Detection of Exfiltration and Tunneling over DNS

被引：19

作者：

Das, Anirban ^{[1
]}

Shen, Min-Yi ^{[2
]}

Shashanka, Madhu ^{[3
]}

Wang, Jisheng ^{[2
]}

机构：

[1] Samsung Res Amer Inc, Palo Alto, CA USA

[2] Hewlett Packard Enterprise, Palo Alto, CA USA

[3] Charles Schwab, San Francisco, CA USA

来源：

2017 16TH IEEE INTERNATIONAL CONFERENCE ON MACHINE LEARNING AND APPLICATIONS (ICMLA) | 2017年

关键词：

DNS; C&C; exfiltration; machine learning; indicator of compromise; IOC; DNS tunnel;

D O I：

10.1109/ICMLA.2017.00-71

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

This paper proposes a method to detect two primary means of using the Domain Name System (DNS) for malicious purposes. We develop machine learning models to detect information exfiltration from compromised machines and the establishment of command & control (C&C) servers via tunneling. We validate our approach by experiments where we successfully detect a malware used in several recent Advanced Persistent Threat (APT) attacks [1]. The novelty of our method is its robustness, simplicity, scalability, and ease of deployment in a production environment.

引用

页码：737 / 742

页数：6

共 50 条

[41] An ensemble framework for detection of DNS-Over-HTTPS (DOH) traffic
Akarsh Aggarwal
Manoj Kumar
Multimedia Tools and Applications, 2024, 83 : 32945 - 32972
[42] Detecting DNS Tunneling Using Ensemble Learning
Shafieian, Saeed
Smith, Daniel
Zulkernine, Mohammad
NETWORK AND SYSTEM SECURITY, 2017, 10394 : 112 - 127
[43] Performance assessment and analysis of DNS tunneling tools
Aiello, Maurizio
Merlo, Alessio
Papaleo, Gianluca
LOGIC JOURNAL OF THE IGPL, 2013, 21 (04) : 592 - 602
[44] A Comparative Performance Evaluation of DNS Tunneling Tools
Merlo, Alessio
Papaleo, Gianluca
Veneziano, Stefano
Aiello, Maurizio
COMPUTATIONAL INTELLIGENCE IN SECURITY FOR INFORMATION SYSTEMS, 2011, 6694 : 84 - 91
[45] A LONG SHORT TERM MEMORY MODEL FOR CHARACTER-BASED ANALYSIS OF DNS TUNNELING DETECTION
Tayyeh, Huda Kadhim
Al-Jumaili, Ahmed Sabah Ahmed
SCALABLE COMPUTING-PRACTICE AND EXPERIENCE, 2024, 25 (06): : 5250 - 5257
[46] Data Exfiltration Detection on Network Metadata with Autoencoders
Willems, Daan
Kohls, Katharina
van der Kamp, Bob
Vranken, Harald
ELECTRONICS, 2023, 12 (12)
[47] DNS tunnels detection via DNS-images
D'Angelo, Gianni
Castiglione, Arcangelo
Palmieri, Francesco
INFORMATION PROCESSING & MANAGEMENT, 2022, 59 (03)
[48] Advance Approach for Detection of DNS Tunneling Attack from Network Packets Using Deep Learning Algorithms
Sakarkar, Gopal
Kolekar, Mahesh Kumar H.
Paithankar, Ketan
Patil, Gaurav
Dutta, Prateek
Chaturvedi, Ruchi
Kumar, Shivam
ADCAIJ-ADVANCES IN DISTRIBUTED COMPUTING AND ARTIFICIAL INTELLIGENCE JOURNAL, 2021, 10 (03): : 241 - 266
[49] The fight over encrypted DNS
Rashid, Fahmida Y.
IEEE SPECTRUM, 2020, 57 (01) : 11 - 12
[50] Classifying DNS Tunneling Tools For Malicious DoH Traffic
Alenezi, Rafa
Ludwig, Simone A.
2021 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (IEEE SSCI 2021), 2021,

← 1 2 3 4 5 →