KORELASI TIME TO LIVE TERHADAP QUERY TIDAK NORMAL PADA DNS MENGGUNAKAN BINARY LOGISTIC REGRESSION

Aminudin Aminudin, Eko Budi Cahyono

Abstract


Abstract: DNS plays a vital role in the operation of services on the internet. Almost all services on the internet are under DNS control, such as email, FTP, web apps, etc. So, it is not surprising that various malicious activities involve DNS services such as financial fraud, phishing, malware, and malicious activity, etc. Fortunately, in DNS there is a record with the name time to live which can be used to detect a query or the address accessed from the user is a normal query or an abnormal query. Therefore, the purpose of this study is to determine the correlation value between time to live and abnormal queries on passive DNS data using the Binary Logistic Regression model. The results showed that the Binary Logistic Regression method could model the correlation between TTL, elapsed, and bytes which have an optimal model F1 Score of 0.9997 and also have a condition close to the ideal state by using the Precision-Recall Curve (PRC) graph plot.

           
Keywords: Binary Logistic Regression; DNS Passive; Precision-Recall Curve (PRC); Query Abnormal

 

 

Abstrak: DNS memegang peranan yang vital di dalam berjalanya service di internet. Hampir seluruh layanan di internet berada di bawah kendali DNS seperti email, ftp, app web dll. Jadi, tidak mengherankan bahwa berbagai kegiatan jahat melibatkan layanan DNS seperti financial fraud, phising, malware dan aktivitas malicious dll. Untungnya, di dalam DNS tersimpan sebuah record dengan nama time to live yang dapat digunakan untuk mendeteksi sebuah query atau alamat yang diakses dari user tersebut bersifat query normal atau query tidak normal. Oleh karena itu, tujuan penelitian ini adalah untuk mengetahui nilai korelasi antara time to live dengan query tidak normal pada data passive DNS dengan menggunakan model Binary Logistic Regression. Hasil penelitian menunjukkan bahwa metode Binary Logistic Regression dapat memodelkan korelasi antara TTL, elapsed dan bytes yang memiliki model optimal F1 Score sebesar 0.9997 dan juga memiliki kondisi hampir mendekati keadaan ideal dengan menggunakan plot grafik Precision Recall Curve (PRC).

 

Kata kunci: Binary Logistic Regression; DNS Passive; Precision-Recall Curve (PRC); Query Abnormal

 


Full Text:

PDF

References


I. Van Zyl and B. Irwin, “A review of current DNS TTL practices,” no. September 2015, 2018.

C. N. Cs, D. N. S. Overview, T. Dns, T. Rfc, and A. Dns, “DNS Packet Structure,” no. September, 2009.

S. Torabi, A. Boukhtouta, C. Assi, and M. Debbabi, “Detecting internet abuse by analyzing passive DNS traffic: A survey of implemented systems,” IEEE Commun. Surv. Tutorials, vol. 20, no. 4, pp. 3389–3415, 2018, doi: 10.1109/COMST.2018.2849614.

LastLine, “Using Passive DNS Analysis to Automatically Detect Malicious Domains.”

A. Alenazi, “HTTP Botnet Detection using Passive DNS Analysis and Application Profilin,” Vancouver Island University, 2015.

A. M. Kara, H. Binsalleeh, M. Mannan, A. Youssef, and M. Debbabi, “Detection of malicious payload distribution channels in DNS,” 2014 IEEE Int. Conf. Commun. ICC 2014, pp. 853–858, 2014, doi: 10.1109/ICC.2014.6883426.

D. Wielogorska, Monika; O’Brien, “DNS Analysis for Botnet Detection,” vol. 550, no. Spring, pp. 1–8, 2014.

S. Marchal et al., “DNSSM: A Large Scale Passive DNS Security Monitoring Framework,” pp. 988–993, 2012, doi: 10.1145/1064212.1064271.

R. Yamada and S. Goto, “Using abnormal TTL values to detect malicious IP packets,” pp. 3–4, 2012.

X. Li, J. Wang, and X. Zhang, “Botnet detection technology based on DNS,” Futur. Internet, vol. 9, no. 4, pp. 1–12, 2017, doi: 10.3390/fi9040055.

W. Putera, Using Logistic Regression Method for Analysis Voting Behaviour in Political Science. .

N. D. Sinaga, “Model Regresi Logistik Biner untuk Menentukan Faktor yang Berpengaruh Terhadap Anak Putus Sekolah di Sulawesi Tengah,” vol. 13, no. 1, pp. 24–37, 2016.

Y. Wijaya,Arianto;Darsyah, “Binary Logistic Regression (BLR) untuk Mengetahui Pengaruh Tingkat Pendidikan dan Jenis Kelamin Terhadap Status Bekerja di Kota Surabaya,” no. 1, pp. 3–10, 2005, doi: 10.4135/9781412995627.

R. Hendayana, “Penerapan Metode Regresi Logistik dalam Menganalisis Adopsi Teknologi Pertanian,” Inform. Pertanan, vol. 22, no. 2, pp. 1–9, 2012.

S. Hosmer, David; Lemeshow, Applied Logistic Regression, Second. 2000.

P. da Pedro Marques Luz, “Botnet Detection Using Passive DNS,” 2014.




DOI: https://doi.org/10.33330/jurteksi.v7i2.924

Article Metrics

Abstract view : 525 times
PDF - 257 times

Refbacks

  • There are currently no refbacks.


Lembaga Penelitian dan Pengabdian Kepada Masyarakat (LPPM) STMIK ROYAL 

Copyright © LPPM STMIK ROYAL

 

Lisensi Creative Commons
Ciptaan disebarluaskan di bawah Lisensi Creative Commons Atribusi-BerbagiSerupa 4.0 Internasional.