Tsuyoshi Toyono scite author profile

The Domain Name System (DNS) is a critical infrastructure in the Internet; thus, monitoring its traffic, and protecting DNS from malicious activities are important for security in cyberspace. However, it is often difficult to determine whether a DNS query is caused by malicious or normal activity, because information available in DNS traffic is limited.We focus on the activities of mass-mailing worms and propose a method to detect hosts infected by mass-mailing worms by mining DNS traffic data. Our method begins with a small amount of a priori knowledge about a signature query. By assuming that queries sent by most hosts that have sent the signature query of worms have been sent by worm behavior, we detect infected hosts using Bayesian estimation.We apply our method to DNS traffic data captured at one of the largest commercial Internet Service Providers in Japan, and the experimental result indicates that an 89% reduction of mail exchange queries can be achieved with the method.

show abstract

Spatio-temporal factorization of log data for understanding network events

Kimura

Ishibashi

Mori

et al. 2014

View full text Add to dashboard Cite

Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries

Sato

Ishibashi

Toyono³

et al. 2012

IEICE Trans. Commun.

View full text Add to dashboard Cite

The Botnet threats, such as server attacks or sending of spam email, have been increasing. A method of using a blacklist of domain names has been proposed to find infected hosts. However, not all infected hosts may be found by this method because a blacklist does not cover all black domain names. In this paper, we present a method for finding unknown black domain names and extend the blacklist by using DNS traffic data and the original blacklist of known black domain names. We use co-occurrence relation of two different domain names to find unknown black domain names and extend a blacklist. If a domain name co-occurs with a known black name frequently, we assume that the domain name is also black. We evaluate the proposed method by cross validation, about 91 % of domain names that are in the validation list can be found as top 1 %.

show abstract

Network Failure Detection and Diagnosis by Analyzing Syslog and SNS Data: Applying Big Data Analysis to Network Operations

Kimura¹,

Takeshita²,

Toyono³

et al. 2019

IJITEE

View full text Add to dashboard Cite

We present two major information examination strategies for diagnosing the reasons for system disappointments and for identifying system disappointments early. Syslogs contain log information created by the framework. We dissected syslogs what's more, prevailing with regards to distinguishing the reason for a system disappointment via consequently learning more than 100 million logs without requiring any past learning of log information. Investigation of the information of an interpersonal interaction benefit (in particular, Twitter) empowered us to recognize conceivable system disappointments by extricating system disappointment related tweets, which represent under 1% of all tweets, continuously and with high exactness.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tsuyoshi Toyono

Proactive failure detection learning generation patterns of large-scale network logs

Detecting mass-mailing worm infected hosts by mining DNS traffic data

Spatio-temporal factorization of log data for understanding network events

Extending Black Domain Name List by Using Co-occurrence Relation between DNS Queries

Network Failure Detection and Diagnosis by Analyzing Syslog and SNS Data: Applying Big Data Analysis to Network Operations

Contact Info

Product

Resources

About