Malicious DNS Tunneling Detection in Real-Traffic DNS Data

被引：11

作者：

Lambion, Danielle ^{[1
]}

Josten, Michael ^{[1
]}

Olumofin, Femi ^{[2
]}

De Cock, Martine ^{[1
]}

机构：

[1] Univ Washington, Sch Engn & Technol, Tacoma, WA 98402 USA

[2] Infoblox, Santa Clara, CA USA

来源：

2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA) | 2020年

关键词：

DNS tunneling; random forest; CNN;

D O I：

10.1109/BigData50022.2020.9378418

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

While originally not intended for data transfer, the Domain Name System (DNS) is currently used to this end anyway, in a process called DNS tunneling (DNST). Malicious users exploit DNST for data exfiltration from infected machines, posing a critical security threat. We train and evaluate state-of-the-art convolutional neural network, random forest, and ensemble classifiers to detect tunneling in DNS traffic. Finally, we assess the classifiers' performance and robustness by exposing them to one day of real-traffic data.

引用

页码：5736 / 5738

页数：3

共 50 条

[21] Malicious Network Traffic Detection for DNS over HTTPS using Machine Learning Algorithms
Casanova, Lionel F. Gonzalez
Lin, Po-Chiang
APSIPA TRANSACTIONS ON SIGNAL AND INFORMATION PROCESSING, 2023, 12 (02)
[22] Detection of Malicious Domains Using Passive DNS with XGBoost
Silveira, Marcos Rogerio
Cansian, Adriano Mauro
Kobayashi, Hugo Koji
2020 IEEE INTERNATIONAL CONFERENCE ON INTELLIGENCE AND SECURITY INFORMATICS (ISI), 2020, : 59 - 61
[23] Malicious DNS detection by combining improved transformer and CNN
Li, Heyu
Li, Zhangmeizhi
Zhang, Shuyan
Pu, Xiao
SCIENTIFIC REPORTS, 2024, 14 (01):
[24] Malicious Traffic Detection in DNS over HTTPS (DoH): Edge Prediction with Graph Convolutional Network
Boonyakorn, Pongsarun
Changsan, Ukid
2024 INTERNATIONAL TECHNICAL CONFERENCE ON CIRCUITS/SYSTEMS, COMPUTERS, AND COMMUNICATIONS, ITC-CSCC 2024, 2024,
[25] Real-Time Detection System for Data Exfiltration over DNS Tunneling Using Machine Learning
Abualghanam, Orieb
Alazzam, Hadeel
Elshqeirat, Basima
Qatawneh, Mohammad
Almaiah, Mohammed Amin
ELECTRONICS, 2023, 12 (06)
[26] Real-Time Detection of DNS Exfiltration and Tunneling from Enterprise Networks
Ahmed, Jawad
Gharakheili, Hassan Habibi
Raza, Qasim
Russell, Craig
Sivaraman, Vijay
2019 IFIP/IEEE SYMPOSIUM ON INTEGRATED NETWORK AND SERVICE MANAGEMENT (IM), 2019, : 649 - 653
[27] BotMAD: Botnet Malicious Activity Detector Based on DNS Traffic Analysis
Sharma, Pooja
Kumar, Sanjeev
Sharma, Neeraj
PROCEEDINGS ON 2016 2ND INTERNATIONAL CONFERENCE ON NEXT GENERATION COMPUTING TECHNOLOGIES (NGCT), 2016, : 824 - 830
[28] Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis
Zhao, Guodong
Xu, Ke
Xu, Lei
Wu, Bo
IEEE ACCESS, 2015, 3 : 1132 - 1142
[29] Clustering Malicious DNS Queries for Blacklist-Based Detection
Satoh, Akihiro
Nakamura, Yutaka
Nobayashi, Daiki
Sasai, Kazuto
Kitagata, Gen
Ikenaga, Takeshi
IEICE TRANSACTIONS ON INFORMATION AND SYSTEMS, 2019, E102D (07) : 1404 - 1407
[30] Detection of DNS Traffic Anomalies in Large Networks
Cermak, Milan
Celeda, Pavel
Vykopal, Jan
ADVANCES IN COMMUNICATION NETWORKING, 2014, 8846 : 215 - 226

← 1 2 3 4 5 →