ZDNS
Advanced DNS Filtering with AI/ML and Threat Intelligence
An innovative Domain Name Server (DNS) filtering service that leverages threat intelligence feeds and advanced AI/ML techniques to enhance cybersecurity measures. Developed in collaboration with Karunya Institute of Technology and Sciences.
Architecture Overview
The zDNS system employs a sophisticated architecture that combines on-premises server components with cloud-based infrastructure.
Server Components
- Unbound Cache DNS: Handles initial DNS requests and caching.
- Blacklist DB: Stores known malicious domains.
- AI Engine: Machine learning models for real-time threat detection.
- Threat Feeds: Continuously updates system data.
Cloud Infrastructure
- HAProxy: Distributes traffic across Kubernetes cluster.
- Kubernetes: Manages containerized applications for scale.
- Log DB: Stores logs for audit and analysis.
- Alert Engine: Real-time system health alerts.
AI Capabilities
Specialized in Domain Generation Algorithm (DGA) classification to identify and block malware sources.
Key Features
STIX/TAXII Implementation
Full implementation of a STIX/TAXII server, adhering to international standards for threat intelligence sharing. Allows the system to consume and share threat data with other security tools securely.
Backend Analysis
Incorporates PCAP analysis for deep packet inspection, Zeek integration for network security monitoring, and regex-based blocking for flexible rules.
Compliance
Adheres to ISO/IEC 27001, NIST Cybersecurity Framework, GDPR, and the MITRE ATT&CK Framework.