Hyo-Jeong Shin, KT
As the number of the DNS servers or server farms an ISP operates increases, it has become difficult to detect DNS anomalies among the servers and resolve the problem as soon as possible, thus bringing the needs of a centralized monitoring system.
For the purpose, we developed an anomaly analysis system to deploy it on individual DNS server farm of KT, and a centralized anomaly detection system to gather the analyzed results and generate the information to identify DNS anomalies. The anomaly analysis system monitors its associated DNS server farm 24 hours a day, 365 days of a year by capturing all DNS packets and inspecting their contents, while the centralized system detects whether there is any anomaly found with the data provided by the individual anomaly analysis systems.
The parameters we collected for the analysis include distribution of query types, the ratio of resolved queries, and so on.
Link to the Presentation
Real Video Presentation
