The Domain Name System (DNS) is a critical component of Internet infrastructure, as almost every activity on the Internet starts with a DNS query. Given its importance, there is increasing concern over its vulnerability to attacks and failures, as they can negatively affect all Internet-based resources. Thus, detecting these events is crucial to preserve the correct functioning of all DNS components, such as high-volume name servers for top-level domains (TLD). This article presents a near real-time Anomaly Detection Based on Prediction (AD-BoP) method, providing a useful and easily explainable methodology to effectively detect DNS anomalies. AD-BoP is based on the prediction of expected DNS traffic statistics, and could be especially helpful for TLD registry operators to preserve their services' reliability. After an exhaustive analysis, AD-BoP is shown to improve the current state-of-the-art for anomaly detection in authoritative TLD name servers.

中文翻译：

---

基于 DNS 流量预测检测 TLD 名称服务器的异常


域名系统 (DNS) 是互联网基础设施的重要组成部分，因为互联网上的几乎所有活动都始于 DNS 查询。鉴于其重要性，人们越来越担心它容易受到攻击和故障的影响，因为它们会对所有基于互联网的资源产生负面影响。因此，检测这些事件对于保持所有 DNS 组件（例如顶级域 (TLD) 的大容量名称服务器）的正确运行至关重要。本文提出了一种基于预测的近实时异常检测 (AD-BoP) 方法，提供了一种有用且易于解释的方法来有效检测 DNS 异常。 AD-BoP 基于预期 DNS 流量统计数据的预测，对于 TLD 注册管理机构运营商保持其服务的可靠性特别有帮助。经过详尽的分析，AD-BoP 被证明可以改进权威 TLD 域名服务器中当前最先进的异常检测技术。