Shodhganga : a reservoir of Indian theses @ INFLIBNET
The Shodhganga@INFLIBNET Centre provides a platform for research students to deposit their Ph.D. theses and make it available to the entire scholarly community in open access.
Please use this identifier to cite or link to this item:
http://hdl.handle.net/10603/423799
| Title: | Anomaly based Botnet Detection using DNS Traffic Analysis |
| Researcher: | Singh, Manmeet |
| Guide(s): | Singh, Maninder and Kaur, Sanmeet |
| Keywords: | Anomaly Detection Computer Science Computer Science Hardware and Architecture DNS based Botnet Detection Engineering and Technology Network Security |
| University: | Thapar Institute of Engineering and Technology |
| Completed Date: | 2019 |
| Abstract: | Cybercrimes are evolving on a regular basis and these crimes are becoming a greater threat day by day. Earlier these threats were very general and unorganized. In the last decade, these attacks have become highly sophisticated in nature. This higher level of coordination is possible mainly due to Botnet which is a cluster of infected hosts controlled remotely by an attacker (Botmaster). The number of infected machines is continuously rising thereby resulting in Botnets with many of these having even over a million infected machines. This innumerous set of machines with varied computational and storage capabilities give the botmaster a lethal weapon to launch various security attacks. This never-ending menace of the botnet is causing many serious problems on the Internet. Domain Name System is a large-scale distributed database on the Internet, which is being abused as a Botnet communication channel. Significant efforts have been made in detecting botnet at the global level which relies heavily on finding failed queries and domain flux information for botnet detection, there are very few efforts being made to detect bot infection at an enterprise level. Detecting bot-infected machines are vital for any organization in combating various security threats. This research work proposes a novel anomaly-based detection technique which considers captured DNS traffic from LAN hosts on hourly basis to generate DNS fingerprint and attempts to find anomalous behavior which is quite different from normal machine behavior. This research work successfully demonstrates the DNS Anomaly Detection (named BotDAD) technique for detecting bot-infected machine in a network using DNS fingerprinting. It uses a feature extractor module to extract DNS attributes and build a host profile for all hosts in the network. The host profile is then parsed to generate DNS fingerprint. BotDAD creates DNS fingerprint of each host in the network and uses anomaly detection engine to label them as bot or clean. |
| Pagination: | xv, 133p. |
| URI: | http://hdl.handle.net/10603/423799 |
| Appears in Departments: | Department of Computer Science and Engineering |
Files in This Item:
| File | Description | Size | Format | |
|---|---|---|---|---|
| 01_title.pdf | Attached File | 106.38 kB | Adobe PDF | View/Open |
| 02_prelim pages.pdf | 373.63 kB | Adobe PDF | View/Open | |
| 03_content.pdf | 150.68 kB | Adobe PDF | View/Open | |
| 04_abstract.pdf | 48.29 kB | Adobe PDF | View/Open | |
| 05_chapter 1.pdf | 706.37 kB | Adobe PDF | View/Open | |
| 06_chapter 2.pdf | 781.1 kB | Adobe PDF | View/Open | |
| 07_chapter 3.pdf | 989.13 kB | Adobe PDF | View/Open | |
| 08_chapter 4.pdf | 1.31 MB | Adobe PDF | View/Open | |
| 09_chapter 5.pdf | 1.15 MB | Adobe PDF | View/Open | |
| 10_chapter 6.pdf | 129.58 kB | Adobe PDF | View/Open | |
| 11_annexures.pdf | 252.61 kB | Adobe PDF | View/Open | |
| 80_recommendation.pdf | 235.71 kB | Adobe PDF | View/Open |
Items in Shodhganga are licensed under Creative Commons Licence Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0).
Altmetric Badge: