You are how you query: Deriving behavioral fingerprints from DNS traffic

Dae Wook Kim, Junjie Zhang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As the Domain Name System (DNS) plays an indispensable role in a large number of network applications including those used for malicious purposes, collecting and sharing DNS traffic from real networks are highly desired for a variety of purposes such as measurements and system evaluation. However, information leakage through the collected network traffic raises significant privacy concerns and DNS traffic is not an exception. In this paper, we study a new privacy risk introduced by passively collected DNS traffic. We intend to derive behavioral fingerprints from DNS traces, where each behavioral fingerprint targets at uniquely identifying its corresponding user and being immune to the change of time. We have proposed a set of new patterns, which collectively form behavioral fingerprints by characterizing a user’s DNS activities through three different perspectives including the domain name, the inter-domain relationship, and domains’ temporal behavior. We have also built a distributed system, namely DNSMiner, to automatically derive DNS-based behavioral fingerprints from a massive amount of DNS traces. We have performed extensive evaluation based on a large volume of DNS queries collected from a large campus network across two weeks. The evaluation results have demonstrated that a significant percentage of network users with persistent DNS activities are likely to have DNS behavioral fingerprints.

Original languageEnglish
Title of host publicationSecurity and Privacy in Communication Networks
EditorsBhavani Thuraisingham, XiaoFeng Wang, Vinod Yegneswaran
PublisherSpringer Verlag
Pages348-366
Number of pages19
ISBN (Print)9783319288642
DOIs
StatePublished - 2015
Event11th International Conference Security and Privacy in Communication Networks, SecureComm 2015 - Dallas, United States
Duration: Oct 26 2015Oct 29 2015

Publication series

NameLecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
Volume164
ISSN (Print)1867-8211

Conference

Conference11th International Conference Security and Privacy in Communication Networks, SecureComm 2015
Country/TerritoryUnited States
CityDallas
Period10/26/1510/29/15

ASJC Scopus Subject Areas

  • Computer Networks and Communications

Keywords

  • Behavioral fingerprints
  • Domain name system
  • Privacy

Disciplines

  • Computer Sciences
  • Engineering

Cite this