TY - GEN
T1 - You are how you query
T2 - 11th International Conference Security and Privacy in Communication Networks, SecureComm 2015
AU - Kim, Dae Wook
AU - Zhang, Junjie
N1 - Publisher Copyright:
© Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2015.
PY - 2015
Y1 - 2015
N2 - As the Domain Name System (DNS) plays an indispensable role in a large number of network applications including those used for malicious purposes, collecting and sharing DNS traffic from real networks are highly desired for a variety of purposes such as measurements and system evaluation. However, information leakage through the collected network traffic raises significant privacy concerns and DNS traffic is not an exception. In this paper, we study a new privacy risk introduced by passively collected DNS traffic. We intend to derive behavioral fingerprints from DNS traces, where each behavioral fingerprint targets at uniquely identifying its corresponding user and being immune to the change of time. We have proposed a set of new patterns, which collectively form behavioral fingerprints by characterizing a user’s DNS activities through three different perspectives including the domain name, the inter-domain relationship, and domains’ temporal behavior. We have also built a distributed system, namely DNSMiner, to automatically derive DNS-based behavioral fingerprints from a massive amount of DNS traces. We have performed extensive evaluation based on a large volume of DNS queries collected from a large campus network across two weeks. The evaluation results have demonstrated that a significant percentage of network users with persistent DNS activities are likely to have DNS behavioral fingerprints.
AB - As the Domain Name System (DNS) plays an indispensable role in a large number of network applications including those used for malicious purposes, collecting and sharing DNS traffic from real networks are highly desired for a variety of purposes such as measurements and system evaluation. However, information leakage through the collected network traffic raises significant privacy concerns and DNS traffic is not an exception. In this paper, we study a new privacy risk introduced by passively collected DNS traffic. We intend to derive behavioral fingerprints from DNS traces, where each behavioral fingerprint targets at uniquely identifying its corresponding user and being immune to the change of time. We have proposed a set of new patterns, which collectively form behavioral fingerprints by characterizing a user’s DNS activities through three different perspectives including the domain name, the inter-domain relationship, and domains’ temporal behavior. We have also built a distributed system, namely DNSMiner, to automatically derive DNS-based behavioral fingerprints from a massive amount of DNS traces. We have performed extensive evaluation based on a large volume of DNS queries collected from a large campus network across two weeks. The evaluation results have demonstrated that a significant percentage of network users with persistent DNS activities are likely to have DNS behavioral fingerprints.
KW - Behavioral fingerprints
KW - Domain name system
KW - Privacy
UR - http://www.scopus.com/inward/record.url?scp=84958046140&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958046140&partnerID=8YFLogxK
UR - https://corescholar.libraries.wright.edu/cse/537
U2 - 10.1007/978-3-319-28865-9_19
DO - 10.1007/978-3-319-28865-9_19
M3 - Conference contribution
SN - 9783319288642
T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, LNICST
SP - 348
EP - 366
BT - Security and Privacy in Communication Networks
A2 - Thuraisingham, Bhavani
A2 - Wang, XiaoFeng
A2 - Yegneswaran, Vinod
PB - Springer Verlag
Y2 - 26 October 2015 through 29 October 2015
ER -