Malicious DNS Tunneling Detection in Real-Traffic DNS Data

被引：11

作者：

Lambion, Danielle ^{[1
]}

Josten, Michael ^{[1
]}

Olumofin, Femi ^{[2
]}

De Cock, Martine ^{[1
]}

机构：

[1] Univ Washington, Sch Engn & Technol, Tacoma, WA 98402 USA

[2] Infoblox, Santa Clara, CA USA

来源：

2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA) | 2020年

关键词：

DNS tunneling; random forest; CNN;

D O I：

10.1109/BigData50022.2020.9378418

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

While originally not intended for data transfer, the Domain Name System (DNS) is currently used to this end anyway, in a process called DNS tunneling (DNST). Malicious users exploit DNST for data exfiltration from infected machines, posing a critical security threat. We train and evaluate state-of-the-art convolutional neural network, random forest, and ensemble classifiers to detect tunneling in DNS traffic. Finally, we assess the classifiers' performance and robustness by exposing them to one day of real-traffic data.

引用

页码：5736 / 5738

页数：3

共 50 条

[1] Classifying DNS Tunneling Tools For Malicious DoH Traffic
Alenezi, Rafa
Ludwig, Simone A.
2021 IEEE SYMPOSIUM SERIES ON COMPUTATIONAL INTELLIGENCE (IEEE SSCI 2021), 2021,
[2] DNS Traffic Analysis for Malicious Domains Detection
Ghafir, Ibrahim
Prenosil, Vaclav
2ND INTERNATIONAL CONFERENCE ON SIGNAL PROCESSING AND INTEGRATED NETWORKS (SPIN) 2015, 2015, : 613 - 618
[3] An Adaptive Malicious Domain Detection Mechanism with DNS Traffic
ShuoXu
Li, ShuQin
Meng, Kun
Wu, LiJun
Ding, Meng
PROCEEDINGS OF 2017 VI INTERNATIONAL CONFERENCE ON NETWORK, COMMUNICATION AND COMPUTING (ICNCC 2017), 2017, : 86 - 91
[4] Detecting Malicious Domains by Massive DNS Traffic Data Analysis
Tian, Shiqi
Fang, Cheng
Liu, Jun
Lei, Zhenming
2016 8TH INTERNATIONAL CONFERENCE ON INTELLIGENT HUMAN-MACHINE SYSTEMS AND CYBERNETICS (IHMSC), VOL. 1, 2016, : 130 - 133
[5] MORTON: Detection of Malicious Routines in Large-Scale DNS Traffic
Daihes, Yael
Tzaban, Hen
Nadler, Asaf
Shabtai, Asaf
COMPUTER SECURITY - ESORICS 2021, PT I, 2021, 12972 : 736 - 756
[6] Malicious DNS Traffic in Tor: Analysis and Countermeasures
Sonntag, Michael
PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON INFORMATION SYSTEMS SECURITY AND PRIVACY (ICISSP), 2019, : 536 - 543
[7] DNS dataset for malicious domains detection
Marques, Claudio
Malta, Silvestre
Magalhaes, Joao Paulo
DATA IN BRIEF, 2021, 38
[8] A Survey on Malicious Domains Detection through DNS Data Analysis
Zhauniarovich, Yury
Khalil, Issa
Yu, Ting
Dacier, Marc
ACM COMPUTING SURVEYS, 2018, 51 (04)
[9] Detection DNS Tunneling Botnets
Savenko, Bohdan
Lysenko, Sergii
Bobrovnikova, Kira
Savenko, Oleg
Markowsky, George
PROCEEDINGS OF THE THE 11TH IEEE INTERNATIONAL CONFERENCE ON INTELLIGENT DATA ACQUISITION AND ADVANCED COMPUTING SYSTEMS: TECHNOLOGY AND APPLICATIONS (IDAACS'2021), VOL 1, 2021, : 64 - 69
[10] Classifying Malicious Domains using DNS Traffic Analysis
Mahdavifar, Samaneh
Maleki, Nasim
Lashkari, Arash Habibi
Broda, Matt
Razavi, Amir H.
2021 IEEE INTL CONF ON DEPENDABLE, AUTONOMIC AND SECURE COMPUTING, INTL CONF ON PERVASIVE INTELLIGENCE AND COMPUTING, INTL CONF ON CLOUD AND BIG DATA COMPUTING, INTL CONF ON CYBER SCIENCE AND TECHNOLOGY CONGRESS DASC/PICOM/CBDCOM/CYBERSCITECH 2021, 2021, : 60 - 67

← 1 2 3 4 5 →