Login | Register

On the Scalable Generation of Cyber Threat Intelligence from Passive DNS Streams

Title:

On the Scalable Generation of Cyber Threat Intelligence from Passive DNS Streams

Haneef, Anhar (2016) On the Scalable Generation of Cyber Threat Intelligence from Passive DNS Streams. Masters thesis, Concordia University.

[thumbnail of Haneef_MASc_S2016.pdf]
Preview
Text (application/pdf)
Haneef_MASc_S2016.pdf - Accepted Version
929kB

Abstract

Domain Name System (DNS) has become an important element of recent cybercrime infrastructures. Indeed, DNS protocol is being used, for instance, to operate infected machines and transport malicious payloads. In this context, it is of paramount importance to analyze passive DNS streams in order to generate timely and relevant cyber threat intelligence that can be used to detect, prevent and attribute cyber attacks. In this thesis, we explore the analysis of the aforementioned streams in order to detect DNS anomalies that correspond to cyber incidents. By DNS anomaly, we mean any deviation from what is expected in terms of regular DNS activities (queries/responses). The
identification of these anomalies leads to precious intelligence that could pinpoint domains that are involved in malicious activities (e.g., spamming, botnets, phishing, DDoS, etc.). We propose, design and implement a system that analyzes, in near-real-time, passive DNS streams and generates cyber threat intelligence in terms of: suspicious domains, DNS record abuse and passive DNS anomalies. We correlate the generated intelligence with other sources of intelligence such as our malware database. We dedicate a special care to the scalability of the proposed system. In addition to picking appropriate data structures and database technologies, we proceed with the distribution of the analysis over a cluster of computers using the so-called map/reduce paradigm with the Apache Spark framework. Our experiments show that our system is efficient and scalable while generating important, relevant and timely cyber threat intelligence.

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Concordia Institute for Information Systems Engineering
Item Type:Thesis (Masters)
Authors:Haneef, Anhar
Institution:Concordia University
Degree Name:M.A. Sc.
Program:Information Systems Security
Date:January 2016
Thesis Supervisor(s):Debbabi, Mourad
ID Code:980847
Deposited By: ANHAR HANEEF
Deposited On:15 Jun 2016 16:29
Last Modified:18 Jan 2018 17:52
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Research related to the current document (at the CORE website)
- Research related to the current document (at the CORE website)
Back to top Back to top