Not logged in.
Quick Search - Contribution
Contribution Details
| Type | Bachelor's Thesis |
| Scope | Discipline-based scholarship |
| Title | Design and Implementation of a Traffic Sinkhole for Cyberattack Analysis |
| Organization Unit | |
| Authors |
|
| Supervisors |
|
| Language |
|
| Institution | University of Zurich |
| Faculty | Faculty of Business, Economics and Informatics |
| Date | 2022 |
| Abstract Text | This thesis deals with the design and implementation of a network traffic sinkhole integrated into the existing SecGrid platform developed by the University of Zurich, with the main goal of allowing easy detection and diversion of malicious traffic originating from malware. After an overview of existing solutions and approaches for traffic detection and diversion, DNS in conjunction with a blacklist is chosen as the approach for both of these issues for it's low intrusiveness and easy deployability. A full-fledged, easily user-configurable DNS sinkhole is then implemented as a part of this work. It offers a graphical user interface with options for the user to configure the blacklist in various ways, including automatic polling from an URL, as well as an overview of the most requested blacklisted domains, among other features. This implementation is subsequently tested for performance and effectiveness in mitigating various malware families. The results are overall positive: the sinkhole only introduces an additional delay of just over 2ms while providing blacklist detection capabilities, and most tested malware families could successfully be prevented from fulfilling their malicious intent, with the notable exception of ransomware. |
| PDF File |
Download
|
| Export |
BibTeX
|