Browse By Repository:

 
 
 
   

Analyze Bonet Activity By Identify The Difference Between Normal And Abnormal DNS Traffic

Ahmad Syafiq , Juwaini (2010) Analyze Bonet Activity By Identify The Difference Between Normal And Abnormal DNS Traffic. Project Report. UTeM, Melaka,Malaysia. (Submitted)

[img] PDF (24 Pages)
Analyze_Botnet_Activity_By_Identify_The_Difference_Between_Normal_And_Abnormal_DNS_Traffic_Ahmad_Syafiq_B._Juwaini_TK5105.8835.A89_2010_-_24_Pages.pdf - Submitted Version
Download (4MB)
[img] PDF (Full Text)
Analyze_Botnet_Activity_By_Identify_The_Difference_Between_Normal_And_Abnormal_DNS_Traffic_Ahmad_Syafiq_B._Juwaini_TK5105.8835.A89_2010.pdf - Submitted Version
Restricted to Registered users only
Download (35MB)

Abstract

This project is focus on the difference between normal DNS traffic and abnormal DNS traffic that made by the botnet. Botnet is software robot that is hardcoded by the botmaster or owner of the bot that has mission need to be accomplished. Victim of the botnet will faced consequence such as denial of service. This project analyzed the DNS traffic by focus on the numbers of query response. Query response for normal DNS traffic is less than the botnet DNS traffic because botnet like to contact its server more frequently than the normal DNS traffic. To get the network traffic, lab had been setup based on network setup configuration that had been planned for this project. Server was used to capture the network traffic and some workstations used to run the botnet for botnet DNS traffic and windows update for normal DNS network. There are some techniques to detect botnet, in this project detection of botnet is using anomaly-based technique. Network traffic will be captured for both botnet DNS network and normal DNS network. Three different network traffic had been captured which were botnet DNS network, normal DNS network and combination of botnet and normal DNS network. From the captured network traffic, analysis had been made and criteria involved were time the botnet active, number ofNXDomain and CNAME rcode for the query response and the time interval for the botnet request at the DNS server. To get clear information to the DNS query response, graph was created for all the botnet DNS traffic and normal DNS traffic in the analysis phase. To confirmed output in the analysis phase, testing had been made to compare it. Conclusion for the project is to conclude that the project met all objectives that had been planned before or not.

Item Type: Final Year Project (Project Report)
Uncontrolled Keywords: Computer network protocols, Internet domain names, Internet addresses
Subjects: T Technology > T Technology (General)
T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions: Library > Final Year Project > FTMK
Depositing User: Mohd Syahrizal Mohd Razali
Date Deposited: 15 Oct 2012 06:40
Last Modified: 28 May 2015 03:41
URI: http://digitalcollection.utem.edu.my/id/eprint/6262

Actions (login required)

View Item View Item
Altmetric
Download Statistics

Downloads

Downloads per month over past year
 
UNIVERSITI TEKNIKAL MALAYSIA MELAKA DIGITAL COLLECTION is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.