Detection of Exfiltration and Tunneling over DNS

被引：19

作者：

Das, Anirban ^{[1
]}

Shen, Min-Yi ^{[2
]}

Shashanka, Madhu ^{[3
]}

Wang, Jisheng ^{[2
]}

机构：

[1] Samsung Res Amer Inc, Palo Alto, CA USA

[2] Hewlett Packard Enterprise, Palo Alto, CA USA

[3] Charles Schwab, San Francisco, CA USA

来源：

2017 16TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA) | 2017年

关键词：

DNS; C&C; exfiltration; machine learning; indicator of compromise; IOC; DNS tunnel;

D O I：

10.1109/ICMLA.2017.00-71

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper proposes a method to detect two primary means of using the Domain Name System (DNS) for malicious purposes. We develop machine learning models to detect information exfiltration from compromised machines and the establishment of command & control (C&C) servers via tunneling. We validate our approach by experiments where we successfully detect a malware used in several recent Advanced Persistent Threat (APT) attacks [1]. The novelty of our method is its robustness, simplicity, scalability, and ease of deployment in a production environment.

引用

页码：737 / 742

页数：6

共 50 条

[31] DNS tunneling detection through statistical fingerprints of protocol messages and machine learning
Aiello, M.
Mongelli, M.
Papaleo, G.
INTERNATIONAL JOURNAL OF COMMUNICATION SYSTEMS, 2015, 28 (14) : 1987 - 2002
[32] Behavior Analysis based DNS Tunneling Detection and Classification with Big Data Technologies
Yu, Bin
Smith, Les
Threefoot, Mark
Olumofin, Femi
IOTBD: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTERNET OF THINGS AND BIG DATA, 2016, : 284 - 290
[33] Detection of Exfiltration in Sewer Systems with Tracers
Stegeman, Bram
Langeveld, Jeroen
Bogaard, Thom
Clemens, Francois
NEW TRENDS IN URBAN DRAINAGE MODELLING, UDM 2018, 2019, : 820 - 824
[34] DNS Over HTTPS Detection Using Standard Flow Telemetry
Jerabek, Kamil
Hynek, Karel
Rysavy, Ondrej
Burgetova, Ivana
IEEE ACCESS, 2023, 11 : 50000 - 50012
[35] Stream-wise Detection of Surreptitious Traffic over DNS
Cejka, Tomas
Rosa, Zdenek
Kubatova, Hana
2014 IEEE 19TH INTERNATIONAL WORKSHOP ON COMPUTER AIDED MODELING AND DESIGN OF COMMUNICATION LINKS AND NETWORKS (CAMAD), 2014, : 300 - 304
[36] CSR-PTDNG: A Graph Construction Method for DNS Tunneling Domain Names Detection
Xu, Zhaoyang
Guan, Zhujie
Tian, Mengmeng
2024 IEEE SYMPOSIUM ON COMPUTERS AND COMMUNICATIONS, ISCC 2024, 2024,
[37] Data Exfiltration: Methods and Detection Countermeasures
King, James
Bendiab, Gueltoum
Savage, Nick
Shiaeles, Stavros
PROCEEDINGS OF THE 2021 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE (IEEE CSR), 2021, : 442 - 447
[38] An ensemble framework for detection of DNS-Over-HTTPS (DOH) traffic
Aggarwal, Akarsh
Kumar, Manoj
MULTIMEDIA TOOLS AND APPLICATIONS, 2024, 83 (11) : 32945 - 32972
[39] Similarity Search over DNS Query Streams for Email Worm Detection
Chatzis, Nikolaos
Brownlee, Nevil
2009 INTERNATIONAL CONFERENCE ON ADVANCED INFORMATION NETWORKING AND APPLICATIONS, 2009, : 588 - +
[40] Exploring Simple Detection Techniques for DNS-over-HTTPS Tunnels
Kwan, Carmen
Janiszewski, Paul
Qiu, Shela
Wang, Cathy
Bocovich, Cecylia
PROCEEDINGS OF THE 2021 WORKSHOP ON FREE AND OPEN COMMUNICATIONS ON THE INTERNET (FOCI '21), 2021, : 37 - 42

← 1 2 3 4 5 →