Hananto, Rinkel and Lim, Charles and Ipung, Heru Purnomo (2017) Detecting New Network Security Threats Using DNS And Netflow Traffic. Bachelor thesis, Swiss German University.
|
Text
Rinkel Hananto 11302014 TOC.pdf Download (432kB) | Preview |
|
![[img]](http://repository.sgu.ac.id/style/images/fileicons/text.png) |
Text
Rinkel Hananto 11302014 1.pdf Restricted to Registered users only Download (272kB) |
|
|
Text
Rinkel Hananto 11302014 2.pdf Restricted to Registered users only Download (1MB) |
|
|
Text
Rinkel Hananto 11302014 3.pdf Restricted to Registered users only Download (421kB) |
|
|
Text
Rinkel Hananto 11302014 4.pdf Restricted to Registered users only Download (764kB) |
|
|
Text
Rinkel Hananto 11302014 5.pdf Restricted to Registered users only Download (336kB) |
|
|
Text
Rinkel Hananto 11302014 Ref.pdf Download (233kB) | Preview |
Abstract
Uncontrolled network traffic in organizations could lead to many malicious threats, such as data breach, server compromised, server availability, and others. Many network security threats can be detected by monitoring and analyzing network traffic. One of the emerging threats is Domain Name System (DNS) Distributed Denial of Service (DDoS) attack, which flood the authoritative DNS server with large amount of DNS request. Monitoring and understanding the traffic data could prevent such attack. Therefore, we present a technique for detecting DDoS attack by correlating DNS and NetFlow traffic. The idea is to show that NetFlow can be used as the first DDoS indicator and then DNS is used to evaluate and verify the DDoS. We propose to model the ratio DNS NXDOMAIN response and Information Entropy feature using statistical approach. The traffic is under anomaly condition if the traffic is outside from the standard deviation threshold. We discovered low volume and high volume DDoS attack using statistical approach during the experiment. Attackers’ botnet utilizes DNS to do DDoS called DNS water torture attack or random subdomain attack. The results of the experiment can be used to prevent the attack such as domain blacklist.
| Item Type: | Thesis (Bachelor) |
|---|---|
| Uncontrolled Keywords: | Botnet; DNS; DDoS; Information Entropy; NetFlow |
| Subjects: | Q Science > QA Mathematics > QA76 Computer software > |
| Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
| Depositing User: | Astuti Kusumaningrum |
| Date Deposited: | 12 May 2020 02:57 |
| Last Modified: | 12 May 2020 02:57 |
| URI: | http://repository.sgu.ac.id/id/eprint/279 |
Actions (login required)
 |
View Item |