From 42fce4f17c4a32c5e9e9cf48f0365a16ee850016 Mon Sep 17 00:00:00 2001 From: Felix Steghofer Date: Tue, 28 Nov 2017 11:07:41 +0100 Subject: [PATCH] updated tex --- Thesis/.gitignore | 34 ++++++++++++++ Thesis/bibliography.bib | 29 ++++++++++++ .../Abuse_of_Domain_Names.tex | 45 +++++++++++++++++++ Thesis/content/Conclusion/Conclusion.tex | 8 ++++ .../Development_of_DoresA.tex | 14 ++++++ .../Evaluation_of_existing_Systems.tex | 15 +++++++ .../Introduction/Challenges/Challenges.tex | 2 - Thesis/content/Introduction/Goals/Goals.tex | 2 - Thesis/content/Introduction/Introduction.tex | 24 +++++----- .../Introduction/Motivation/Motivation.tex | 2 - .../Related_Work/Related_Work.tex | 2 - .../content/Technical_Background/DNS/DNS.tex | 40 +++++++++-------- .../Technical_Background.tex | 3 +- Thesis/glossar.tex | 24 ++++++++++ Thesis/main.tex | 4 ++ Thesis/meta.tex | 4 +- 16 files changed, 208 insertions(+), 44 deletions(-) create mode 100644 Thesis/.gitignore create mode 100644 Thesis/content/Abuse_of_Domain_Names/Abuse_of_Domain_Names.tex create mode 100644 Thesis/content/Conclusion/Conclusion.tex create mode 100644 Thesis/content/Development_of_DoresA/Development_of_DoresA.tex create mode 100644 Thesis/content/Evaluation_of_existing_Systems/Evaluation_of_existing_Systems.tex delete mode 100644 Thesis/content/Introduction/Challenges/Challenges.tex delete mode 100644 Thesis/content/Introduction/Motivation/Motivation.tex delete mode 100644 Thesis/content/Introduction/Related_Work/Related_Work.tex diff --git a/Thesis/.gitignore b/Thesis/.gitignore new file mode 100644 index 0000000..37af952 --- /dev/null +++ b/Thesis/.gitignore @@ -0,0 +1,34 @@ +# LaTeX temporary files +*.aux +*.log +*.toc +*.brf +*.ilg +*.lol +*.xdg +*.xdy +*.glsdefs + + +# vscode +.vscode + +# PDF output - usually a bad idea to keep this in Git +*.pdf + +# Latexmk +*.fdb_latexmk + +# SyncTeX +*.synctex.gz + +# LaTeX Beamer +*.snm +*.vrb +*.nav +*.out + +# BibTeX +*.bbl +*.blg + diff --git a/Thesis/bibliography.bib b/Thesis/bibliography.bib index 7aa5ad5..b652a49 100644 --- a/Thesis/bibliography.bib +++ b/Thesis/bibliography.bib @@ -83,6 +83,35 @@ year = 1997 } +@misc{theguardiancom_wannacry, + author = {Nadia Khomami and Olivia Solon}, + month = {May}, + organization = {theguardian}, + publisher = {theguardian}, + title = {{'Accidental hero' halts ransomware attack and warns: this is not over}}, + url = {https://www.theguardian.com/technology/2017/may/13/accidental-hero-finds-kill-switch-to-stop-spread-of-ransomware-cyber-attack}, + year = 2017 +} + +@misc{googlecom_ipv6adoption, + author = {Google}, + month = {January}, + organization = {google.com}, + publisher = {google.com}, + title = {{Statistics IPv6 Adoption of Google users}}, + url = {https://www.google.de/ipv6/statistics.html}, + year = 2017 +} + +@misc{rp-2016-underground-hacker-marketplace-report, + author = {CTU}, + month = {September}, + organization = {DELL SecureWorks Counter Threat Unit}, + publisher = {DELL CTU}, + title = {{2016 Underground Hacker Marketplace Report}}, + url = {https://www.secureworks.com/resources/rp-2016-underground-hacker-marketplace-report}, + year = 2016 +} @book{mockapetris1988development, diff --git a/Thesis/content/Abuse_of_Domain_Names/Abuse_of_Domain_Names.tex b/Thesis/content/Abuse_of_Domain_Names/Abuse_of_Domain_Names.tex new file mode 100644 index 0000000..d4a50ea --- /dev/null +++ b/Thesis/content/Abuse_of_Domain_Names/Abuse_of_Domain_Names.tex @@ -0,0 +1,45 @@ +\chapter{Abuse of Domain Names} +\label{cha:abuse_of_domain_names} + +The \gls{dns} makes it easy to browse the internet with human readable domain names. It adds an extra layer to the TCP/IP model that allows administrators to reliably maintain services, especially for large applications which are served by many servers in different locations. Using techniques like round robin \gls{dns} enables efficient use of multiple machines, decreases access time for different users and enhances availability if single nodes in the machine cluster fail. Although this led to the described advantages it can also be used by malicious applications. In this work three major types of misuse of domain names are taken into account. + + +\section{Malware} +\label{sec:malware} + +On May 12th 2017, British security researchers discovered a malware which was spreading massively at the time, especially in central Europe. After successful attack the WannaCry called malware encrypted users and companies files and pretended that the only solution to get back the decrypted files was to pay an amount of about \$ 300 in bitcoins. Researchers quickly discovered a request that was made by the malware to an unregistered domain. The purpose of the very long nonsensical domain name (\texttt{iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com}) was not known at the time one of the researchers (Darien Huss) registered it. Afterwards Huss registered many thousands of requests every second to this domain. After more investigations it was clear that the domain was acting as a kill switch for the \gls{ransomware} and by registering the domain, further spreading could be slowed down \fsCite{theguardiancom_wannacry}. + +This case shows an example of how domains can be used by attackers to control their software. Usually domains are more often used to connect to command and control servers or to communicate with other infected machines (see Section~\ref{sec:botnets}). To infect a machine, attackers often use so called \textit{droppers} or \textit{injectors} that do not ship the malicious code in the first hand but that are little programs to download further source code or binaries that contain the harming functionality. It is much easier for malware authors to use domains for this purpose instead of hard coding the IP addresses for many reasons: If machines that serve the down-loadable content are e.g. confiscated by the police or taken down for other reasons, domains can simply be pointed to a redundant server and such minimizing slow downs in the distribution of the malware. Reliable endpoints are also used to maintain the malicious software and load additional code. As domains are comparably cheap (starting at a few cents per year compared to at least \$ 10 for a dedicated IPv4 address a year), attackers can build a pool of many domains and such compensate take downs of some domain names. This could possibly change when IPv6 is widely adopted (with IPv6 addresses being much cheaper) but according to statistics of Google, only about 20\% of worldwide users accessing google where IPv6 enabled (natively or using IPv6 to IPv4 bridges) \fsCite{googlecom_ipv6adoption}. This imposes the usage of IPv6 as the primary protocol in malware for obvious reasons. + + +\subsection{Countermeasures} +\label{subsec:countermeasures} + + + +\section{Phishing} +\label{sec:phishing} + +Phishing describes malicious activities where attackers try to steal private information from internet users which are mostly used to gain financial benefit from. There are various different types of phishing attacks that have been identified. Starting long before emails and the world wide web had significant popularity, criminals used social engineering on phones to trick users into handing over private personal and financial information. This method is known as vishing (Voice phishing). In the mid 90s AOL was the number one provider of Internet access and the first big target of phishing activities like it is known today. At the time, people from the warez community used phishing to get passwords for AOL accounts. By impersonating AOL employees in instant messengers as well as email conversations they could obtain free internet access or financially harm people using their credit card information. With the success of the world wide web including the movement of more financial services to the internet criminals used another approach to trick users. By registering domains that look very much like a benign service and imitating the appearance of the corresponding benign website many internet users unknowingly put their banking credentials into fake sites and suffer financial harm. Those credentials may be sold on black markets e.g. in the dark web and can worth up to 5\% of the balance for online banking credentials according to the SecureWorks Counter Threat Unit \fsCite{rp-2016-underground-hacker-marketplace-report}. + + + +\section{Botnets} +\label{sec:botnets} + +A Botnet is a network of mostly computers infected with malicious software and controlled as a group without the owners' knowledge under the remote control of a human operator called bot master or bot herder. Each infected machine is called a Bot; and similar to how robots are acting independently commanded by human operators, every node in the Botnet is performing actions as instructed by the Botmaster. Botnets are mostly used for sending spam emails and running \gls{ddos} attacks. + + +\subsection{Distribution} +\label{subsec:distribution} + + + + +\subsection{Architecture} +\label{subsec:architecture} + +xl + +\subsection{Discovery} +\label{subsec:botnets_discovery} diff --git a/Thesis/content/Conclusion/Conclusion.tex b/Thesis/content/Conclusion/Conclusion.tex new file mode 100644 index 0000000..365c39e --- /dev/null +++ b/Thesis/content/Conclusion/Conclusion.tex @@ -0,0 +1,8 @@ +\chapter{Conclusion} +\label{cha:conclusion} + +\section{Limitations} +\label{sec:limitations} + +\section{Future Work} +\label{sec:future_work} diff --git a/Thesis/content/Development_of_DoresA/Development_of_DoresA.tex b/Thesis/content/Development_of_DoresA/Development_of_DoresA.tex new file mode 100644 index 0000000..62e838c --- /dev/null +++ b/Thesis/content/Development_of_DoresA/Development_of_DoresA.tex @@ -0,0 +1,14 @@ +\chapter{Development of $DoresA$} +\label{cha:development_of_doresa} + +\section{Initial Situation and Goals} +\label{sec:initial_situation_and_goals} + +\section{Dataset preprocessing} +\label{sec:dataset_preprocessing} + +\section{Feature Selection} +\label{sec:feature_selection} + +\section{Evaluation} +\label{sec:evaluation} diff --git a/Thesis/content/Evaluation_of_existing_Systems/Evaluation_of_existing_Systems.tex b/Thesis/content/Evaluation_of_existing_Systems/Evaluation_of_existing_Systems.tex new file mode 100644 index 0000000..e03b872 --- /dev/null +++ b/Thesis/content/Evaluation_of_existing_Systems/Evaluation_of_existing_Systems.tex @@ -0,0 +1,15 @@ +\chapter{Evaluation of existing Systems} +\label{cha:evaluation_of_existing_systems} + + +\section{Evaluation Scheme} +\label{sec:evaluation_scheme} + +\section{Exposure} +\label{sec:exposure} + +\section{Kopis} +\label{sec:kopis} + +\section{Results and Comparison} +\label{sec:results_and_comparison} diff --git a/Thesis/content/Introduction/Challenges/Challenges.tex b/Thesis/content/Introduction/Challenges/Challenges.tex deleted file mode 100644 index 7e34e3e..0000000 --- a/Thesis/content/Introduction/Challenges/Challenges.tex +++ /dev/null @@ -1,2 +0,0 @@ -\section{Challenges} -\label{sec:challenges} diff --git a/Thesis/content/Introduction/Goals/Goals.tex b/Thesis/content/Introduction/Goals/Goals.tex index a768bf2..e69de29 100644 --- a/Thesis/content/Introduction/Goals/Goals.tex +++ b/Thesis/content/Introduction/Goals/Goals.tex @@ -1,2 +0,0 @@ -\section{Goals} -\label{sec:goals} diff --git a/Thesis/content/Introduction/Introduction.tex b/Thesis/content/Introduction/Introduction.tex index 9b75870..b29a5ba 100644 --- a/Thesis/content/Introduction/Introduction.tex +++ b/Thesis/content/Introduction/Introduction.tex @@ -2,9 +2,7 @@ \label{cha:Introduction} -Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. \gls{api} - -Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. +Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. \lstinputlisting[language={java}, label=lst:sendImpliciteIntent,caption=Intent - Bild anzeigen]{res/src/sendImpliciteIntent.java} @@ -12,21 +10,19 @@ Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lo Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. -Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis. -At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, At accusam aliquyam diam diam dolore dolores duo eirmod eos erat, et nonumy sed tempor et et invidunt justo labore Stet clita ea et gubergren, kasd magna no rebum. sanctus sea sed takimata ut vero voluptua. est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat. +\section{Motivation} +\label{sec:motivation} -Consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus. -Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. +\section{Challenges} +\label{sec:challenges} -Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. -Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. +\section{Goals} +\label{sec:goals} -Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo -\input{content/Introduction/Motivation/Motivation} -\input{content/Introduction/Challenges/Challenges} -\input{content/Introduction/Goals/Goals} -\input{content/Introduction/Related_Work/Related_Work} \ No newline at end of file +\section{Related Work} +\label{sec:related_work} + diff --git a/Thesis/content/Introduction/Motivation/Motivation.tex b/Thesis/content/Introduction/Motivation/Motivation.tex deleted file mode 100644 index fc5a690..0000000 --- a/Thesis/content/Introduction/Motivation/Motivation.tex +++ /dev/null @@ -1,2 +0,0 @@ -\section{Motivation} -\label{sec:motivation} diff --git a/Thesis/content/Introduction/Related_Work/Related_Work.tex b/Thesis/content/Introduction/Related_Work/Related_Work.tex deleted file mode 100644 index 6e4874e..0000000 --- a/Thesis/content/Introduction/Related_Work/Related_Work.tex +++ /dev/null @@ -1,2 +0,0 @@ -\section{Related Work} -\label{sec:related_work} diff --git a/Thesis/content/Technical_Background/DNS/DNS.tex b/Thesis/content/Technical_Background/DNS/DNS.tex index 857c5b2..45a6558 100644 --- a/Thesis/content/Technical_Background/DNS/DNS.tex +++ b/Thesis/content/Technical_Background/DNS/DNS.tex @@ -1,4 +1,4 @@ -\section{\glsentrytext{dns}} +\section{Domain Name System} \label{sec:DNS} The \gls{dns} is one of the cornerstone of the internet as it is known today. \todo{statistic about usage}. Initial designs have been proposed in 1983 and evolved over the following four years into the first globally adapted standard RFC 1034 \fsCite{rfc1034} (RFC 1035 for implementation and specification details \fsCite{rfc1035}). The main idea of the \gls{dns} is translating human readable domain names to network addresses. There are many extensions to the initial design including many security related features and enhancements or the support for \gls{ipv6} in 1995. @@ -41,22 +41,23 @@ The \gls{dns} is based on a naming system that consists of a hierarchical and lo \subsubsection{\gls{dns} Resource Records} \label{subsubsec:dns_resource_records} -TODO blabla +\todo{TODO} \begin{table}[] \centering -\caption{Common \gls{dns} Resource Record} -\label{tab:dns_resource_record} -\begin{tabular}{@{}cccc@{}} -Value & Text Code & Type & Description \\ -1 & A & Address & Returns the 32 bit IPv4 address of a host. Most commonly used for name resolution of a host. \\ -28 & AAAA & IPv6 address & Similar to the A record, this returns the address of an host. For IPv6 this has 128 bit. \\ -2 & NS & \begin{tabular}[c]{@{}c@{}}Name\\ Server\end{tabular} & \begin{tabular}[c]{@{}c@{}}Specifies the name of a DNS name server that is authoritative for the zone.\\ Each zone must have at least one NS record that points to its primary name server.\end{tabular} \\ -5 & CNAME & \begin{tabular}[c]{@{}c@{}}Canonical\\ Name\end{tabular} & \begin{tabular}[c]{@{}c@{}}The CNAME records allows to define aliases that point to the real canonical name of the node. \\ This can e.g. be used to hide internal \gls{dns} structures and provide a stable interface for outside users.\end{tabular} \\ -6 & SOA & \begin{tabular}[c]{@{}c@{}}Start of\\ Authority\end{tabular} & \begin{tabular}[c]{@{}c@{}}The SOA record marks the start of a \gls{dns} zone and provides important information about the zone.\\ Every zone must have exactly one SOA records containing e.g. name of the zone, primary authoritative server name\\ and the administration email address.\end{tabular} \\ -12 & PTR & Pointer & Provides a pointer to a different record in the name space. \\ -15 & MX & Mail Exchange & Returns the host that is responsible for handling emails sent to this domain. \\ -16 & TXT & Text String & Record which allows arbitrary additional texts to be stored that are related to the domain. +\caption{Resource Record Types} +\label{tab:resource_record_types} +\begin{tabular}{@{}llll@{}} +\toprule +Value & Text Code & Type & Description \\ \midrule +1 & A & Address & \begin{tabular}[c]{@{}l@{}}Returns the 32 bit IPv4 address of a host. \\ Most commonly used for name resolution \\ of a host.\end{tabular} \\ +28 & AAAA & IPv6 address & \begin{tabular}[c]{@{}l@{}}Similar to the A record, this returns the \\ address of an host. For IPv6 this has 128 bit.\end{tabular} \\ +2 & NS & \begin{tabular}[c]{@{}l@{}}Name\\ Server\end{tabular} & \begin{tabular}[c]{@{}l@{}}Specifies the name of a \gls{dns} name server \\ that is authoritative for the zone. Each \\ zone must have at least one NS record \\ that points to its primary name server.\end{tabular} \\ +5 & CNAME & \begin{tabular}[c]{@{}l@{}}Canonical\\ Name\end{tabular} & \begin{tabular}[c]{@{}l@{}}The CNAME records allows to define \\ aliases that point to the real canonical \\ name of the node. This can e.g. be used\\ to hide internal \gls{dns} structures and \\ provide a stable interface for outside users.\end{tabular} \\ +6 & SOA & \begin{tabular}[c]{@{}l@{}}Start of\\ Authority\end{tabular} & \begin{tabular}[c]{@{}l@{}}The SOA record marks the start of a \gls{dns} \\ zone and provides important information \\ about the zone. Every zone must have \\ exactly one SOA records containing \\ e.g. name of the zone, primary \\ authoritative server name and the \\ administration email address.\end{tabular} \\ +12 & PTR & Pointer & \begin{tabular}[c]{@{}l@{}}Provides a pointer to a different record\\ in the name space.\end{tabular} \\ +15 & MX & Mail Exchange & \begin{tabular}[c]{@{}l@{}}Returns the host that is responsible for\\ handling emails sent to this domain.\end{tabular} \\ +16 & TXT & Text String & \begin{tabular}[c]{@{}l@{}}Record which allows arbitrary \\ additional texts to be stored that are\\ related to the domain.\end{tabular} \\ \bottomrule \end{tabular} \end{table} @@ -186,10 +187,10 @@ Table~\ref{tab:message_header} shows the template of a \gls{dns} message header. \begin{itemize} - \item \textbf{Question Name:} Contains a variably sized payload payload including the domain, zone name or general object that is subject of the query. Encoded using standard \gls{dns} name notation. + \item \textbf{Question Name:} Contains a variably sized payload payload including the domain, zone name or general object that is subject of the query. Encoded using standard \gls{dns} name notation. Depending on the Question Type, for example requesting an A Record will typically require an host part, such as www.domain.tld. A MX query will usually only contain a base domain name (domain.tld). \todo{\url{http://www.tcpipguide.com/free/t_DNSNameNotationandMessageCompressionTechnique.htm}} - \item \textbf{Question Type:} Specifies the type of question being asked. This field may contain a code number corresponding to a particular type of resource being requested, see Table~\ref{tab:dns_resource_record} for common resource types. TODO more blabla, the following special values blabla + \item \textbf{Question Type:} Specifies the type of question being asked. This field may contain a code number corresponding to a particular type of resource being requested, see Table~\ref{tab:resource_record_types} for common resource types. TODO continue here (special values) \item \textbf{Question Class} \todo{TODO} \end{itemize} @@ -222,19 +223,20 @@ QType & Type & Description \\ \subsection{Domain Names} \label{subsec:domain_names} - +\todo{TODO structure of a domain, etc.} \subsection{Resolution} \label{subsec:resolution} \subsubsection{Recursive} -\label{subsubsec:recursive} +\label{TODO subsubsec:recursive} -\begin{figure}[htbp] +\begin{figure}[!htbp] \centering \includegraphics[scale=.5, clip=true]{content/Technical_Background/DNS/DNS_address-resolution.pdf} \caption{Address Resolution} \label{fig:address_resolution} \end{figure} +\todo{not referenced atm} \ No newline at end of file diff --git a/Thesis/content/Technical_Background/Technical_Background.tex b/Thesis/content/Technical_Background/Technical_Background.tex index 5ee2db5..039e194 100644 --- a/Thesis/content/Technical_Background/Technical_Background.tex +++ b/Thesis/content/Technical_Background/Technical_Background.tex @@ -1,4 +1,5 @@ \chapter{Technical Background} \label{cha:technical_background} -\input{content/Technical_Background/DNS/DNS} \ No newline at end of file +\input{content/Technical_Background/DNS/DNS} +\input{content/Technical_Background/Detecting_Malicious_Domain_Names/Detecting_Malicious_Domain_Names} \ No newline at end of file diff --git a/Thesis/glossar.tex b/Thesis/glossar.tex index c0cbe1c..45e7b71 100644 --- a/Thesis/glossar.tex +++ b/Thesis/glossar.tex @@ -5,6 +5,30 @@ of rules and specifications that a software program can follow to access and make use of the services and resources provided by another particular software program that implements that API.} } +\newglossaryentry{ransomware} +{ + name={Ransomware}, + description={Ransomware is a type of malicious software from cryptovirology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid TODO cite} +} + +\newglossaryentry{rir} +{ + name={Regional Internet Registry}, + description={TODO} +} + +\newglossaryentry{lir} +{ + name={Local Internet Registry}, + description={TODO} +} + +\newglossaryentry{ddos} +{ + name={Distributed Denial-of-Service}, + description={Distributed Denial-of-Service is an attack where multiple machines are used to generate as much workload as needed to cause downtimes of a service or machine and make benign usage impossible.} +} + \newacronym{sri-nic}{SRI-NIC}{Stanford Research Institute - Network Information Center} \newacronym{dns}{DNS}{Domain Name System} diff --git a/Thesis/main.tex b/Thesis/main.tex index 4d286ea..0e4cdae 100644 --- a/Thesis/main.tex +++ b/Thesis/main.tex @@ -89,7 +89,11 @@ % include each chapter here % \input{content/Introduction/Introduction} +\input{content/Abuse_of_Domain_Names/Abuse_of_Domain_Names} \input{content/Technical_Background/Technical_Background} +\input{content/Evaluation_of_existing_Systems/Evaluation_of_existing_Systems} +\input{content/Development_of_DoresA/Development_of_DoresA} +\input{content/Conclusion/Conclusion} \clearpage diff --git a/Thesis/meta.tex b/Thesis/meta.tex index 80901a3..4580920 100644 --- a/Thesis/meta.tex +++ b/Thesis/meta.tex @@ -2,8 +2,8 @@ % Global definitions that can be used in document % ------------------------------------------------------------------------------ \usepackage[utf8]{inputenc} -\newcommand{\fsTitle}{Title} -\newcommand{\fsSubTitle}{Subtitle} +\newcommand{\fsTitle}{} +\newcommand{\fsSubTitle}{Evaluation of domain reputation scoring algorithms in the context of IT-Security and development of a domain reputation scoring algorithm} \newcommand{\art}{Master's thesis} \newcommand{\field}{IT-Security} \newcommand{\thesisauthor}{Felix Steghofer}