Putro, Widodo Laksono and Lim, Charles and Silaen, Kalpin Erlanggaa (2021) Network Forensic Using Packet Analysis at Perimeter Segment to Detect and Predict DNS and HTTP Base Security Attack or Intrusion. Masters thesis, Swiss German University.

Preview	Text WIDODO LAKSONO PUTRO 22051002 TOC.pdf Download (1MB) | Preview
	Text WIDODO LAKSONO PUTRO 22051002 1.pdf Restricted to Registered users only Download (921kB)
	Text WIDODO LAKSONO PUTRO 22051002 2.pdf Restricted to Registered users only Download (4MB)
	Text WIDODO LAKSONO PUTRO 22051002 3.pdf Restricted to Registered users only Download (1MB)
	Text WIDODO LAKSONO PUTRO 22051002 4.pdf Restricted to Registered users only Download (17MB)
	Text WIDODO LAKSONO PUTRO 22051002 5.pdf Restricted to Registered users only Download (594kB)
Preview	Text WIDODO LAKSONO PUTRO 22051002 Ref.pdf Download (668kB) | Preview

Abstract

Today the cyber threat, attack and intrusion growing in term of quantity and complexity along the fast growing of internet services utilization where people in any enterprise establish connection, communication and transaction with digital public resources. These resources mostly available via web access where HTTP(S) and DNS protocol been used. The attacker then use HTTP(S) and DNS protocol evasion to make the action undetected by the traditional security system such as perimeter Firewall, IDSor even legacy antivirus at endpoint side. This research covers the approach to resolve this issue by utilizing network forensic method to detect and predict HTTP(S) and DNSbase security attack or intrusion. This Thesis expands the existing generic network forensic at certain steps mainly in analysis step. The process includes copying the real network traffic by doing packet capture technique in perimeter network area and observe DNS and HTTP(S) traffic. The data which is in the form of pcap file then be extracted to have suspicious indicative features of the protocols to detect malicious indicator and then map to MITTRE ATT&CK framework to get the attack steps have been already executed.The detection also utilizes two-layer filtering which based on the blacklisting filtering and features base filtering. Some features of malicious HTTP(S) and DNS protocol includes randomized DNS queries, suspicious user-agent, URI and Host value. The result of detection then will become reference for existing traditional security system enhancement. In this research with the network forensic approach also has advantage in detecting the malicious indicators related with DNS and HTTP(S) protocols -which the protocols commonly allowed by legacy security system such as common perimeter firewall. The suspicious features in the connection and the indicative infected computer can be investigated.

Item Type:	Thesis (Masters)
Uncontrolled Keywords:	Network Forensic, Packet capture, Detection
Subjects:	Q Science > QA Mathematics > QA76 Computer software > > QA76.93 Computer networks--Security measures T Technology > T Technology (General) > T58.5 Information technology T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5103 Mobile computing > TK5103.4837 Mobile device forensics
Divisions:	Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User:	Faisal Ifzaldi
Date Deposited:	05 Jan 2022 04:14
Last Modified:	05 Jan 2022 04:14
URI:	http://repository.sgu.ac.id/id/eprint/2303

Actions (login required)

View Item