MALICIOUS TRAFFIC DETECTION IN DNS INFRASTRUCTURE USING DECISION TREE ALGORITHM

Domain Name System (DNS) is an essential component in internet infrastructure to direct domains to IP addresses or conversely. Despite its important role in delivering internet services, attackers often use DNS as a bridge to breach a system. A DNS traffic analysis system is needed for early detection of attacks. However, the available security tools still have many shortcomings, for example broken authentication, sensitive data exposure, injection, etc. This research uses DNS analysis to develop anomaly-based techniques to detect malicious traffic on the DNS infrastructure. To do this, We look for network features that characterize DNS traffic. Features obtained will then be processed using the Decision Tree algorithm to classifyincoming DNS traffic. We experimented with 2.291.024 data traffic data matches the characteristics of BotNet and normal traffic. By dividing the data into 80% training and 20% testing data, our experimental results showed high detection aacuracy (96.36%) indicating the robustness of our method

Las vulnerabilidades de seguridad de DNS

El Sistema de Nombres de Dominio (DNS) es una base de datos distribuida que permite la traducción de direcciones IP a nombres particulares para la localización de recursos registrados a través de la red. Pero al igual que cualquier sistema distribuido, afronta diferentes problemáticas que afectan la integridad y consistencia de la información que maneja, problemáticas que se contextualizan en vulnerabilidades de seguridad tanto en el flujo de datos como en la infraestructura DNS. En este artículo se presenta una revisión inicial de los aspectos de seguridad en DNS, pasando posteriormente a concretar las principales vulnerabilidades de seguridad a las que se enfrenta el sistema DNS, originadas por una variedad de circunstancias que serán tenidas en cuenta en la sección de técnicas y recomendaciones

Lähiverkon toimivuuden valvontajärjestelmä Raspberry Pi -alustoille

Tiivistelmä. Kannettavat, mobiililaitteet ja erilaiset IoT-laitteet ovat yleistyneet kovaa tahtia viime vuosien aikana. Erilaisten laitteiden määrän ja tiedonsiirron tarpeiden kasvaessa toimiva lähiverkko sekä WLAN-verkko ovat laitteiden käyttämisen kannalta ehdottoman tarpeellisia. Vaikka WLAN-verkko helpottaa laitteiden käyttöä, kun verkkokaapeleita ei tarvitse tuoda päätelaitteille asti, langattoman verkon kanssa voi tulla yllättäviä ongelmia esimerkiksi kuuluvuuden ja häiriöiden kanssa. Lähiverkkojen toimivuuden valvontaan tarvitaan uusia ratkaisuja, joiden avulla voidaan selvittää lähiverkon ongelmia ja toimivuutta myös etänä. Tässä työssä toteutettiin WLAN- ja lähiverkkojen toimivuuden valvontaan työkalu. Idea työhön syntyi IT-palveluja tarjoavan yrityksen käytännön tarpeesta valvoa yrityksen asiakkaiden lähiverkkojen toimivuutta etänä, ilman että tiloissa on IT-henkilöstöä paikalla. Työssä kehitetyn järjestelmän vaatimuksia ja hyödynnettäviä ominaisuuksia suunniteltiin yhteistyössä oululaisen IT-palveluja tarjoavan yrityksen kanssa. Työssä tunnistettiin mahdollisia ongelmakohtia, joita voi esiintyä tyypillisen lähiverkon komponenttien toiminnassa. Merkittävimpiä käyttäjäkokemukseen vaikuttavia ongelmia ovat esimerkiksi langattoman lähiverkon kuuluvuus, DNS-ongelmat, DHCP-ongelmat, ja internetyhteyteen liittyvät ongelmat. Tunnistettujen ongelmakohtien pohjalta suunniteltiin ja toteutettiin erilaisia testejä sisältävä ohjelmisto, jota käyttämällä voidaan analysoida lähiverkon toimivuutta. Lisäksi toteutettiin automaatio ohjelmiston asentamiseen Raspberry Pi -alustoille Ansiblea hyödyntäen. Työssä tutkittiin ja vertailtiin myös mahdollisia kaupallisia vaihtoehtoja työssä tehdylle järjestelmälle, kuten esimerkiksi Netbeeziä ja Unifi Controlleriin integroitua Wifi Experienceä. Lisäksi työssä esitellään mahdollisia jatkokehitysideoita ja toiminnallisuuksia työssä tehdyn ohjelmiston laajentamiseksi, kuten esimerkiksi mobiiliverkkoa hyödyntävä varayhteys. Työn tekninen toteutus rajattiin kuitenkin keskittymään pääosin edellä mainittujen merkittävimpien verkon komponenttien ongelmien tunnistamiseen.Local area network troubleshooting and monitoring system for Raspberry Pi platforms. Abstract. Laptop computers, mobile devices, and IoT devices have become more common in recent years. As the number of devices and data transfer requirements increase, seamless and functional local area network and WLAN connectivity have become increasingly important. Although WLAN facilitates easier connectivity compared to traditional cabled networks, wireless networks have their own drawbacks. Interference and signal strength remain considerable issues. New solutions for WLAN and LAN monitoring are needed to troubleshoot and diagnose network connectivity remotely. In this thesis, a tool was designed for monitoring local area network functionality. This tool was developed in cooperation with a local commercial IT services provider. The idea for this thesis arose from the need of a Finnish IT company, who needed a practical tool to troubleshoot and monitor their clients’ office networks, without the need for on-premises IT staff presence. Common problems and failure points for local area networks were identified. The most significant problems affecting user experience are for example WLAN coverage, DNS issues, DHCP issues, and internet connection related issues. Based on these common problems a software with a set of tests was designed, which can be used to analyze the performance and functionality of the local network. In addition, an automation was implemented to install the software on Raspberry Pi platforms, using Ansible. Possible commercial alternatives, such as NetBeez and Wifi Experience integrated into Unifi Controller software, were also explored and compared. In addition, key points for further development and expansion of the software developed in this thesis were identified, such as adding a backup internet connection using mobile networks. However, the technical scope of the work was limited mainly to the testing and identification of common network problems for troubleshooting usage

Uma ferramenta para comunicaçăo confiável em sistemas P2P baseada em grupos de peers /

Orientador : Elias P. Duarte Jr.Inclui bibliografi

Availability, usage, and deployment characteristics of the Domain Name System

The Domain Name System (DNS) is a critical part of the Internet’s infrastructure, and is one of the few examples of a robust, highlyscalable, and operational distributed system. Although a few studies have been devoted to characterizing its properties, such as its workload and the stability of the top-level servers, many key components of DNS have not yet been examined. Based on large-scale measurements taken from servers in a large content distribution network, we present a detailed study of key characteristics of the DNS infrastructure, such as load distribution, availability, and deployment patterns of DNS servers. Our analysis includes both local DNS servers and servers in the authoritative hierarchy. We find that (1) the vast majority of users use a small fraction of deployed name servers, (2) the availability of most name servers is high, and (3) there exists a larger degree of diversity in local DNS server deployment and usage than for authoritative servers. Furthermore, we use our DNS measurements to draw conclusions about federated infrastructures in general. We evaluate and discuss the impact of federated deployment models on future systems, such as Distribute

Availability, usage, and deployment characteristics of the domain name system

The Domain Name System (DNS) is a critical part of the Internet’s infrastructure, and is one of the few examples of a robust, highlyscalable, and operational distributed system. Although a few studies have been devoted to characterizing its properties, such as its workload and the stability of the top-level servers, many key components of DNS have not yet been examined. Based on large-scale measurements taken from servers in a large content distribution network, we present a detailed study of key characteristics of the DNS infrastructure, such as load distribution, availability, and deployment patterns of DNS servers. Our analysis includes both local DNS servers and servers in the authoritative hierarchy. We find that (1) the vast majority of users use a small fraction of deployed name servers, (2) the availability of most name servers is high, and (3) there exists a larger degree of diversity in local DNS server deployment and usage than for authoritative servers. Furthermore, we use our DNS measurements to draw conclusions about federated infrastructures in general. We evaluate and discuss the impact of federated deployment models on future systems, such as Distribute