Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
Detecting Network Anomalies In ISP Network Using DNS And NetFlow
View through CrossRef
The Internet has become the biggest medium for people to communicate with otherpeople all around the world. However, the Internet is also home to hackers with maliciouspurposes. This poses a problem for Internet Service Providers (ISP) and its user, since it ispossible that their network is compromised and damages may be done. There are many types ofmalware that currently exist on the Internet. One of the growing type of malware is botnet.Botnet can infect a system and make it a zombie machine capable of doing distributed attacksunder the command of the botmaster. In order to make detection of botnet more difficult,botmasters often deploy fast flux. Fast flux will shuffle IP address of the domain of themalicious server, making tracking and detection much more difficult. However, there are stillnumerous ways to detect fast flux, one of them is by analysing DNS data. Domain Name System(DNS) is a crucial part of the Internet. DNS works by translating IP address to its associateddomain name. DNS are often being exploited by hackers to do its malicious activities. One ofthem is to deploy fast flux.Because the characteristics of fast flux is significantly different thannormal Internet traffic characteristics, it is possible to detect fast flux from normal Internettraffic from its DNS information. However, while detecting fast flux services, one must becautious since there are a few Internet services which have almost similar characteristics as fastflux service. This research manages to detect the existence of fast flux services in an ISPnetwork. The result is that fast flux mostly still has the same characteristics as found on previousresearches. However, current fast flux trend is to use cloud hosting services. The reason behindthis is that cloud hosting services tend to have better performance than typical zombie machine.Aside from this, it seems like there has been no specific measures taken by the hosting service toprevent this, making cloud hosting service the perfect medum for hosting botnet and fast fluxservices.
Academic Research and Community Service Swiss German University
Title: Detecting Network Anomalies In ISP Network Using DNS And NetFlow
Description:
The Internet has become the biggest medium for people to communicate with otherpeople all around the world.
However, the Internet is also home to hackers with maliciouspurposes.
This poses a problem for Internet Service Providers (ISP) and its user, since it ispossible that their network is compromised and damages may be done.
There are many types ofmalware that currently exist on the Internet.
One of the growing type of malware is botnet.
Botnet can infect a system and make it a zombie machine capable of doing distributed attacksunder the command of the botmaster.
In order to make detection of botnet more difficult,botmasters often deploy fast flux.
Fast flux will shuffle IP address of the domain of themalicious server, making tracking and detection much more difficult.
However, there are stillnumerous ways to detect fast flux, one of them is by analysing DNS data.
Domain Name System(DNS) is a crucial part of the Internet.
DNS works by translating IP address to its associateddomain name.
DNS are often being exploited by hackers to do its malicious activities.
One ofthem is to deploy fast flux.
Because the characteristics of fast flux is significantly different thannormal Internet traffic characteristics, it is possible to detect fast flux from normal Internettraffic from its DNS information.
However, while detecting fast flux services, one must becautious since there are a few Internet services which have almost similar characteristics as fastflux service.
This research manages to detect the existence of fast flux services in an ISPnetwork.
The result is that fast flux mostly still has the same characteristics as found on previousresearches.
However, current fast flux trend is to use cloud hosting services.
The reason behindthis is that cloud hosting services tend to have better performance than typical zombie machine.
Aside from this, it seems like there has been no specific measures taken by the hosting service toprevent this, making cloud hosting service the perfect medum for hosting botnet and fast fluxservices.
Related Results
Are Cervical Ribs Indicators of Childhood Cancer? A Narrative Review
Are Cervical Ribs Indicators of Childhood Cancer? A Narrative Review
Abstract
A cervical rib (CR), also known as a supernumerary or extra rib, is an additional rib that forms above the first rib, resulting from the overgrowth of the transverse proce...
The Cambrian-Ordovician siliciclastic platform of the Balcarce Formation (Tandilia System, Argentina): Facies, trace fossils, palaeoenvironments and sequence stratigraphy
The Cambrian-Ordovician siliciclastic platform of the Balcarce Formation (Tandilia System, Argentina): Facies, trace fossils, palaeoenvironments and sequence stratigraphy
The Lower Palaeozoic sedimentary cover of the Tandilia (Balcarce Formation) is made up of thick quartz arenite beds together with kaolinitic claystones and thin fine-grained conglo...
Ordovician ichnofossils from western slope of Southern Urals
Ordovician ichnofossils from western slope of Southern Urals
Ordovician deposits of the western slope of the Southern Urals are known in three structural-formational zones: West Zilair, East Zilair and in the Uraltau zone. In recent years, n...
Trazas fósiles marinas someras de la Formación Furada, Silúrico-Devónico de Asturias, España
Trazas fósiles marinas someras de la Formación Furada, Silúrico-Devónico de Asturias, España
En los acantilados entre las playas de Munielles y Bahínas aflora la Formación Areniscas de Furada (Formación Furada), la cual marca el tránsito entre el Silúrico y el Devónico. Es...
Leveraging Tabular Transformers for AdvancedDetection of Data Exfiltration in DNS Traffic
Leveraging Tabular Transformers for AdvancedDetection of Data Exfiltration in DNS Traffic
Abstract
Recent advancements in DNS protocols like DNS over HTTPS (DoH), DNS over TLS (DoT), and DNS over QUIC (DoQ) have enabled secure communications for enterprise netwo...
Associations of digital neuro-signatures with molecular and neuroimaging measures of brain resilience: The altoida large cohort study
Associations of digital neuro-signatures with molecular and neuroimaging measures of brain resilience: The altoida large cohort study
BackgroundMixed results in the predictive ability of traditional biomarkers to determine cognitive functioning and changes in older adults have led to misdiagnosis and inappropriat...
Concurrent Improvement in Maize Grain Yield and Nitrogen Use Efficiency by Enhancing Inherent Soil Productivity
Concurrent Improvement in Maize Grain Yield and Nitrogen Use Efficiency by Enhancing Inherent Soil Productivity
Quantifying the relationships of maize yield and nitrogen use efficiency (NUE) to inherent soil productivity (ISP) could provide a theoretical basis for implementing strategies tha...
Global Internet Come into a New DNS Era
Global Internet Come into a New DNS Era
Abstract
DNS, short for Domain Name System, is an analytic central system, which transfers domain names into IP addresses that can be identified by the Internet. DNS...