Detection of Exfiltration and Tunneling over DNS

被引：19

作者：

Das, Anirban ^{[1
]}

Shen, Min-Yi ^{[2
]}

Shashanka, Madhu ^{[3
]}

Wang, Jisheng ^{[2
]}

机构：

[1] Samsung Res Amer Inc, Palo Alto, CA USA

[2] Hewlett Packard Enterprise, Palo Alto, CA USA

[3] Charles Schwab, San Francisco, CA USA

来源：

2017 16TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA) | 2017年

关键词：

DNS; C&C; exfiltration; machine learning; indicator of compromise; IOC; DNS tunnel;

D O I：

10.1109/ICMLA.2017.00-71

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper proposes a method to detect two primary means of using the Domain Name System (DNS) for malicious purposes. We develop machine learning models to detect information exfiltration from compromised machines and the establishment of command & control (C&C) servers via tunneling. We validate our approach by experiments where we successfully detect a malware used in several recent Advanced Persistent Threat (APT) attacks [1]. The novelty of our method is its robustness, simplicity, scalability, and ease of deployment in a production environment.

引用

页码：737 / 742

页数：6

共 50 条

[1] DNS Tunnelling, Exfiltration and Detection over Cloud Environments
Salat, Lehel
Davis, Mastaneh
Khan, Nabeel
SENSORS, 2023, 23 (05)
[2] Real-Time Detection System for Data Exfiltration over DNS Tunneling Using Machine Learning
Abualghanam, Orieb
Alazzam, Hadeel
Elshqeirat, Basima
Qatawneh, Mohammad
Almaiah, Mohammed Amin
ELECTRONICS, 2023, 12 (06)
[3] Real-Time Detection of DNS Exfiltration and Tunneling from Enterprise Networks
Ahmed, Jawad
Gharakheili, Hassan Habibi
Raza, Qasim
Russell, Craig
Sivaraman, Vijay
2019 IFIP/IEEE SYMPOSIUM ON INTEGRATED NETWORK AND SERVICE MANAGEMENT (IM), 2019, : 649 - 653
[4] Detection of malicious and low throughput data exfiltration over the DNS protocol
Nadler, Asaf
Aminov, Avi
Shabtai, Asaf
COMPUTERS & SECURITY, 2019, 80 : 36 - 53
[5] A DNS Tunneling Detection Method Based on Deep Learning Models to Prevent Data Exfiltration
Zhang, Jiacheng
Yang, Li
Yu, Shui
Ma, Jianfeng
NETWORK AND SYSTEM SECURITY, NSS 2019, 2019, 11928 : 520 - 535
[6] Detecting Data Exfiltration over Encrypted DNS
Steadman, Jacob
Scott-Hayward, Sandra
PROCEEDINGS OF THE 2022 IEEE 8TH INTERNATIONAL CONFERENCE ON NETWORK SOFTWARIZATION (NETSOFT 2022): NETWORK SOFTWARIZATION COMING OF AGE: NEW CHALLENGES AND OPPORTUNITIES, 2022, : 429 - 437
[7] DNSxD: Detecting Data Exfiltration Over DNS
Steadman, Jacob
Scott-Hayward, Sandra
2018 IEEE CONFERENCE ON NETWORK FUNCTION VIRTUALIZATION AND SOFTWARE DEFINED NETWORKS (NFV-SDN), 2018,
[8] Detecting DNS over HTTPS based data exfiltration
Zhan, Mengqi
Li, Yang
Yu, Guangxi
Li, Bo
Wang, Weiping
Computer Networks, 2022, 209
[9] Detecting DNS over HTTPS based data exfiltration
Zhan, Mengqi
Li, Yang
Yu, Guangxi
Li, Bo
Wang, Weiping
COMPUTER NETWORKS, 2022, 209
[10] Improving DNS Data Exfiltration Detection Through Temporal Analysis
Spathoulas, Georgios
Anagnostopoulos, Marios
Papageorgiou, Konstantinos
Kavallieratos, Georgios
Theodoridis, Georgios
UBIQUITOUS SECURITY, UBISEC 2023, 2024, 2034 : 133 - 146

← 1 2 3 4 5 →