Analysis of Malware Dns Attack on the Network Using Domain Name System Indicators

Analisis Serangan Dns Malware Di Jaringan Menggunakan Domain Name System Indikator

  • Beni Brahara universitas bina darma
  • Dedy Syamsuar Universitas Bina Darma
  • Yesi Novaria Kunang Universitas Bina Darma
Keywords: Log, DNS Malware , DGA , Malicious Traffic, Normal traffic ,Anomaly

Abstract

University of Bina Darma Palembang has its own DNS server and in this study using log data from the Bina Darma University DNS server as data in the study, DNS log server data is analyzed by network traffic, using Network Analyzer tools to see the activity of a normal traffic or anomaly traffic, or even contains DGA Malware (Generating Algorthm Domain).DGA malware produces a number of random domain names that are used to infiltrate DNS servers. To detect DGA using DNS traffic, NXDomain. The result is that each domain name in a group domain is generated by one domain that is often used at short times and simultaneously has a similar life time and query style. Next look for this pattern in NXDomain DNS traffic to filter domains generated algorithmically that the domain contains DGA. In analyzing DNS traffic whether it contains Malware and whether network traffic is normal or anomaly, in this study it detects Malwere DNS From the results of the stages of the suspected domain indicated by malware, a suspected domain list table is also created and also a suspected list of IP addresses. To support the suspected domain analysis results, info graphic is displayed using rappidminer tools to test decisions that have been made using the previous tools using the Decision Tree method.

Downloads

Download data is not yet available.

References

H.Choi, H. Lee, and H. K. (2009). Botgad: detecting botnets by capturing group activities in network traffic,” in Proceedings of the Fourth International ICST Conference on Communication System software and middlewaRE.
Jhohanes. (2018). The DGA of Pykspa. Retrieved from www.Jhohanes.com
Kalista, P. (2016). Konsep dan Teori Trafik.
Karima, A. (2012). Deteksi anomali untuk identifikasi botnet kraken dan conficker menggunakan pendekatan rule based. 2012(Semantik), 274–281.
Sons, J. W. &. (2012). CompTIA Network Study Guide 2nd Edition. Indianapolis. 2.
Wijaya, E. S., Syukur, A., Wahono, R. S., Thesis, J., Magister, P., & Informatika, T. (n.d.). DETEKSI ANOMALI TRAFIK JARINGAN DENGAN MENGGUNAKAN METODE DECISION TREE. 1–14.
Published
2020-03-11
Abstract views: 133 times
Download PDF: 78 times
How to Cite
Brahara, B., Syamsuar, D., & Kunang, Y. (2020). Analysis of Malware Dns Attack on the Network Using Domain Name System Indicators. Journal of Information Systems and Informatics, 2(1), 131-153. https://doi.org/10.33557/journalisi.v2i1.30