Network traffic that is not preceded by any Domain Name System (DNS) resolutions is referred to as unnamed traffic. Any DNS-based security system is ineffective against malicious content distributed through this traffic. In this paper, we introduce a novel method for identifying unnamed traffic based on the correlation of flows and DNS responses extracted from raw network traces. We describe two challenges that affect the validity of our method, and how to handle them. By applying our method to a one-week trace of network traffic, we illustrate that unnamed traffic is ubiquitous in a university network across nearly all client systems, destination IP addresses, and destination services. We conclude by presenting several open problems that prevent us from blocking unnamed traffic for security reasons.
|Titel||NOMS 2022-2022 IEEE/IFIP Network Operations and Management Symposium : Network and Service Management in the Era of Cloudification, Softwarization and Artificial Intelligence, NOMS 2022|
|Redaktører||Pal Varga, Lisandro Zambenedetti Granville, Alex Galis, Istvan Godor, Noura Limam, Prosper Chemouil, Jerome Francois, Marc-Oliver Pahl|
|Status||Udgivet - 2022|
|Begivenhed||IEEE Symposium on Network Operations and Management - Budapest, Ungarn|
Varighed: 25 apr. 2023 → 29 apr. 2023
|Konference||IEEE Symposium on Network Operations and Management|
|Periode||25/04/2023 → 29/04/2023|
|Navn||IEEE/IFIP Network Operations and Management Symposium|
DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.