Anomaly analysis on an open DNS dataset

Benjamin Aziz; Nikolaos Menychtas; Ammar Al-Bazi

doi:10.7287/peerj.preprints.27116v1

Anomaly analysis on an open DNS dataset

Benjamin Aziz ¹, Nikolaos Menychtas², Ammar Al-Bazi³

1 School of Computing, University of Portsmouth, Portsmouth, United Kingdom

2 Zananet, Southampton, United Kingdom

3 Coventry University, Coventry, United Kingdom

DOI: 10.7287/peerj.preprints.27116v1

Published: 2018-08-14
Accepted: 2018-08-14

Subject Areas: Data Mining and Machine Learning, Data Science, Security and Privacy, World Wide Web and Web Science
Keywords: Data Analysis, Cyber Security, DNS, EWMA

Licence: This is an open access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, reproduction and adaptation in any medium and for any purpose provided that it is properly attributed. For attribution, the original author(s), title, publication source (PeerJ Preprints) and either DOI or URL of the article must be cited.

Cite this article: Aziz B, Menychtas N, Al-Bazi A. 2018. Anomaly analysis on an open DNS dataset. PeerJ Preprints 6:e27116v1 https://doi.org/10.7287/peerj.preprints.27116v1

Abstract

The increasing availability of open data and the demand to understand better the nature of anomalies and the causes underlying them in modern systems is encouraging researchers to analyse open datasets in various ways. These include both quantitative and qualitative methods. We show here how quantitative methods, such as timeline, local averages and exponentially weighted moving average analyses, led in this work to the discovery of three anomalies in a large open DNS dataset published by the Los Alamos National Laboratory.

Author Comment

An analysis carried out as part of an MSc project investigating the various methods that can lead to the extraction of information and knowledge from open datasets.