A comprehensive survey on DNS tunnel detection
Y Wang, A Zhou, S Liao, R Zheng, R Hu, L Zhang - Computer Networks, 2021 - Elsevier
Abstract Domain Name System (DNS) tunnels, established between the controlled host and
master server disguised as the authoritative domain name server, can be used as a secret …
master server disguised as the authoritative domain name server, can be used as a secret …
[PDF][PDF] Sans institute infosec reading room
RF Rights - Risk, 2001 - picture.iczhiku.com
As Technology pushes the limits of removable media-so drives the need for a new file
system in order to support the larger capacities and faster access speeds being designed …
system in order to support the larger capacities and faster access speeds being designed …
[PDF][PDF] Dns tunneling: a review on features
One of the significant threats that faces the web nowadays is the DNS tunneling which is an
attack that exploit the domain name protocol in order to bypass security gateways. This …
attack that exploit the domain name protocol in order to bypass security gateways. This …
vNIDS: Towards elastic security with safe and efficient virtualization of network intrusion detection systems
Traditional Network Intrusion Detection Systems (NIDSes) are generally implemented on
vendor proprietary appliances or middleboxes with poor versatility and flexibility. Emerging …
vendor proprietary appliances or middleboxes with poor versatility and flexibility. Emerging …
Detection of exfiltration and tunneling over DNS
A Das, MY Shen, M Shashanka… - 2017 16th IEEE …, 2017 - ieeexplore.ieee.org
This paper proposes a method to detect two primary means of using the Domain Name
System (DNS) for malicious purposes. We develop machine learning models to detect …
System (DNS) for malicious purposes. We develop machine learning models to detect …
DNS for massive-scale command and control
Attackers, in particular botnet controllers, use stealthy messaging systems to set up large-
scale command and control. To systematically understand the potential capability of …
scale command and control. To systematically understand the potential capability of …
Detecting DNS tunnel through binary-classification based on behavior features
J Liu, S Li, Y Zhang, J Xiao, P Chang… - 2017 IEEE Trustcom …, 2017 - ieeexplore.ieee.org
DNS tunnel is a typical Internet covert channel used by attackers or bots to evade the
malicious activities detection. The stolen information is encoded and encapsulated into the …
malicious activities detection. The stolen information is encoded and encapsulated into the …
Practical comprehensive bounds on surreptitious communication over {DNS}
DNS queries represent one of the most common forms of network traffic, and likely the least
blocked by sites. As such, DNS provides a highly attractive channel for attackers who wish to …
blocked by sites. As such, DNS provides a highly attractive channel for attackers who wish to …
DNS-based anti-evasion technique for botnets detection
S Lysenko, O Pomorova, O Savenko… - 2015 IEEE 8th …, 2015 - ieeexplore.ieee.org
A new DNS-based anti-evasion technique for botnets detection is proposed. It is based on a
cluster analysis of the features obtained from the payload of DNS-messages. The method …
cluster analysis of the features obtained from the payload of DNS-messages. The method …
DNS covert channel detection via behavioral analysis: a machine learning approach
Detecting covert channels among legitimate traffic represents a severe challenge due to the
high heterogeneity of networks. Therefore, we propose an effective covert channel detection …
high heterogeneity of networks. Therefore, we propose an effective covert channel detection …