Analyzing Insider Threats Based On DNS Network Traffic (Case Study In Organization XYZ)

Santosa, Kris Ivan and Lim, Charles and Erwin, Alva (2016) Analyzing Insider Threats Based On DNS Network Traffic (Case Study In Organization XYZ). Bachelor thesis, Swiss German University.

[img]
Preview
Text
Kris Santosa 12112012 TOC.pdf

Download (1MB) | Preview
[img] Text
Kris Santosa 12112012 1.pdf
Restricted to Registered users only

Download (510kB)
[img] Text
Kris Santosa 12112012 2.pdf
Restricted to Registered users only

Download (169kB)
[img] Text
Kris Santosa 12112012 3.pdf
Restricted to Registered users only

Download (512kB)
[img] Text
Kris Santosa 12112012 4.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Kris Santosa 12112012 5.pdf
Restricted to Registered users only

Download (263kB)
[img]
Preview
Text
Kris Santosa 12112012 Ref.pdf

Download (520kB) | Preview

Abstract

The Internet is a media for people to communicate with each other. The Internet also full of threats for it’s users. This makes security one of the problem of the Internet. This is also one of the problem for organizations that use the Internet. Organization have two types, external threats and insider threats. External threats are threats that came from outside of the system and insider threats are threats that came from inside of the system. Most of organizations prioritize external threats over insider threats. Although insider threats are the dominant in security breaches and the number of insider breaches are increasing. DNS is one of the main function of Internet. One of DNS function is to resolve domain name to IP address. Most of the user use DNS to be able to connect to the Internet including malicious hackers. DNS can also be used to detect insider threat using the features of insider threats which can detect unknown insider threats. This research aims to detect insider threats using DNS based detection. The features of the insider threats will be extracted from the raw DNS queries. These features will be preprocessed to remove the unused data and will be clustered. From the clusters, it can show the features of insider threats. This research is able to suspect the clusters. The result is that there may exist insider threats in organizations and the most frequent suspects of insider threats are botnet which categorized as misuse in insider threat classification. There also some clusters that benign but abnormal traffic that still have few features of insider threats. The recommendation for the insider threats mitigation in organizations are using features of botnets to filter the DNS packets and block the domain once it reach certain threshold.

Item Type: Thesis (Bachelor)
Uncontrolled Keywords: Clustering; Insider Threat; DNS; Machine Learning; Data Mining
Subjects: Q Science > QA Mathematics > QA76 Computer software >
T Technology > T Technology (General) > T58.5 Information technology
T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105 Web Sites-Design > TK5105.8835 Internet domain names
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Astuti Kusumaningrum
Date Deposited: 07 Oct 2020 14:34
Last Modified: 07 Oct 2020 14:34
URI: http://repository.sgu.ac.id/id/eprint/917

Actions (login required)

View Item View Item