Abstract
The Internet is a medium for people to communicate with each other. Individuals and/or organizations are faced with increased security threats on the Internet. Many organizations prioritize on handling external security threats over internal security threats and for this reason, internal security threats are often missed or worst ignored. Domain Name System (DNS) is one of major Internet services that resolve user's request on domain name to an IP address. Since all of the user query to domain name utilize DNS to resolve the domain name or vice versa, including malicious intended user's query. Thus, DNS is a great source of information for detecting potential insider threat to detect unknown insider threats. This research aims to detect insider threats using DNS based features and these potential insider threats are clustered based on the DNS traffic features. Machine learning algorithms are used to cluster the DNS traffic under investigation. Our research shows that suspected clusters of DNS traffic contain insider threats in the organizations and the most frequent suspect of insider threats are botnet, categorized as misuse in insider threat classification. Some clusters could be suspicious indicating insider threats and other cluster is also a benign cluster but potentially an abnormal traffic.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
