Visualization of DNS Dependencies and More Casey Deccio Brigham - - PowerPoint PPT Presentation

visualization of dns dependencies and more
SMART_READER_LITE
LIVE PREVIEW

Visualization of DNS Dependencies and More Casey Deccio Brigham - - PowerPoint PPT Presentation

Mar 24, 2023 195 likes •312 views

Visualization of DNS Dependencies and More Casey Deccio Brigham Young University Graph-Based Visualization as a Tool Visual Awareness Humans see trends or more clearly identify problems Data Structures Graphical data structures

slide-1
SLIDE 1

Visualization of DNS Dependencies and More

Casey Deccio Brigham Young University

slide-2
SLIDE 2

Graph-Based Visualization as a Tool

  • Visual Awareness
  • Humans see trends or more clearly

identify problems

  • Data Structures
  • Graphical data structures can be used

for programmatic analysis

slide-3
SLIDE 3

What Is Included?

Basic Components

  • Direct Relationships
  • Dependency
  • Influence
  • Weight
  • Groupings
  • Boundaries

Inferences

  • Common Ancestry
  • Transitive Relationships

foo.com

slide-4
SLIDE 4

Example: Resolution Dependencies/Influence

www.foo.com ns.baz.net www.bar.com baz.net bar.com foo.com com net . ns.bar.com

  • Nodes = domain names
  • Edges = dependencies
  • Child to parent
  • Alias to target
  • Zone to NS targets
slide-5
SLIDE 5

Quantifying Influence with Weights

  • Follow edges on path using weights as

probability

www.foo.com ns.baz.net www.bar.com baz.net bar.com foo.com com net .

1.0 (parent) 1.0 (alias) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 0.5 (NS)

ns.bar.com

1.0 (parent) P{c,s}(ns.bar.com)0.5 (NS)

slide-6
SLIDE 6

Defining Boundaries

  • Zone Boundaries
  • Administrative Boundaries
  • Direct Configuration Boundaries

www.foo.com ns.baz.net www.bar.com baz.net bar.com foo.com com net .

1.0 (parent) 1.0 (alias) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 1.0 (parent) 0.5 (NS)

ns.bar.com

1.0 (parent) P 0.5 (NS)

slide-7
SLIDE 7

2010 Results

  • Under normal circumstances:
  • Nearly all zones rely on fewer than 20 other zones
  • 80% of zones have no third-party influence
slide-8
SLIDE 8

Connecting Multiple Types of Nodes

  • Direct server dependencies:
  • Zone-to-server: Dependency of

zone on server whose name has in-bailiwick glue record

  • Name-to-server: Dependency of

name on address

me.baz.net bar.com 192.0.2.2 192.0.2.3

slide-9
SLIDE 9

Connecting Multiple Types of Nodes

  • DNSSEC Dependencies
slide-10
SLIDE 10

Other Types of Nodes / Relationships

  • Geographic region
  • ASN
  • IP Reputation Category
slide-11
SLIDE 11

Getting the Most Mileage / How does it scale?

  • Meaningful use of symbols, styles, and labels
  • Emphasize the most important distinctions
  • Aggregation
  • Must be based on basic relationships
  • Both quantitative and qualitative analysis