Search Results (1 - 2 of 2 Results)

Sort By  
Sort Dir
 
Results per page  

Kim, Dae WookData-Driven Network-Centric Threat Assessment
Doctor of Philosophy (PhD), Wright State University, 2017, Computer Science and Engineering PhD
As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume. To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages; and iii) fake AV webpages that offer up-to-date solutions (e.g.,product versions and threat names) to emerging threats. Finally, we built a novel system to detect malicious online social network (OSN) accounts that participate in online promotion events. The goal of our work is to boost the effectiveness of existing detection methods, such as spammer detection and fraud detection. To achieve our goal, our framework that systematically integrates features that characterize malicious OSN accounts based on three of their characteristics: their general behaviors, their recharging patterns, and their currency usage, and then leverages statistical classifier for detection.

Committee:

Junjie Zhang, Ph.D. (Advisor); Adam Robert Bryant, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member); Xuetao Wei, Ph.D. (Committee Member)

Subjects:

Computer Science

Keywords:

network security; fake anti-virus software; intrusion detection; web document analysis; statistical classification; Domain Name System; behavioral fingerprints; privacy; online social networks; virtual currency; malicious accounts

Fontanella, ShaunIndexing Geographic Information Using the Domain Name System
Master of Science, The Ohio State University, 2012, Environment and Natural Resources
There is a large amount of geographic information (GI) being collected every day all over the world. Governments, the traditional collectors of GI, have a multitude of institutional barriers preventing them from being able to nimbly collect and index GI. This thesis proposes a new and open system that indexes GI using an index built on top of the already ubiquitous Domain Name System called Geographic Domain Name System (GDNS). The GDNS uses a combination of the latitude and longitude of the centroid of a parcel to create a DNS hostname. This hostname points to the source of authoritative data on the internet. A web map acts as a visual search device of the hostnames. A design science research methodology is used to build and critique the thesis software artifacts.

Committee:

Earl Epstein, PhD (Advisor); Ola Ahlqvist, PhD (Committee Member); Brian Slater, PhD (Committee Member)

Subjects:

Geographic Information Science; Geography; Information Science; Information Systems; Information Technology

Keywords:

DNS; Geographic Information; Domain Name System; GDNS