Kamal Alieyan

A survey of botnet detection based on DNS

Botnet is a thorny and a grave problem of today’s Internet, resulting in economic damage for organizations and individuals. Botnet is a group of compromised hosts running malicious software program for malicious purposes, known as bots. It is also worth mentioning that the current trend of botnets is to hide their identities (i.e., the command and control server) using the DNS services to hinder their identification process. Fortunately, different approaches have been proposed and developed to tackle the problem of botnets; however, the problem still rises and emerges causing serious threat to the cyberspace-based businesses and individuals. Therefore, this paper comes up to explore the various botnet detection techniques through providing a survey to observe the current state of the art in the field of botnet detection techniques based on DNS traffic analysis. To the best of our knowledge, this is the first survey to discuss DNS-based botnet detection techniques in which the problems, existing solutions and the future research direction in the field of botnet detection based on DNS traffic analysis for effective botnet detection mechanisms in the future are explored and clarified.

Internet of Things (IoT) communication protocols: Review

Internet of Things (IoT) consists of smart devices that communicate with each other. It enables these devices to collect and exchange data. Besides, IoT has now a wide range of life applications such as industry, transportation, logistics, healthcare, smart environment, as well as personal, social gaming robot, and city information. Smart devices can have wired or wireless connection. As far as the wireless IoT is the main concern, many different wireless communication technologies and protocols can be used to connect the smart device such as Internet Protocol Version 6 (IPv6), over Low power Wireless Personal Area Networks (6LoWPAN), ZigBee, Bluetooth Low Energy (BLE), Z-Wave and Near Field Communication (NFC). They are short range standard network protocols, while SigFox and Cellular are Low Power Wide Area Network (LPWAN).standard protocols. This paper will be an attempt to review different communication protocols in IoT. In addition, it will compare between commonly IoT communication protocols, with an emphasis on the main features and behaviors of various metrics of power consumption security spreading data rate, and other features. This comparison aims at presenting guidelines for the researchers to be able to select the right protocol for different applications.

Review on mechanisms for detecting sinkhole attacks on RPLs

Internet Protocol version 6 (IPv6) over Low power Wireless Personal Area Networks (6LoWPAN) is extensively used in wireless sensor networks (WSNs) due to its ability to transmit IPv6 packet with low bandwidth and limited resources. 6LoWPAN has several operations in each layer. Most existing security challenges are focused on the network layer, which is represented by its routing protocol for low-power and lossy network (RPL). RPL components include WSN nodes that have constrained resources. Therefore, the exposure of RPL to various attacks may lead to network damage. A sinkhole attack is a routing attack that could affect the network topology. This paper aims to investigate the existing detection mechanisms used in detecting sinkhole attack on RPL-based networks. This work categorizes and presents each mechanism according to certain aspects. Then, their advantages and drawbacks with regard to resource consumption and false positive rate are discussed and compared.

An overview of DDoS attacks based on DNS

Botnet-based Distributed Denial of Service (DDoS) attacks are considered as the main concerns and problems of todays Internet. The damage of these attacks are very serious since the number of computers involved in these attacks is huge and distributed worldwide. However, many protocols such as Domain Name System (DNS) have several security vulnerabilities nowadays that are utilized by botnet attackers. The amplification attacks are the most popular attacks in the Internet which require robust hardware and software for security assurance. In this paper, we provide an overview of botnet-based DDoS attacks that use DNS as a basic infrastructure to launch attacks. We aim to make a better understanding of the most noted attacks to extend the knowledge about DDoS attacks and to analyze the importance of DNS services.

A Mathematical Model of the Behavior of SIP Signaling and Media Messages

Over the last few years, many multimedia conferencing and Voice over Internet Protocol (VoIP) applications have been developed due to the use of signaling protocols in providing video, audio and text chatting services between at least two participants. This paper studies the behavior of the widely common signaling protocol; Session Initiation Protocol (SIP) in terms of the behavior of the signaling and media messages, as well as the delay time during call setup, call teardown, and media sessions.

The effect of packet loss in the homogeneous and heterogeneous protocols media exchange environment: A comparison

In the last few years, when two Internet users want to communicate via chatting application, they have to use the same application since each chatting application uses a certain signaling protocol to handle the chatting sessions. As a result, many researchers proposed some mapping architectures when two users want to communicate using different chatting applications by proposing a translation gateway in order to translate the message format of the sender to the receiver message format. This paper presents a comparison with respect to the packet loss for the homogeneous and heterogeneous protocols media exchange environments including the two main media session architectures.

Timestamp utilization in Trust-ND mechanism for securing Neighbor Discovery Protocol

Trust-ND is an alternative lightweight security mechanism based on distributed trust management model to secure IPv6 Neighbor Discovery Protocol. Trust-ND introduced a new NDP option, called Trust option, with three fields: Message Generation Time (or timestamp), Nonce, and Message Authentication Data. A thorough investigation and analysis of the use of timestamp field has identified four scenarios which could result in Denial-of-Service (DoS) as well as a source of inefficiency. DoS is triggered when two or more IPv6 nodes in the same link have unsynchronized clocks with large time difference between them due to the use of local clock, attack on the synchronization mechanism, misconfiguration or faulty clock. DoS could also occurs as the result of faulty validation process caused by the inability of the timestamp to capture and represent two distinct messaging events due to insufficient granularity or lack of precision of the timestamp format. This paper presents measures to overcome the issue of DoS by proposing a change to the reference time to use Coordinated Universal Time (UTC); modification to the Trust-ND validation process to solve the problem of unsynchronized clocks among nodes; and a new timestamp format to increase the precision to correctly represent and distinguish two events occurring in less than hundredths of a second.