FlowDNS Article Swipe
YOU?
·
· 2022
· Open Access
·
· DOI: https://doi.org/10.1145/3555050.3569135
· OA: W4308830651
Knowing customer's interests, e.g. which Video-On-Demand (VoD) or Social\nNetwork services they are using, helps telecommunication companies with better\nnetwork planning to enhance the performance exactly where the customer's\ninterests lie, and also offer the customers relevant commercial packages.\nHowever, with the increasing deployment of CDNs by different services,\nidentification, and attribution of the traffic on network-layer information\nalone becomes a challenge: If multiple services are using the same CDN\nprovider, they cannot be easily distinguished based on IP prefixes alone.\nTherefore, it is crucial to go beyond pure network-layer information for\ntraffic attribution. In this work, we leverage real-time DNS responses gathered\nby the clients' default DNS resolvers. Having these DNS responses and\ncorrelating them with network-layer headers, we are able to translate\nCDN-hosted domains to the actual services they belong to. We design a\ncorrelation system for this purpose and deploy it at a large European ISP. With\nour system, we can correlate an average of 81.7% of the traffic with the\ncorresponding services, without any loss on our live data streams. Our\ncorrelation results also show that 0.5% of the daily traffic contains\nmalformatted, spamming, or phishing domain names. Moreover, ISPs can correlate\nthe results with their BGP information to find more details about the origin\nand destination of the traffic. We plan to publish our correlation software for\nother researchers or network operators to use.\n
