IP Traceback Using DNS Logs Against Bots full report
#1

Presented by:
Pratik Jain

[attachment=12890]
Keywords:
1) IP Spoofing Attack-

• A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
2) IP Traceback-
• Allows victim to identify the origin of attackers
• Several approaches
-ICMP
-Packet Marking
-Hashbased Traceback
-Using DNS Logs against Bots(proposed)
3) DNS Logs-
• It contains a list of IP addresses of host machines.
4)Bots-
• A remote-controlled software program that acts as an agent for a user.
• Bots can be doing clandestine things even when the computer owner thinks the computer is inactive.
5) Command & Control Server(C&C Server)-
• It is a special kind of server that controls the bot infected hosts.
1.INTRODUCTION
• Source IP spoofing attacks are sent from bot infected hosts that are controlled via command and control (C&C) servers.
• IP can be tracked against bots using DNS query logs that can be output from conventional DNS servers.
• Because many types of bot retrieve IP addresses from the FQDNs of the victim at the beginning of communication, we can track the bots from the DNS query logs.
• The proposed scheme checks from the destination DNS to the source DNS (generally called a resolver) logs, in order to extract the IP addresses of the bots.
2.INVESTIGATION OF BOT COMMUNICATION PATTERN
• Bot is controlled by C&C servers and sends attack packets to the victim hosts.
• We have collected 44 kinds of bot code using the honeypot and infected a virtual machine. 37 kinds of bot communicated with outside hosts, while the 7 kinds of bot were not active on the virtual machine.
• Fig 1 shows a bot communication pattern whereby DNS queries are extracted between the bot and the primary DNS server .
• The bot sent recursive DNS queries that retrieved 4 kinds of FQDN, which included both the victim hosts and the C&C servers.
• Figure 2 shows an example of a DNS query pattern from a spam-mail bot. The spam-mail bot turned into a DNS resolver and sent DNS queries to retrieve the MX records of each domain.
• Fig 3 shows a screen shot of the communication pattern visualizer that depicts the communication pattern between the bot and the DNS servers shown in Figure 2.
• The spam-mail bot accessed many domain DNS servers in order to retrieve the MX records.
• 29 kinds of bot sent DNS queries in order to resolve the IP addresses of the victim hosts, while all 37 kinds of bot sent DNS queries to resolve the IP addresses of the C&C servers.
• Following the DNS queries, the bot communicates with the victim hosts and the C&C servers.
3.IP TRACEBACK USING DNS LOGS AGAINST BOTS
 Assumption- The attacker retrieves IP address from the DNS server before sending spoofing packets.
A. Review of the DNS Query Model:-
 As shown in fig 4, the source host sends a recursive query packet to a source DNS server in order to retrieve the IP address of the FQDN.
 The source DNS server will be a resolver and resolves the FQDN by retrieving a DNS tree.
 Figure 5 shows an example of the source DNS log. The log records the IP address of the source host linked with the destination FQDN.
B. IP Traceback for Regular Recursive DNS Query:-
 We propose an IP tracking scheme that cooperates the source DNS server with the destination DNS server shown in Figures 6 .
 Tags “I,…,IV” represent the same procedures as shown in Figure 4, while the proposed IP tracking procedures are as in fig 6.
C. IP Traceback for Forwarding DNS Query:-
 Several source DNS servers are configured for DNS forwarding . A forwarder DNS server for the source DNS server will be a DNS resolver.
 In this case, the DNS query log of the destination DNS server records the IP address of the forwarder DNS server instead of the source DNS server. Thus, there is a need to track additional hops to the source DNS server. Figure 8 shows the tracking model using three DNS server logs.
4.EVALUATION
A. End-to-End Tracking Success Rate:-

 In conventional IP tracking scheme, the end to end tracking success rate is calculated as the power of the success rate per hop .
 In the proposed IP tracking scheme, the end-to-end tracking success rate is calculated as the square of the success rate per hop times the DNS query rate of the bot.
 Figure 12 shows end-to- end tracking success rate versus the tracking hop length. Here, the success rate per hop is p=0.9.
 The end-to-end tracking success rate of the conventional scheme decreases quickly, because the rate is followed by the power of the success rate per hop.
On the other hand, the end-to-end tracking success rates of the proposed scheme are constant values at more than 2 hops. At the 15 hops, the end-to-end tracking rates of the conventional scheme, the proposal of the DNS query rate = 0.55, and the proposal of the DNS query rate = 1.00 are about 0.20, 0.45, and 0.81, respectively
Reply
#2
Hi friend,
I am a final year computer science student and am very interested in this seminars, please send me a full report of this seminars.......I will appreciate.
Reply
#3

to get information about the topic IP Traceback Using DNS Logs Against Bots full report ppt and related topic refer the page link bellow

http://studentbank.in/report-ip-tracebac...?pid=69097
Reply

Important Note..!

If you are not satisfied with above reply ,..Please

ASK HERE

So that we will collect data for you and will made reply to the request....OR try below "QUICK REPLY" box to add a reply to this page
Popular Searches: ipv6 dns, traceback in qnx, java code for ip traceback in network system, ip traceback ns2, dawnload seminar report on ip traceback using dns logs against bots, dns services, wildcard dns,

[-]
Quick Reply
Message
Type your reply to this message here.

Image Verification
Please enter the text contained within the image into the text box below it. This process is used to prevent automated spam bots.
Image Verification
(case insensitive)

Possibly Related Threads...
Thread Author Replies Views Last Post
  computer networks full report seminar topics 8 41,805 06-10-2018, 12:35 PM
Last Post: jntuworldforum
  OBJECT TRACKING AND DETECTION full report project topics 9 30,525 06-10-2018, 12:20 PM
Last Post: jntuworldforum
  imouse full report computer science technology 3 24,771 17-06-2016, 12:16 PM
Last Post: ashwiniashok
  Implementation of RSA Algorithm Using Client-Server full report seminar topics 6 26,483 10-05-2016, 12:21 PM
Last Post: dhanabhagya
  Optical Computer Full Seminar Report Download computer science crazy 46 66,150 29-04-2016, 09:16 AM
Last Post: dhanabhagya
  ethical hacking full report computer science technology 41 74,290 18-03-2016, 04:51 PM
Last Post: seminar report asees
  broadband mobile full report project topics 7 23,183 27-02-2016, 12:32 PM
Last Post: Prupleannuani
  steganography full report project report tiger 15 41,190 11-02-2016, 02:02 PM
Last Post: seminar report asees
  Digital Signature Full Seminar Report Download computer science crazy 20 43,490 16-09-2015, 02:51 PM
Last Post: seminar report asees
  Mobile Train Radio Communication ( Download Full Seminar Report ) computer science crazy 10 27,877 01-05-2015, 03:36 PM
Last Post: seminar report asees

Forum Jump: