Tedja, Andreas and Lim, Charles and Ipung, Heru Purnomo (2018) Detecting Network Anomalies In ISP Network Using DNS And Netflow. Bachelor thesis, Swiss German University.
|
Text
Andreas Tedja 11402008 TOC.pdf Download (232kB) | Preview |
|
![[img]](http://repository.sgu.ac.id/style/images/fileicons/text.png) |
Text
Andreas Tedja 11402008 1.pdf Restricted to Registered users only Download (224kB) |
|
|
Text
Andreas Tedja 11402008 2.pdf Restricted to Registered users only Download (364kB) |
|
|
Text
Andreas Tedja 11402008 3.pdf Restricted to Registered users only Download (260kB) |
|
|
Text
Andreas Tedja 11402008 4.pdf Restricted to Registered users only Download (1MB) |
|
|
Text
Andreas Tedja 11402008 5.pdf Restricted to Registered users only Download (149kB) |
|
|
Text
Andreas Tedja 11402008 Ref.pdf Download (208kB) | Preview |
Abstract
The Internet has become the biggest medium for people to communicate with other people all around the world. However, the Internet is also home to hackers with malicious purposes. This poses a problem for Internet Service Providers (ISP) and its user, since it is possible that their network is compromised and damages may be done. There are many types of malware that currently exist on the Internet. One of the growing type of malware is botnet. Botnet can infect a system and make it a zombie machine capable of doing distributed attacks under the command of the botmaster. In order to make detection of botnet more difficult, botmasters often deploy fast flux. Fast flux will shuffle IP address of the domain of the malicious server, making tracking and detection much more difficult. However, there are still numerous ways to detect fast flux, one of them is by analysing DNS data. Domain Name System (DNS) is a crucial part of the Internet. DNS works by translating IP address to its associated domain name. DNS are often being exploited by hackers to do its malicious activities. One of them is to deploy fast flux. Because the characteristics of fast flux is significantly different than normal Internet traffic characteristics, it is possible to detect fast flux from normal Internet traffic from its DNS information. However, while detecting fast flux services, one must be cautious since there are a few Internet services which have almost similar characteristics as fast flux service. This research manages to detect the existence of fast flux services in an ISP network. The result is that fast flux mostly still has the same characteristics as found on previous researches. However, current fast flux trend is to use cloud hosting services. The reason behind this is that cloud hosting services tend to have better performance than typical zombie machine. Aside from this, it seems like there has been no specific measures taken by the hosting service to prevent this, making cloud hosting service the perfect medium for hosting botnet and fast flux services.
| Item Type: | Thesis (Bachelor) |
|---|---|
| Uncontrolled Keywords: | Fast Flux; DNS; Botnet |
| Subjects: | T Technology > T Technology (General) > T58.5 Information technology T Technology > TK Electrical engineering. Electronics Nuclear engineering > TK5105 Web Sites-Design > TK5105.875 Internet |
| Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
| Depositing User: | Astuti Kusumaningrum |
| Date Deposited: | 11 Jun 2020 16:23 |
| Last Modified: | 11 Jun 2020 16:23 |
| URI: | http://repository.sgu.ac.id/id/eprint/745 |
Actions (login required)
 |
View Item |