Fast-Flux Botnet Detection Based on Traffic Response and Search Engines Credit Worthiness

Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in an embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of IDS

USAGE OF A EMBEDDED SYSTEM FOR BIOMETRIC FACE RECOGNITION IDENTIFICATION

Računalni sustavi danas uveliko pomažu u nastojanjima da unaprijedimo svijet. Izazov Covid virusa uveo nas je u novo normalno doba gdje bismo sve potencijalno zaražene osobe trebali odmah odvojiti karantenom od ostatka populacije. Užurbani tijek života nažalost dovodi do pojave sve većeg broja prekršitelja. U ovom radu prikazana je arhitektura i prijedlog ugrađenog sustava koji bi se mogao naučiti da prepoznaje osobe u samoizolaciji. Postavljanjem takvog sustava u frekventne zone prekršitelji bi vrlo brzo bili prepoznati. Usprkos tome što u radu dolazimo do dosta velikog praga pogreške, opravdana sumnja lakše će omogućiti snagama reda lakši nadzor osoba pod samoizolacijom.Computer systems today are a necessity in constant concept of improving the world. The challenge of the Covid virus has steered us into a new normal age where all potentially infected people should be quarantined immediately from the rest of the population. The hectic course of life unfortunately leads to the emergence of an increasing number of quarantine offenders. This paper presents the architecture and proposal of an embedded system that could be taught to recognize persons in quarantine. By placing such a system in the frequency zones, violators would be identified very quickly. Despite the fact that in our work we reach a fairly large error threshold, justified suspicion will more easily enable the police to more easily supervise persons under quarantine

UMJETNA INTELIGENCIJA U RAČUNALNIM IGRAMA

Today, the highly developed and competitive computer games industry needs to make better and better computer games and beat the competition. In order to keep the players entertained with computer games, manufacturers use a variety of techniques to make games interesting and challenging. This is largely aided by research in the field of artificial intelligence that is extremely well suited for computer games. Games need to be made as complex and unpredictable as possible to provide as much fun as possible. This article explores and gives an overview of all the most popular techniques that can be applied.Danas, visoko razvijena i konkurentna industrija računalnih igara mora proizvoditi sve bolje računalne igre kako bi bila bolja od konkurencije. Kako bi igrače nagnali na što dulje sudjelovanje u igri, proizvođači koriste razne tehnike kako bi one bile zanimljive i izazovne. Ovome u velikoj mjeri pomaže istraživanje u području umjetne inteligencije koja je izuzetno pogodna za razvoj računalnih igara. Igre moraju biti što je više moguće složene i nepredvidljive kako bi pružile igraču zabavu. Ovaj članak istražuje i daje pregled svih najpopularnijih tehnika koje se mogu primijeniti u ovom područj

OVERVIEW OF ARTIFICIAL NEURAL NETWORK TECHNOLOGIES

Neuronske mreže u današnje vrijeme se sve više istražuju. Razlog tome je sklopovlje koje danas nudi mogućnost obrade velike količine podataka u stvarnom vremenu. Za uspješan rad i konstruiranje neuronske mreže od velikog su značaja aktivacijske funkcije. Njihovim kvalitetnim odabirom utječe se na brzinu i kvalitetu učenja same neuronske mreže. U radu su objašnjeni osnovni principi rada neuronske mreže nakon odabira kvalitetnih aktivacijskih funkcija. Nadalje su prikazani osnovni principi učenja neuronskih mreža s naglaskom na odabir optimizacijskog algoritma koji se koriste za učenje neuronske mreže.Neural networks are being researched more and more today. The reason for research lies in the hardware that nowadays offers the ability to process large amounts of data in real time. For the successful operation and construction of the neural network, one of great importance is the activation function. Activation function selection affects the speed and quality of training the neural network itself. The basic principles of the neural network after the selection of activation functions are explained in the paper. The basic principles of learning neural networks are outlined, focusing on selecting the optimization algorithm used to learn the neural network

DENIAL OF SERVICE ATTACK ANALYSIS IN REAL ENVIROMENT

U posljednje vrijeme Internet se značajno unaprijedio i uvelike poboljšao komunikaciju i poslovanje. Više poslovne korisnosti proporcionalno utječe na količinu sigurnosnih prijetnji. Najčešće sigurnosne prijetnje na Internetu čine mrežni napadi. Najčešći mrežni napad zasniva se na onemogućavanju normalne komunikacije. Mrežni napadi koji su usredotočeni na onemogućavanje komunikacije nazivamo Napadima sa uskraćivanjem usluge (engl. Denial of Service – DoS). DoS napad sprječava pristup korisnicima da komuniciraju u okviru napadnute računalne mreže ili onemogućavaju poslužitelja da poslužuju normalne usluge. Različiti mehanizmi su razvijeni za rano otkrivanje i prevenciju od DoS napada na različitim razinama mrežne infrastrukture. Postoji konstantan napor za izradu novog boljeg modela za komunikaciju. Međutim, metode napada također se razvijaju. Kako bi se spriječilo blokiranje evoluirao je novi oblik napada – Distribuirani napadi s uskraćivanjem usluga (engl. Distributed Denial of service napada (DDoS)). Kod DDoS-a napadači su raspoređeni na cijelom Internetu. Koristeći mrežu kompromitiranih računala (engl. Botnet) napad može biti pokrenut istovremeno sa stotina tisuća kompromitiranih računala. Iskorištavajući veliku mrežu kompromitiranih računala izvor napada može biti dodatno skriven korištenjem Distribuiranog refl ektivnog napada s uskraćivanjem usluga (engl. Distributive Refl ective Denial of Service (DRDoS)). U ovom radu ćemo predstaviti različite verzije DoS napada. U pravom mrežnom okruženju, mjerenjem se pokazuje značajnost utjecaja na rad mreže kroz dostupnost poslužitelja. Dodatno, predložiti će se mogućnosti otkrivanja i prevencije takvih napada.Lately, the Internet has signifi cantly improved and greatly enhanced communication and business. More commercial usefulness proportionally aff ects the amount of security threats. The most common security threats on the Internet are network attacks. The most common network attack is based on disabling normal communication. Network attacks that focus on disabling communication are called Denial of Service (DoS) attacks. A DoS attack prevents access to users to communicate within the attacked computer network, or prevent the server to provide normal services. Various mechanisms have been developed for the early detection and prevention of DoS attacks on diff erent levels of the network infrastructure. There is a constant eff ort to create a new and better model for communication. However, methods of attack are also being developed. In order to prevent blocking, a new form of attack has evolved – Distributed Denial of Service (DDoS) attacks. In a DDoS attack, the attackers are distributed throughout the Internet. By using a malicious distributed computer network (botnet) an attack can be launched simultaneously by thousands of compromised computers (bots). Using a large network of infected computers, an attack source can be additionally hidden by using Distributive Refl ective DoS (DRDoS) attacks. In this paper, we will present the diff erent versions of DoS attacks. In a real network environment, measurements show the signifi cance of the impact on the operation of the network through server availability. Additionally, the possibilities of how to detect and prevent such attacks will be proposed and their usefulness is discussed

Botnet detection based on domain name system traffic features in real time

Mreže kompromitiranih računala (eng. Botnet) danas se smatraju primarnom prijetnjom te su mnoga istraživanja usmjerena na njihovo otkrivanje i blokiranje. Moderne mreže kompromitiranih računala koriste se skrivanjem kroz osobine imeničkog protokola (eng. Fast-flux) kako bi zaštitili svoje domene kroz stalnu rotaciju kompromitiranih računala poslužitelja. U praksi ovaj koncept podsjeća na primijenjenu tehniku za pouzdano posluživanje (Content Delivery Network - CDN). Radi otkrivanja mreža kompromitiranih računala potrebno je uočiti razlike između te dvije primjene. Cilj rada je poboljšati tehniku otkrivanja mreža kompromitiranih računala na sustavu za otkrivanje napada ili usmjerniku. U radu se predlaže nova klasifikacijska metoda za analizu imeničkog prometa u svrhu razlikovanja mreža kompromitiranih računala od legitimne mreže za pouzdano posluživanje. Naglasak u klasifikaciji je usmjeren na primjenu u ugrađenom sustavu. Temeljem klasifikacije primijenjena je metoda mjerenja brzine odziva domene sa ciljem otkrivanja poslužitelja posrednika. Radi bolje klasifikacije kroz smanjenje lažnih pozitivnih rezultata predlaže se nova metoda analize broja pogodaka na pretraživačima. Dobiveni rezultati pokazuju da novo predložena klasifikacija može značajno unaprijediti otkrivanje mreže kompromitiranih računala. Predlaže se procedura za ugradnju navedene klasifikacije u ugrađeni sustav kao dio sustava za otkrivanje napada.Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from a CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in a embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of an IDS

Botnet detection based on domain name system traffic features in real time

Mreže kompromitiranih računala (eng. Botnet) danas se smatraju primarnom prijetnjom te su mnoga istraživanja usmjerena na njihovo otkrivanje i blokiranje. Moderne mreže kompromitiranih računala koriste se skrivanjem kroz osobine imeničkog protokola (eng. Fast-flux) kako bi zaštitili svoje domene kroz stalnu rotaciju kompromitiranih računala poslužitelja. U praksi ovaj koncept podsjeća na primijenjenu tehniku za pouzdano posluživanje (Content Delivery Network - CDN). Radi otkrivanja mreža kompromitiranih računala potrebno je uočiti razlike između te dvije primjene. Cilj rada je poboljšati tehniku otkrivanja mreža kompromitiranih računala na sustavu za otkrivanje napada ili usmjerniku. U radu se predlaže nova klasifikacijska metoda za analizu imeničkog prometa u svrhu razlikovanja mreža kompromitiranih računala od legitimne mreže za pouzdano posluživanje. Naglasak u klasifikaciji je usmjeren na primjenu u ugrađenom sustavu. Temeljem klasifikacije primijenjena je metoda mjerenja brzine odziva domene sa ciljem otkrivanja poslužitelja posrednika. Radi bolje klasifikacije kroz smanjenje lažnih pozitivnih rezultata predlaže se nova metoda analize broja pogodaka na pretraživačima. Dobiveni rezultati pokazuju da novo predložena klasifikacija može značajno unaprijediti otkrivanje mreže kompromitiranih računala. Predlaže se procedura za ugradnju navedene klasifikacije u ugrađeni sustav kao dio sustava za otkrivanje napada.Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from a CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in a embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of an IDS

Botnet detection based on domain name system traffic features in real time

Mreže kompromitiranih računala (eng. Botnet) danas se smatraju primarnom prijetnjom te su mnoga istraživanja usmjerena na njihovo otkrivanje i blokiranje. Moderne mreže kompromitiranih računala koriste se skrivanjem kroz osobine imeničkog protokola (eng. Fast-flux) kako bi zaštitili svoje domene kroz stalnu rotaciju kompromitiranih računala poslužitelja. U praksi ovaj koncept podsjeća na primijenjenu tehniku za pouzdano posluživanje (Content Delivery Network - CDN). Radi otkrivanja mreža kompromitiranih računala potrebno je uočiti razlike između te dvije primjene. Cilj rada je poboljšati tehniku otkrivanja mreža kompromitiranih računala na sustavu za otkrivanje napada ili usmjerniku. U radu se predlaže nova klasifikacijska metoda za analizu imeničkog prometa u svrhu razlikovanja mreža kompromitiranih računala od legitimne mreže za pouzdano posluživanje. Naglasak u klasifikaciji je usmjeren na primjenu u ugrađenom sustavu. Temeljem klasifikacije primijenjena je metoda mjerenja brzine odziva domene sa ciljem otkrivanja poslužitelja posrednika. Radi bolje klasifikacije kroz smanjenje lažnih pozitivnih rezultata predlaže se nova metoda analize broja pogodaka na pretraživačima. Dobiveni rezultati pokazuju da novo predložena klasifikacija može značajno unaprijediti otkrivanje mreže kompromitiranih računala. Predlaže se procedura za ugradnju navedene klasifikacije u ugrađeni sustav kao dio sustava za otkrivanje napada.Botnets are considered as the primary threats on the Internet and there have been many research efforts to detect and mitigate them. Today, Botnet uses a DNS technique fast-flux to hide malware sites behind a constantly changing network of compromised hosts. This technique is similar to trustworthy Round Robin DNS technique and Content Delivery Network (CDN). In order to distinguish the normal network traffic from Botnets different techniques are developed with more or less success. The aim of this paper is to improve Botnet detection using an Intrusion Detection System (IDS) or router. A novel classification method for online Botnet detection based on DNS traffic features that distinguish Botnet from a CDN based traffic is presented. Botnet features are classified according to the possibility of usage and implementation in a embedded system. Traffic response is analysed as a strong candidate for online detection. Its disadvantage lies in specific areas where CDN acts as a Botnet. A new feature based on search engine hits is proposed to improve the false positive detection. The experimental evaluations show that proposed classification could significantly improve Botnet detection. A procedure is suggested to implement such a system as a part of an IDS

ANALIZA ARHITEKTURE MODERNOG STAKLENIKA

Embedded systems connected to the global network (IoT) are increasingly entering all areas of science. Network connectivity makes it possible to transfer information obtained in the field to the cloud in a very short time, where, thanks to processing, it is possible to draw important conclusions and determine the further course of a particular process. In the field of agronomy, environmental and process variables are improving cultivation by reducing the cost of sensors and electronic components. By analysing the characteristics of environment and nutrients, it is possible to discover their relationship with cultivation. The necessary environmental variables were found in recent papers and new ones are introduced according to project team. With proposed greenhouse architecture, we tried to achieve the most reliable and accurate measurement with the lowest possible project cost. The proposed architecture allows for scalability by changing the number of nodes or sensors. The software design controls the frequency of measurements and the unit of accuracy. The data is transferred to the cloud in a very short time and is insured against losses in case of network connectivity disruption. The paper presents preliminary results of the working system.Ugrađeni sustavi povezani s globalnom mrežom (IoT) sve više ulaze u sva područja znanosti. Mrežna povezanost omogućuje prijenos informacija dobivenih na terenu u vrlo kratkom vremenu u oblak, gdje je zahvaljujući obradi moguće donijeti važne zaključke i odrediti daljnji tijek pojedinog procesa. U području agronomije, okolišne i procesne varijable poboljšavaju uzgoj smanjenjem troškova senzora i elektroničkih komponenti. Analizom karakteristika okoliša i hranjivih tvari moguće je otkriti njihov odnos s uzgojem. Potrebne varijable okoliša pronađene su u novijim radovima, a nove su uvedene prema projektnom timu. S predloženom arhitekturom staklenika pokušali smo postići najpouzdanije i najtočnije mjerenje uz najnižu moguću cijenu projekta. Predložena arhitektura omogućuje skalabilnost promjenom broja čvorova ili senzora. Dizajn softvera kontrolira učestalost mjerenja i jedinicu točnosti. Podaci se u vrlo kratkom vremenu prenose u oblak i osigurani su od gubitaka u slučaju prekida mrežne povezanosti. U radu su prikazani preliminarni rezultati rada sustava

SMALL ANIMAL PHYSICAL ACTIVITY MONITORING SYSTEM

Gadgets are omnipresent in today\u27s people\u27s lives. Many of them do not have a needed and smart function, but are here to bring joy and happiness to people worldwide. Consumerism and hyper production has lowered the price of consumer and business electronics. The theme of this paper is to project and implement an automated system that monitors a pet’s physical activity via popular Arduino mass produced development electronics. The system is monitoring the amount of physical activity and calculate average distance and speed the animal is doing daily. The principles and scheme of the assembly will be shown and described