Affinito, Antonia (2023) Malicious and Large-Scale Phenomena over the Internet: An Analysis based on DNS. [Tesi di dottorato]
Anteprima |
Testo
affinito_antonia_35.pdf Download (14MB) | Anteprima |
| Tipologia del documento: | Tesi di dottorato |
|---|---|
| Lingua: | English |
| Titolo: | Malicious and Large-Scale Phenomena over the Internet: An Analysis based on DNS |
| Autori: | Autore Email Affinito, Antonia antonia.affiinito@unina.it |
| Data: | 9 Marzo 2023 |
| Numero di pagine: | 184 |
| Istituzione: | Università degli Studi di Napoli Federico II |
| Dipartimento: | Ingegneria Elettrica e delle Tecnologie dell'Informazione |
| Dottorato: | Information technology and electrical engineering |
| Ciclo di dottorato: | 35 |
| Coordinatore del Corso di dottorato: | nome email Russo, Stefano stefano.russo@unina.it |
| Tutor: | nome email Botta, Alessio [non definito] |
| Data: | 9 Marzo 2023 |
| Numero di pagine: | 184 |
| Parole chiave: | Botnet, Cyber Threats, Domain Names, DNS, COVID-19 Pandemic, Russia-Ukraine Conflict |
| Settori scientifico-disciplinari del MIUR: | Area 09 - Ingegneria industriale e dell'informazione > ING-INF/05 - Sistemi di elaborazione delle informazioni |
| Depositato il: | 14 Mar 2023 19:36 |
| Ultima modifica: | 10 Apr 2025 13:00 |
| URI: | http://www.fedoa.unina.it/id/eprint/15115 |
Abstract
Cyber security threats and real-life phenomena (e.g., COVID-19 pandemic) are increasingly reflected over the Internet. Hackers usually scan a network to discover active and vulnerable network devices prior to initiating a malicious activity. This is also the approach adopted by botnets, one of the most important, current cyber security threats. These malicious networks of bots more and more use the Domain Name System (DNS) as a tool for their operations. This thesis provides twofold contributions. The first one addresses the problem of detecting port and net scans in high-speed networks. Big Data analysis techniques are applied to cope with the large volume of data to be processed. Mirai botnet scan is also investigated. Scrutinizing its signature over a six-year period from real Internet traffic reveals the evolution of such botnet and its variants. The second contribution focuses on DNS as a good observation lens for monitoring the proper operation of the Internet. It focuses on how Internet Service Providers and public DNS resolvers protect users accessing domains associated with such activities. It also shows how the lifetime of malicious domain names may be shorter than the one of benign domains due to take-down efforts of registries. Finally, two case studies on how DNS data can be used to analyze prominent and global real-life events are reported. First, the effect of the COVID-19 pandemic restrictions on network utilization is explored, providing insights into the usage of Internet applications during this period. Second, the impact of the Ukraine conflict on Russian domain infrastructure is presented, investigating its changes before and after the start of this event.
Downloads
Downloads per month over past year
Actions (login required)
 |
Modifica documento |
