A DNS-based sinkhole is a DNS server that responds to a query with a falsified result. Doing so with a malicious intent would classify as DNS spoofing. However, sinkholes have also been used for non-malicious purposes. For example, the command and control (C&C) channel of a botnet can be interrupted by locally deploying a sinkhole .
Besides actively scrubbing traffic, a potential application is to analyze network traffic to gain insights on cyberattacks . For that, there is a lack of solutions that provide integrated sinkholing and traffic analysis features. The goal of this thesis is to integrate a configurable and easy to use DNS sinkhole into the SecGrid traffic analysis platform . Depending on the type of thesis, we will evaluate the prototype by analyzing a cyberattack in a practical case study.
 WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168
 Guy Bruneau, DNS Sinkhole: https://sansorg.egnyte.com/dl/DYUXN3hHdz/?
 Malware Statistics: https://www.govcert.admin.ch/statistics/malware/
 M. Franco et al., "Poster: DDoSGrid: a Platform for the Post-mortem Analysis and Visualization of DDoS Attacks" https://ieeexplore.ieee.org/document/9472850
Supervisors: Jan von der Assenback to the main page