Real time DNS traffic profiling enhanced detection design for national level network

Muhammad Salahuddien Manggalanny; Kalamullah Ramli

doi:10.1109/ISITIA.2017.8124046

Real time DNS traffic profiling enhanced detection design for national level network

Muhammad Salahuddien Manggalanny, Kalamullah Ramli

Department of Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Citations (Scopus)

Abstract

A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.

Original language	English
Title of host publication	2017 International Seminar on Intelligent Technology and Its Application
Subtitle of host publication	Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	11-15
Number of pages	5
ISBN (Electronic)	9781538627068
DOIs	https://doi.org/10.1109/ISITIA.2017.8124046
Publication status	Published - 28 Nov 2017
Event	18th International Seminar on Intelligent Technology and Its Application, ISITIA 2017 - Surabaya, Indonesia Duration: 28 Aug 2017 → 29 Aug 2017

Publication series

Name	2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding
Volume	2017-January

Conference

Conference	18th International Seminar on Intelligent Technology and Its Application, ISITIA 2017
Country/Territory	Indonesia
City	Surabaya
Period	28/08/17 → 29/08/17

Keywords

Anomaly detection
DNS
Traffic profiling

Access to Document

10.1109/ISITIA.2017.8124046

Cite this

Manggalanny, M. S., & Ramli, K. (2017). Real time DNS traffic profiling enhanced detection design for national level network. In 2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding (pp. 11-15). (2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding; Vol. 2017-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ISITIA.2017.8124046

Manggalanny, Muhammad Salahuddien ; Ramli, Kalamullah. / Real time DNS traffic profiling enhanced detection design for national level network. 2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 11-15 (2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding).

@inproceedings{eb5cb446f1f84ab0b6c9c9d24f404f40,

title = "Real time DNS traffic profiling enhanced detection design for national level network",

abstract = "A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.",

keywords = "Anomaly detection, DNS, Traffic profiling",

author = "Manggalanny, {Muhammad Salahuddien} and Kalamullah Ramli",

note = "Publisher Copyright: {\textcopyright} 2017 IEEE.; 18th International Seminar on Intelligent Technology and Its Application, ISITIA 2017 ; Conference date: 28-08-2017 Through 29-08-2017",

year = "2017",

month = nov,

day = "28",

doi = "10.1109/ISITIA.2017.8124046",

language = "English",

series = "2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "11--15",

booktitle = "2017 International Seminar on Intelligent Technology and Its Application",

address = "United States",

}

Manggalanny, MS & Ramli, K 2017, Real time DNS traffic profiling enhanced detection design for national level network. in 2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding. 2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding, vol. 2017-January, Institute of Electrical and Electronics Engineers Inc., pp. 11-15, 18th International Seminar on Intelligent Technology and Its Application, ISITIA 2017, Surabaya, Indonesia, 28/08/17. https://doi.org/10.1109/ISITIA.2017.8124046

Real time DNS traffic profiling enhanced detection design for national level network. / Manggalanny, Muhammad Salahuddien; Ramli, Kalamullah.

2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding. Institute of Electrical and Electronics Engineers Inc., 2017. p. 11-15 (2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding; Vol. 2017-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Real time DNS traffic profiling enhanced detection design for national level network

AU - Manggalanny, Muhammad Salahuddien

AU - Ramli, Kalamullah

PY - 2017/11/28

Y1 - 2017/11/28

N2 - A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.

AB - A recent study shows, an investigation of Advanced Persistent Threat (APT) activity can be done effectively through malicious DNS traffic analysis. But, most of the experiments are conducted in a limited, simulated environment e.g. small campus network. Since APT is very dynamic and to address traffic grows, a light weight computation architecture is then needed to profile suspected activity in near real time. In this study, we proposed an enhanced design to detect malicious DNS traffic for high speed, large scale, national level, near real time network. This experiment combines available open source solution tools in order to gain real time, better accuracy of anomaly recognition and faster detection.

KW - Anomaly detection

KW - DNS

KW - Traffic profiling

UR - http://www.scopus.com/inward/record.url?scp=85043533799&partnerID=8YFLogxK

U2 - 10.1109/ISITIA.2017.8124046

DO - 10.1109/ISITIA.2017.8124046

M3 - Conference contribution

AN - SCOPUS:85043533799

T3 - 2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding

SP - 11

EP - 15

BT - 2017 International Seminar on Intelligent Technology and Its Application

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 18th International Seminar on Intelligent Technology and Its Application, ISITIA 2017

Y2 - 28 August 2017 through 29 August 2017

ER -

Manggalanny MS, Ramli K. Real time DNS traffic profiling enhanced detection design for national level network. In 2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding. Institute of Electrical and Electronics Engineers Inc. 2017. p. 11-15. (2017 International Seminar on Intelligent Technology and Its Application: Strengthening the Link Between University Research and Industry to Support ASEAN Energy Sector, ISITIA 2017 - Proceeding). doi: 10.1109/ISITIA.2017.8124046

Real time DNS traffic profiling enhanced detection design for national level network

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this