Santosa, Kris Ivan and Lim, Charles and Erwin, Alva (2016) Analyzing Insider Threats Based On DNS Network Traffic (Case Study In Organization XYZ). Bachelor thesis, Swiss German University.
|
Text
Kris Santosa 12112012 TOC.pdf Download (1MB) | Preview |
|
Text
Kris Santosa 12112012 1.pdf Restricted to Registered users only Download (510kB) |
||
Text
Kris Santosa 12112012 2.pdf Restricted to Registered users only Download (169kB) |
||
Text
Kris Santosa 12112012 3.pdf Restricted to Registered users only Download (512kB) |
||
Text
Kris Santosa 12112012 4.pdf Restricted to Registered users only Download (1MB) |
||
Text
Kris Santosa 12112012 5.pdf Restricted to Registered users only Download (263kB) |
||
|
Text
Kris Santosa 12112012 Ref.pdf Download (520kB) | Preview |
Abstract
The Internet is a media for people to communicate with each other. The Internet also full of threats for it’s users. This makes security one of the problem of the Internet. This is also one of the problem for organizations that use the Internet. Organization have two types, external threats and insider threats. External threats are threats that came from outside of the system and insider threats are threats that came from inside of the system. Most of organizations prioritize external threats over insider threats. Although insider threats are the dominant in security breaches and the number of insider breaches are increasing. DNS is one of the main function of Internet. One of DNS function is to resolve domain name to IP address. Most of the user use DNS to be able to connect to the Internet including malicious hackers. DNS can also be used to detect insider threat using the features of insider threats which can detect unknown insider threats. This research aims to detect insider threats using DNS based detection. The features of the insider threats will be extracted from the raw DNS queries. These features will be preprocessed to remove the unused data and will be clustered. From the clusters, it can show the features of insider threats. This research is able to suspect the clusters. The result is that there may exist insider threats in organizations and the most frequent suspects of insider threats are botnet which categorized as misuse in insider threat classification. There also some clusters that benign but abnormal traffic that still have few features of insider threats. The recommendation for the insider threats mitigation in organizations are using features of botnets to filter the DNS packets and block the domain once it reach certain threshold.
Item Type: | Thesis (Bachelor) |
---|---|
Uncontrolled Keywords: | Clustering; Insider Threat; DNS; Machine Learning; Data Mining |
Subjects: | Q Science > QA Mathematics > QA76 Computer software > T Technology > T Technology (General) > T58.5 Information technology T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105 Web Sites-Design > TK5105.8835 Internet domain names |
Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
Depositing User: | Astuti Kusumaningrum |
Date Deposited: | 07 Oct 2020 14:34 |
Last Modified: | 07 Oct 2020 14:34 |
URI: | http://repository.sgu.ac.id/id/eprint/917 |
Actions (login required)
View Item |