Nainggolan, Sand Frans Cisco and Mahendra, Adhiguna and Lim, Charles (2016) Classification Anomalous DNS Traffic at The Internet Service Provider. Masters thesis, Swiss German University.
|
Text
Sand Nainggolan 22015110 TOC.pdf Download (1MB) | Preview |
|
![[img]](http://repository.sgu.ac.id/style/images/fileicons/text.png) |
Text
Sand Nainggolan 22015110 1.pdf Restricted to Registered users only Download (1MB) |
|
|
Text
Sand Nainggolan 22015110 2.pdf Restricted to Registered users only Download (5MB) |
|
|
Text
Sand Nainggolan 22015110 3.pdf Restricted to Registered users only Download (1MB) |
|
|
Text
Sand Nainggolan 22015110 4.pdf Restricted to Registered users only Download (9MB) |
|
|
Text
Sand Nainggolan 22015110 5.pdf Restricted to Registered users only Download (592kB) |
|
|
Text
Sand Nainggolan 22015110 Ref.pdf Download (911kB) | Preview |
Abstract
The usage of Internet in Indonesia has grown rapidly. This was proved by the number of Internet users. Internet has become the one thing that people need. However, sometimes they are often unaware when their environment has been compromised by something harmful. One of component that involved is Domain Name Service (DNS) which it will involve Internet Service Provider too. Through this component, people will be helped since DNS will perform translating domain name into IP Address which is difficult to remember IP Address than human-readable names for website and online services. However, public DNS records are something that constantly changing, in some cases can be in every few minutes. This condition can be used by some people in wild way to attack or make active threat on internet from online criminal activity or possible of vulnerability of name servers due to bugs in software or missed configuration. Therefore, in this research we proposed a mechanism to automatically extracted significant features of DNS to analyse whether it is normal or anomaly traffic. Real data from PT. XYZ as one of ISP used to do this research which it will be used for some classification through DNS’s features. The significant feature of this approach will lead us to take necessary action related to the anomaly even though it does in passive analysis but trigger related party to manage system to have proper functioning and good performance while validation the classification is performed with machine learning algorithms. The system successfully found 4.35% Query traffic without a Response, rejection in DNS response about 7.57% as Non Existent Domain (and 2.8% as Refused) and many unknowns of TLD (Top Level Domain) from samples data observation and over 98% accuracy has been achieved by the classification system. This research also offered insight on internal workings on some malwares activity or vulnerability of name server.
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | Anomaly; Domain Name Service; Static Features; Passive Analysis; Classification |
| Subjects: | T Technology > T Technology (General) > T58.5 Information technology |
| Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
| Depositing User: | Atroridho Rizky |
| Date Deposited: | 13 Jul 2020 15:25 |
| Last Modified: | 13 Jul 2020 15:25 |
| URI: | http://repository.sgu.ac.id/id/eprint/1149 |
Actions (login required)
 |
View Item |