On Thu, Apr 2, 2020 at 9:38 AM Tessa Plum <[email protected]> wrote: > > Hello > > I am not familiar with DNS servers, trying my hard to learn it. > I am a researcher on ML/DL field. > Just got a thought, do you think if it's possible to improve DNS > anti-dos capability by deep learning? > As we know, ML/DL is just statistics science based on big data. > If we have got huge data to differ which are normal requests, which are > bad requests, thus we could train the system to identify them > automatically. And we expect to have a system who can handle zero day > attack. > How do you think of it?
I'm assuming you have already read: "DNS-ADVP: A Machine Learning Anomaly Detection and Visual Platform to Protect Top-Level Domain Name Servers Against DDoS Attacks," , L. A. Trejo, V. Ferman, M. A. Medina-PĂ©rez, F. M. Arredondo Giacinti, R. Monroy and J. E. Ramirez-Marquez, in IEEE Access, vol. 7, pp. 116358-116369, 2019 - https://ieeexplore.ieee.org/abstract/document/8744546 "Mitigating DNS query-based DDoS attacks with machine learning on software-defined networking," M. E. Ahmed, H. Kim and M. Park, MILCOM 2017 - 2017 IEEE Military Communications Conference (MILCOM), Baltimore, MD, 2017, pp. 11-16. - https://ieeexplore.ieee.org/abstract/document/8170802 Detection of DDoS DNS Amplification Attack Using Classification Algorithm - Meitei, Singh, De - https://dl.acm.org/doi/10.1145/2980258.2980431 Machine Learning Based DDoS Attack Detection From Source Side in Cloud - Zecheng He, Tianwei Zhang, Ruby B. Lee - Princeton - http://palms.princeton.edu/system/files/Machine_Learning_Based_DDoS_Attack_Detection_From_Source_Side_in_Cloud_camera_ready.pdf (roughly in that order)? There are many others, and a bunch of really excellent presentations more on the registration side, but those have good overlap with what you were asking... One thing to keep in mind is that DNS traffic is a VERY noisy data source, and corrupt / pathologic queries are incredibly common.. W > > Thank you. > > Tessa > https://plum.ovh/ > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations -- I don't think the execution is relevant when it was obviously a bad idea in the first place. This is like putting rabid weasels in your pants, and later expressing regret at having chosen those particular rabid weasels and that pair of pants. ---maf _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
