TL;DR
FlowDNS presents a real-time system that correlates DNS responses with network traffic to accurately identify customer services, improving network management and security at scale.
Contribution
This work introduces a novel correlation system that combines DNS and network-layer data, deployed at a large ISP, achieving high accuracy in service identification.
Findings
Correlates 81.7% of traffic with services without data loss.
Detects 0.5% of traffic as malicious or spam domains.
Enables detailed traffic attribution using DNS and BGP data.
Abstract
Knowing customer's interests, e.g. which Video-On-Demand (VoD) or Social Network services they are using, helps telecommunication companies with better network planning to enhance the performance exactly where the customer's interests lie, and also offer the customers relevant commercial packages. However, with the increasing deployment of CDNs by different services, identification, and attribution of the traffic on network-layer information alone becomes a challenge: If multiple services are using the same CDN provider, they cannot be easily distinguished based on IP prefixes alone. Therefore, it is crucial to go beyond pure network-layer information for traffic attribution. In this work, we leverage real-time DNS responses gathered by the clients' default DNS resolvers. Having these DNS responses and correlating them with network-layer headers, we are able to translate CDN-hosted…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
