David A. Hoeflin

NIS04-2: Detection of DNS Anomalies using Flow Data Analysis

The Domain Name System (DNS) is an essential network infrastructure component since it supports the operation of the Web, Email, Voice over IP (VoIP) and other business- critical applications running over the network. Events that compromise the security of DNS can have a significant impact on the Internet since they can affect its availability and its intended operation. This paper describes algorithms used to monitor and detect certain types of attacks to the DNS infrastructure using flow data. Our methodology is based on algorithms that do not rely on known signature attack vectors. The effectiveness of our solution is illustrated with real and simulated traffic examples. In one example, we were able to detect a tunneling attack well before the appearance of public reports of it.

Reliability assessment of network elements using black box testing

In this paper, we outline a procedure for quality assurance of network elements before their deployment. Software reliability is assessed using two models: a process-centric model (Musas (1987) basic model) and a product-centric model (proposed by Hoeflin (2000)). Simultaneous use of both approaches is for sensitivity analysis of the results. In addition, we introduce the concept of deployability to measure the degree of confidence on the decision to deploy the equipment in the field.

Risk management for new service introduction in telecommunications networks

This paper addresses risk management during the introduction of a new technology within a live network. Results from system test are combined with data collected from a field experiment with real traffic at selected locations for a limited amount of time. Compared with traditional sequential analysis, the proposed method allows an earlier decision with better estimates for the service reliability.