Analysis of Malware Dns Attack on the Network Using Domain Name System Indicators
Analisis Serangan Dns Malware Di Jaringan Menggunakan Domain Name System Indikator
Abstract
University of Bina Darma Palembang has its own DNS server and in this study using log data from the Bina Darma University DNS server as data in the study, DNS log server data is analyzed by network traffic, using Network Analyzer tools to see the activity of a normal traffic or anomaly traffic, or even contains DGA Malware (Generating Algorthm Domain).DGA malware produces a number of random domain names that are used to infiltrate DNS servers. To detect DGA using DNS traffic, NXDomain. The result is that each domain name in a group domain is generated by one domain that is often used at short times and simultaneously has a similar life time and query style. Next look for this pattern in NXDomain DNS traffic to filter domains generated algorithmically that the domain contains DGA. In analyzing DNS traffic whether it contains Malware and whether network traffic is normal or anomaly, in this study it detects Malwere DNS From the results of the stages of the suspected domain indicated by malware, a suspected domain list table is also created and also a suspected list of IP addresses. To support the suspected domain analysis results, info graphic is displayed using rappidminer tools to test decisions that have been made using the previous tools using the Decision Tree method.
Downloads
References
Jhohanes. (2018). The DGA of Pykspa. Retrieved from www.Jhohanes.com
Kalista, P. (2016). Konsep dan Teori Trafik.
Karima, A. (2012). Deteksi anomali untuk identifikasi botnet kraken dan conficker menggunakan pendekatan rule based. 2012(Semantik), 274–281.
Sons, J. W. &. (2012). CompTIA Network Study Guide 2nd Edition. Indianapolis. 2.
Wijaya, E. S., Syukur, A., Wahono, R. S., Thesis, J., Magister, P., & Informatika, T. (n.d.). DETEKSI ANOMALI TRAFIK JARINGAN DENGAN MENGGUNAKAN METODE DECISION TREE. 1–14.
Abstract views: 5036 times
Download PDF: 6081 times
- I certify that I have read, understand and agreed to the Journal of Information Systems and Informatics (Journal-ISI) submission guidelines, policies and submission declaration. Submission already using the provided template.
- I certify that all authors have approved the publication of this and there is no conflict of interest.
- I confirm that the manuscript is the authors' original work and the manuscript has not received prior publication and is not under consideration for publication elsewhere and has not been previously published.
- I confirm that all authors listed on the title page have contributed significantly to the work, have read the manuscript, attest to the validity and legitimacy of the data and its interpretation, and agree to its submission.
- I confirm that the paper now submitted is not copied or plagiarized version of some other published work.
- I declare that I shall not submit the paper for publication in any other Journal or Magazine till the decision is made by journal editors.
- If the paper is finally accepted by the journal for publication, I confirm that I will either publish the paper immediately or withdraw it according to withdrawal policies
- I Agree that the paper published by this journal, I transfer copyright or assign exclusive rights to the publisher (including commercial rights)
_1.png){kind=logo}
