DNS based network traffic monitoring service

OData support
Dr. Lengyel László
Department of Automation and Applied Informatics

The increasing number of devices that are connected to the internet bring serious privacy and security issues. While some devices can be used in attacks like DDOS, some can collect or leak personal data from their users. For example, always-on microphones listening on private conversations, or smart televisions communicating with their vendors. There is little, an average digital citizen can do to detect or block this kind of activities.

One of the core services of the internet is DNS, which is used by nearly all of the internet connected devices. DNS patterns can detect such activities as Pi-Hole users already confirmed. I also made a research at summer to confirm this on my own.

First, I discover the existing DNS based services, and I examine what can be achieved with a DNS based defense system. I am creating a DNS-based service which can supervise the network traffic. The service is capable of resolving and analyzing DNS queries by making an inner level between local network and the world wide web. The service provides an easy way for adding extension modules that can examine and block suspicious activities. The modules can be simple advertisement blocking lists, but they can use machine learning models too.

I am examining the speed of the system with different tests, to prove its appropriate working speed. The base of the comparison is Pi-Hole, which serves as a reference in the measurement. The result shows that the system is slower than the other services that participate in the comparison, but this does not seem critical, and it can be optimized in the future.

I designed a data logging unit, which stores the DNS queries on the local device, thereby users can get insights into the behavior of their devices. In the end I am making suggestions for further development and I am showing ways for the future of the project.


Please sign in to download the files of this thesis.