Malicious DNS Tunneling Detection in Real-Traffic DNS Data

被引:11
|
作者
Lambion, Danielle [1 ]
Josten, Michael [1 ]
Olumofin, Femi [2 ]
De Cock, Martine [1 ]
机构
[1] Univ Washington, Sch Engn & Technol, Tacoma, WA 98402 USA
[2] Infoblox, Santa Clara, CA USA
来源
2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA) | 2020年
关键词
DNS tunneling; random forest; CNN;
D O I
10.1109/BigData50022.2020.9378418
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
While originally not intended for data transfer, the Domain Name System (DNS) is currently used to this end anyway, in a process called DNS tunneling (DNST). Malicious users exploit DNST for data exfiltration from infected machines, posing a critical security threat. We train and evaluate state-of-the-art convolutional neural network, random forest, and ensemble classifiers to detect tunneling in DNS traffic. Finally, we assess the classifiers' performance and robustness by exposing them to one day of real-traffic data.
引用
收藏
页码:5736 / 5738
页数:3
相关论文
共 50 条
  • [31] An FPGA-Based Malicious DNS Packet Detection Tool
    Thomas, Brennon
    Mullins, Barry
    PROCEEDINGS OF THE 5TH INTERNATIONAL CONFERENCE ON INFORMATION WARFARE AND SECURITY, 2010, : 337 - 342
  • [32] A DNS Security Policy for Timely Detection of Malicious Modification on Webpages
    Gaurav, Varshney
    Nama, Shah
    2021 28TH INTERNATIONAL CONFERENCE ON TELECOMMUNICATIONS (ICT), 2021, : 76 - 80
  • [33] Detection of Newly Registered Malicious Domains through Passive DNS
    Silveira, Marcos Rogerio
    da Silva, Leandro Marcos
    Cansian, Adriano Mauro
    Kobayashi, Hugo Koji
    2021 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA), 2021, : 3360 - 3369
  • [34] Early Detection of Malicious Flux Networks via Large-Scale Passive DNS Traffic Analysis
    Perdisci, Roberto
    Corona, Igino
    Giacinto, Giorgio
    IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2012, 9 (05) : 714 - 726
  • [35] Behavior Analysis based DNS Tunneling Detection and Classification with Big Data Technologies
    Yu, Bin
    Smith, Les
    Threefoot, Mark
    Olumofin, Femi
    IOTBD: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON INTERNET OF THINGS AND BIG DATA, 2016, : 284 - 290
  • [36] Detection of DNS Tunneling by Feature-free Mechanism
    Lai, Chia-Min
    Huang, Bo-Ching
    Huang, Shin-Ying
    Mao, Ching-Hao
    Lee, Hahn-Ming
    2018 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC), 2018, : 376 - 377
  • [37] Detecting Malicious Activity with DNS Backscatter
    Fukuda, Kensuke
    Heidemann, John
    IMC'15: PROCEEDINGS OF THE 2015 ACM CONFERENCE ON INTERNET MEASUREMENT CONFERENCE, 2015, : 197 - 210
  • [38] Malicious DNS Tunnel Tool Recognition Using Persistent DoH Traffic Analysis
    Mitsuhashi, Rikima
    Jin, Yong
    Iida, Katsuyoshi
    Shinagawa, Takahiro
    Takai, Yoshiaki
    IEEE TRANSACTIONS ON NETWORK AND SERVICE MANAGEMENT, 2023, 20 (02): : 2086 - 2095
  • [39] Efficiency of Malware Detection based on DNS Packet Analysis over Real Network Traffic
    Principi, Lorenzo
    Baldi, Marco
    Cucchiarelli, Alessandro
    Spalazzi, Luca
    2023 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR, 2023, : 42 - 47
  • [40] Real Time DNS Traffic Profiling Enhanced Detection Design for National Level Network
    Manggalanny, Muhammad Salahuddien
    Ramli, Kalamullah
    2017 INTERNATIONAL SEMINAR ON INTELLIGENT TECHNOLOGY AND ITS APPLICATIONS (ISITIA), 2017, : 11 - 15
12345