Detecting New Network Security Threats Using DNS And Netflow Traffic

Hananto, Rinkel and Lim, Charles and Ipung, Heru Purnomo (2017) Detecting New Network Security Threats Using DNS And Netflow Traffic. Bachelor thesis, Swiss German University.

[img]
Preview
Text
Rinkel Hananto 11302014 TOC.pdf

Download (432kB) | Preview
[img] Text
Rinkel Hananto 11302014 1.pdf
Restricted to Registered users only

Download (272kB)
[img] Text
Rinkel Hananto 11302014 2.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Rinkel Hananto 11302014 3.pdf
Restricted to Registered users only

Download (421kB)
[img] Text
Rinkel Hananto 11302014 4.pdf
Restricted to Registered users only

Download (764kB)
[img] Text
Rinkel Hananto 11302014 5.pdf
Restricted to Registered users only

Download (336kB)
[img]
Preview
Text
Rinkel Hananto 11302014 Ref.pdf

Download (233kB) | Preview

Abstract

Uncontrolled network traffic in organizations could lead to many malicious threats, such as data breach, server compromised, server availability, and others. Many network security threats can be detected by monitoring and analyzing network traffic. One of the emerging threats is Domain Name System (DNS) Distributed Denial of Service (DDoS) attack, which flood the authoritative DNS server with large amount of DNS request. Monitoring and understanding the traffic data could prevent such attack. Therefore, we present a technique for detecting DDoS attack by correlating DNS and NetFlow traffic. The idea is to show that NetFlow can be used as the first DDoS indicator and then DNS is used to evaluate and verify the DDoS. We propose to model the ratio DNS NXDOMAIN response and Information Entropy feature using statistical approach. The traffic is under anomaly condition if the traffic is outside from the standard deviation threshold. We discovered low volume and high volume DDoS attack using statistical approach during the experiment. Attackers’ botnet utilizes DNS to do DDoS called DNS water torture attack or random subdomain attack. The results of the experiment can be used to prevent the attack such as domain blacklist.

Item Type: Thesis (Bachelor)
Uncontrolled Keywords: Botnet; DNS; DDoS; Information Entropy; NetFlow
Subjects: Q Science > QA Mathematics > QA76 Computer software >
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Astuti Kusumaningrum
Date Deposited: 12 May 2020 02:57
Last Modified: 12 May 2020 02:57
URI: http://repository.sgu.ac.id/id/eprint/279

Actions (login required)

View Item View Item