Building a DNS Tunneling Dataset

Background:: Domain Name System (DNS) is considered the phone book of the Internet. Its main goal is to translate a domain name to an IP address that the computer can understand. However, DNS can be vulnerable to various kinds of attacks, such as DNS poisoning attacks and DNS tunneling attacks. Objective:: The main objective of this paper is to allow researchers to identify DNS tunnel traffic using machine-learning algorithms. Training machine-learning algorithms to detect DNS tunnel traffic and determine which protocol was used will help the community to speed up the process of detecting such attacks. Method:: In this paper, we consider the DNS tunneling attack. In addition, we discuss how attackers can exploit this protocol to infiltrate data breaches from the network. The attack starts by encoding data inside the DNS queries to the outside of the network. The malicious DNS server will receive the small chunk of data decoding the payload and put it together at the server. The main concern is that the DNS is a fundamental service that is not usually blocked by a firewall and receives less attention from systems administrators due to a vast amount of traffic. Results:: This paper investigates how this type of attack happens using the DNS tunneling tool by setting up an environment consisting of compromised DNS servers and compromised hosts with the Iodine tool installed in both machines. The generated dataset contains the traffic of HTTP, HTTPS, SSH, SFTP, and POP3 protocols over the DNS. No features were removed from the dataset so that researchers could utilize all features in the dataset. Conclusion:: DNS tunneling remains a critical attack that needs more attention to address. DNS tunneled environment allows us to understand how such an attack happens. We built the appropriate dataset by simulating various attack scenarios using different protocols. The created dataset contains PCAP, JSON, and CSV files to allow researchers to use different methods to detect tunnel traffic.

Download Full-text

Detecting Abnormal Behavior of an IoT Device in the Network Based on a Traffic Model

Telecom IT ◽

10.31854/2307-1303-2019-7-3-50-55 ◽

2019 ◽

Vol 7 (3) ◽

pp. 50-55

Author(s):

D. Saharov ◽

D. Kozlov

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Mobile Networks ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Abnormal Behavior ◽

Traffic Model ◽

The Internet ◽

Wide Spread ◽

The Internet Of Things

The article deals with the СoAP Protocol that regulates the transmission and reception of information traf-fic by terminal devices in IoT networks. The article describes a model for detecting abnormal traffic in 5G/IoT networks using machine learning algorithms, as well as the main methods for solving this prob-lem. The relevance of the article is due to the wide spread of the Internet of things and the upcoming update of mobile networks to the 5g generation.

Download Full-text

Movie Recommenadation System

International Journal on Recent and Innovation Trends in Computing and Communication ◽

10.17762/ijritcc.v9i4.5460 ◽

2021 ◽

Vol 9 (4) ◽

pp. 13-16

Author(s):

Gandhali Malve ◽

Lajree Lohar ◽

Tanay Malviya ◽

Shirish Sabnis

Keyword(s):

Machine Learning ◽

Recommender System ◽

Recommendation System ◽

Learning Algorithms ◽

Recommendation Systems ◽

Machine Learning Algorithms ◽

The Internet ◽

Amount Of Information ◽

System Recommendation ◽

User Ratings

Today the amount of information in the internet growth very rapidly and people need some instruments to find and access appropriate information. One of such tools is called recommendation system. Recommendation systems help to navigate quickly and receive necessary information. Many of us find it difficult to decide which movie to watch and so we decided to make a recommender system for us to better judge which movie we are more likely to love. In this project we are going to use Machine Learning Algorithms to recommend movies to users based on genres and user ratings. Recommendation system attempt to predict the preference or rating that a user would give to an item.

Download Full-text

Structure and Organization of the Domain Name System

Domain Name Law And Practice ◽

10.1093/oso/9780199663163.003.0002 ◽

2015 ◽

Author(s):

Torsten Bettinger

Keyword(s):

Host Computer ◽

The Internet ◽

Domain Name System ◽

Domain Name ◽

Global Regulation ◽

Ip Address ◽

Domain Names ◽

Data Packets ◽

System P ◽

Administrative Tasks

Although the Internet has no cross-organizational, financial, or operational management responsible for the entire Internet, certain administrative tasks are coordinated centrally. Among the most important organizational tasks that require global regulation is the management of Internet Protocol (IP) addresses and their corresponding domain names. The IP address consists of an existing 32 bit (IP4) or 128 bit (IP6) sequence of digits and is the actual physical network address by which routing on the Internet takes place and which will ensure that the data packets reach the correct host computer.

Download Full-text

Machine learning algorithms for smart data analysis in the Internet of things: an overview

Intelligent Wireless Communications ◽

10.1049/pbte094e_ch12 ◽

2021 ◽

pp. 307-327

Author(s):

Mohammed H. Alsharif ◽

Anabi Hilary Kelechi ◽

Imran Khan ◽

Mahmoud A. Albreem ◽

Abu Jahid ◽

...

Keyword(s):

Machine Learning ◽

Data Analysis ◽

Internet Of Things ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

The Internet ◽

Smart Data ◽

The Internet Of Things

Download Full-text

Machine Learning Techniques for IoT-Based Indoor Tracking and Localization

10.4018/978-1-7998-4186-9.ch007 ◽

2022 ◽

pp. 123-145

Author(s):

Pelin Yildirim Taser ◽

Vahid Khalilpour Akram

Keyword(s):

Machine Learning ◽

Indoor Localization ◽

Learning Algorithms ◽

Distance Estimation ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

The Internet ◽

Traditional Methods ◽

Learning Techniques ◽

Localization Systems

The GPS signals are not available inside the buildings; hence, indoor localization systems rely on indoor technologies such as Bluetooth, WiFi, and RFID. These signals are used for estimating the distance between a target and available reference points. By combining the estimated distances, the location of the target nodes is determined. The wide spreading of the internet and the exponential increase in small hardware diversity allow the creation of the internet of things (IoT)-based indoor localization systems. This chapter reviews the traditional and machine learning-based methods for IoT-based positioning systems. The traditional methods include various distance estimation and localization approaches; however, these approaches have some limitations. Because of the high prediction performance, machine learning algorithms are used for indoor localization problems in recent years. The chapter focuses on presenting an overview of the application of machine learning algorithms in indoor localization problems where the traditional methods remain incapable.

Download Full-text

An Efficient Classifier for U2R, R2L, DoS Attack

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a1942.059120 ◽

2020 ◽

Vol 9 (1) ◽

pp. 644-647

Keyword(s):

Machine Learning ◽

Network Security ◽

Learning Algorithms ◽

Research Area ◽

Attack Detection ◽

Machine Learning Algorithms ◽

The Internet ◽

Detection Accuracy ◽

Cyber Attack ◽

Detection Systems

The internet has become an irreplaceable communicating and informative tool in the current world. With the ever-growing importance and massive use of the internet today, there has been interesting from researchers to find the perfect Cyber Attack Detection Systems (CADSs) or rather referred to as Intrusion Detection Systems (IDSs) to protect against the vulnerabilities of network security. CADS presently exist in various variants but can be largely categorized into two broad classifications; signature-based detection and anomaly detection CADSs, based on their approaches to recognize attack packets.The signature-based CADS use the well-known signatures or fingerprints of the attack packets to signal the entry across the gateways of secured networks. Signature-based CADS can only recognize threats that use the known signature, new attacks with unknown signatures can, therefore, strike without notice. Alternatively, anomaly-based CADS are enabled to detect any abnormal traffic within the network and report. There are so many ways of identifying anomalies and different machine learning algorithms are introduced to counter such threats. Most systems, however, fall short of complete attack prevention in the real world due system administration and configuration, system complexity and abuse of authorized access. Several scholars and researchers have achieved a significant milestone in the development of CADS owing to the importance of computer and network security. This paper reviews the current trends of CADS analyzing the efficiency or level of detection accuracy of the machine learning algorithms for cyber-attack detection with an aim to point out to the best. CADS is a developing research area that continues to attract several researchers due to its critical objective.

Download Full-text

Detecting Network Anomalies In ISP Network Using DNS And NetFlow

ICONIET PROCEEDING ◽

10.33555/iconiet.v2i3.38 ◽

2019 ◽

Vol 2 (3) ◽

pp. 238-242

Author(s):

Andreas Tedja ◽

Charles Lim ◽

Heru Purnomo Ipung

Keyword(s):

Service Providers ◽

The Internet ◽

Domain Name System ◽

Domain Name ◽

Internet Service ◽

Ip Address ◽

Traffic Characteristics ◽

The World ◽

Fast Flux ◽

Crucial Part

The Internet has become the biggest medium for people to communicate with otherpeople all around the world. However, the Internet is also home to hackers with maliciouspurposes. This poses a problem for Internet Service Providers (ISP) and its user, since it ispossible that their network is compromised and damages may be done. There are many types ofmalware that currently exist on the Internet. One of the growing type of malware is botnet.Botnet can infect a system and make it a zombie machine capable of doing distributed attacksunder the command of the botmaster. In order to make detection of botnet more difficult,botmasters often deploy fast flux. Fast flux will shuffle IP address of the domain of themalicious server, making tracking and detection much more difficult. However, there are stillnumerous ways to detect fast flux, one of them is by analysing DNS data. Domain Name System(DNS) is a crucial part of the Internet. DNS works by translating IP address to its associateddomain name. DNS are often being exploited by hackers to do its malicious activities. One ofthem is to deploy fast flux.Because the characteristics of fast flux is significantly different thannormal Internet traffic characteristics, it is possible to detect fast flux from normal Internettraffic from its DNS information. However, while detecting fast flux services, one must becautious since there are a few Internet services which have almost similar characteristics as fastflux service. This research manages to detect the existence of fast flux services in an ISPnetwork. The result is that fast flux mostly still has the same characteristics as found on previousresearches. However, current fast flux trend is to use cloud hosting services. The reason behindthis is that cloud hosting services tend to have better performance than typical zombie machine.Aside from this, it seems like there has been no specific measures taken by the hosting service toprevent this, making cloud hosting service the perfect medum for hosting botnet and fast fluxservices.

Download Full-text

Machine learning approach for automated defense against network intrusions

10.7287/peerj.preprints.27777 ◽

2019 ◽

Author(s):

Farhaan Noor Hamdani ◽

Farheen Siddiqui

Keyword(s):

Machine Learning ◽

Learning Algorithms ◽

False Positives ◽

Machine Learning Algorithms ◽

The Internet ◽

Data Traffic ◽

Network Resource ◽

Detection Systems ◽

Anomalous Data ◽

Network Intrusions

With the advent of the internet, there is a major concern regarding the growing number of attacks, where the attacker can target any computing or network resource remotely Also, the exponential shift towards the use of smart-end technology devices, results in various security related concerns, which include detection of anomalous data traffic on the internet. Unravelling legitimate traffic from malignant traffic is a complex task itself. Many attacks affect system resources thereby degenerating their computing performance. In this paper we propose a framework of supervised model implemented using machine learning algorithms which can enhance or aid the existing intrusion detection systems, for detection of variety of attacks. Here KDD (knowledge data and discovery) dataset is used as a benchmark. In accordance with detective abilities, we also analyze their performance, accuracy, alerts-logs and compute their overall detection rate. These machine learning algorithms are validated and tested in terms of accuracy, precision, true-false positives and negatives. Experimental results show that these methods are effective, generating low false positives and can be operative in building a defense line against network intrusions. Further, we compare these algorithms in terms of various functional parameters

Download Full-text

Machine learning approach for automated defense against network intrusions

10.7287/peerj.preprints.27777v1 ◽

2019 ◽

Author(s):

Farhaan Noor Hamdani ◽

Farheen Siddiqui

Keyword(s):

Machine Learning ◽

Learning Algorithms ◽

False Positives ◽

Machine Learning Algorithms ◽

The Internet ◽

Data Traffic ◽

Network Resource ◽

Detection Systems ◽

Anomalous Data ◽

Network Intrusions

Download Full-text

Detection of Malicious Uniform Resource Locator

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.a1265.078219 ◽

2019 ◽

Vol 8 (2) ◽

pp. 41-47

Keyword(s):

Machine Learning ◽

Learning Algorithms ◽

Text Messages ◽

Machine Learning Algorithms ◽

The Internet ◽

Application Layer ◽

Uniform Resource Locator ◽

Network Characteristics ◽

The World ◽

Use Of Internet

With the growing use of internet across the world ,the threats posed by it are numerous. The information you get and share across the internet is accessible, can be tracked and modified. Malicious websites play a pivotal role in effecting your system. These websites reach users through emails, text messages, pop ups or devious advertisements. The outcome of these websites or Uniform Resource Locators (URLs) would often be a downloaded malware, spyware, ransomware and compromised accounts. A malicious website or URL requires action on the users side, however in the case of drive by only downloads, the website will attempt to install software on the computer without asking users permission first. We put forward a model to forecast a URL is malicious or benign, based on the application layer and network characteristics. Machine learning algorithms for classification are used to develop a classifier using the targeted dataset. The targeted dataset is divided into training and validation sets. These sets are used to train and validate the classifier model. The hyper parameters are tuned to refine the model and generate better results

Download Full-text