Javascript must be enabled for the correct page display

A malware detection system using domain name information

Bouwers, P. (2015) A malware detection system using domain name information. Master's Thesis / Essay, Computing Science.

[img]
Preview
Text
master_thesis_pascal_bouwers.pdf - Published Version

Download (971kB) | Preview
[img] Text
toestemming.pdf - Other
Restricted to Backend only

Download (505kB)

Abstract

It is a continuous challenge for companies to detect malware infected clients in their network. Cyber-attacks are a constantly growing threat for companies, especially ones that have valuable and critical information that they need to keep confidential. This confidentiality can be breached by malware infected clients in their network, which can lead to both financial as well as reputational damage to the company. In this work we present a network-based malware detection system that is able to detect malware infections inside a network by logging the DNS requests and responses that leave and enter the network. This DNS traffic is used to classify requested domain names as either legitimate or malicious. This allows for the detection of malware infections within a network by identifying hosts that create DNS requests for malicious domain names. The presented system is able to correctly classify 93,66% of the domain names from a test set as either legitimate or malicious. This test set consists of 250.000 legitimate domain names and 250.000 malicious domain names.

Item Type: Thesis (Master's Thesis / Essay)
Degree programme: Computing Science
Thesis type: Master's Thesis / Essay
Language: English
Date Deposited: 15 Feb 2018 08:09
Last Modified: 15 Feb 2018 08:09
URI: http://fse.studenttheses.ub.rug.nl/id/eprint/13509

Actions (login required)

View Item View Item