Malicious DNS Tunneling Detection in Real-Traffic DNS Data

被引：11

作者：

Lambion, Danielle ^{[1
]}

Josten, Michael ^{[1
]}

Olumofin, Femi ^{[2
]}

De Cock, Martine ^{[1
]}

机构：

[1] Univ Washington, Sch Engn & Technol, Tacoma, WA 98402 USA

[2] Infoblox, Santa Clara, CA USA

来源：

2020 IEEE INTERNATIONAL CONFERENCE ON BIG DATA (BIG DATA) | 2020年

关键词：

DNS tunneling; random forest; CNN;

D O I：

10.1109/BigData50022.2020.9378418

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

While originally not intended for data transfer, the Domain Name System (DNS) is currently used to this end anyway, in a process called DNS tunneling (DNST). Malicious users exploit DNST for data exfiltration from infected machines, posing a critical security threat. We train and evaluate state-of-the-art convolutional neural network, random forest, and ensemble classifiers to detect tunneling in DNS traffic. Finally, we assess the classifiers' performance and robustness by exposing them to one day of real-traffic data.

引用

页码：5736 / 5738

页数：3

共 50 条

[41] A DNS Tunneling Detection Method Based on Deep Learning Models to Prevent Data Exfiltration
Zhang, Jiacheng
Yang, Li
Yu, Shui
Ma, Jianfeng
NETWORK AND SYSTEM SECURITY, NSS 2019, 2019, 11928 : 520 - 535
[42] Real-time Malicious Fast-flux Detection Using DNS and Bot Related Features
Martinez-Bea, Sergi
Castillo-Perez, Sergio
Garcia-Alfaro, Joaquin
2013 ELEVENTH ANNUAL INTERNATIONAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2013, : 369 - 372
[43] A Deep Learning Based Online Malicious URL and DNS Detection Scheme
Jiang, Jianguo
Chen, Jiuming
Choo, Kim-Kwang Raymond
Liu, Chao
Liu, Kunying
Yu, Min
Wang, Yongjian
SECURITY AND PRIVACY IN COMMUNICATION NETWORKS, SECURECOMM 2017, 2018, 238 : 438 - 448
[44] Botnet detection by monitoring group activities in DNS traffic
Choi, Hyunsang
Lee, Hanwoo
Lee, Heejo
Kim, Hyogon
2007 CIT: 7TH IEEE INTERNATIONAL CONFERENCE ON COMPUTER AND INFORMATION TECHNOLOGY, PROCEEDINGS, 2007, : 715 - 720
[45] MalPortrait: Sketch Malicious Domain Portraits Based on Passive DNS Data
Liang, Zhizhou
Zang, Tianning
Zeng, Yuwei
2020 IEEE WIRELESS COMMUNICATIONS AND NETWORKING CONFERENCE (WCNC), 2020,
[46] Fast-flucos: malicious domain name detection method for Fast-flux based on DNS traffic
Han C.
Zhang Y.
Zhang Y.
Tongxin Xuebao/Journal on Communications, 2020, 41 (05): : 37 - 47
[47] BotCVD: Visual analysis of DNS traffic for botnet detection
Jiang, H. (hellojhl@163.com), 1600, Advanced Institute of Convergence Information Technology (04):
[48] Discovering Malicious Domains through Passive DNS Data Graph Analysis
Khalil, Issa
Yu, Ting
Guan, Bei
ASIA CCS'16: PROCEEDINGS OF THE 11TH ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, 2016, : 663 - 674
[49] A New Statistical Approach to DNS Traffic Anomaly Detection
Yuchi, Xuebiao
Wang, Xin
Lee, Xiaodong
Yan, Baoping
ADVANCED DATA MINING AND APPLICATIONS (ADMA 2010), PT II, 2010, 6441 : 302 - 313
[50] Supervised Learning Approaches with Majority Voting for DNS Tunneling Detection
Aiello, Maurizio
Mongelli, Maurizio
Papaleo, Gianluca
INTERNATIONAL JOINT CONFERENCE SOCO'14-CISIS'14-ICEUTE'14, 2014, 299 : 463 - 472

← 1 2 3 4 5 →