the works focus on the domain structure and hoping finding the relationships among kinds of domains. Recently, based on the largest public passiveDNS database in China, we are exploring some new but beneficial ways on cluster the long tailed domains(based on some filter rules). Except the domain structure, we add two dimensions: client and server data. Introduce the real data of up-down stream is a big extension, of course it's more accurate. From the test result, the two dimensions is helpful in clustering the domains and finding the both benign and malicous domain communities.
| Please also consider this submission for the NANOG65 DNS track | Yes |
|---|
Primary author
Mr
zaifeng zhang
(QIHOO 360)
Co-author
Mr
zhihui zhao
(QIHOO 360)
