A comprehensive survey on DNS tunnel detection

Y Wang, A Zhou, S Liao, R Zheng, R Hu, L Zhang - Computer Networks, 2021 - Elsevier
Abstract Domain Name System (DNS) tunnels, established between the controlled host and
master server disguised as the authoritative domain name server, can be used as a secret …

[PDF][PDF] Sans institute infosec reading room

RF Rights - Risk, 2001 - picture.iczhiku.com
As Technology pushes the limits of removable media-so drives the need for a new file
system in order to support the larger capacities and faster access speeds being designed …

[PDF][PDF] Dns tunneling: a review on features

M Sammour, B Hussin, MFI Othman… - … of Engineering & …, 2018 - researchgate.net
One of the significant threats that faces the web nowadays is the DNS tunneling which is an
attack that exploit the domain name protocol in order to bypass security gateways. This …

vNIDS: Towards elastic security with safe and efficient virtualization of network intrusion detection systems

H Li, H Hu, G Gu, GJ Ahn, F Zhang - Proceedings of the 2018 ACM …, 2018 - dl.acm.org
Traditional Network Intrusion Detection Systems (NIDSes) are generally implemented on
vendor proprietary appliances or middleboxes with poor versatility and flexibility. Emerging …

Detection of exfiltration and tunneling over DNS

A Das, MY Shen, M Shashanka… - 2017 16th IEEE …, 2017 - ieeexplore.ieee.org
This paper proposes a method to detect two primary means of using the Domain Name
System (DNS) for malicious purposes. We develop machine learning models to detect …

DNS for massive-scale command and control

K Xu, P Butler, S Saha, D Yao - IEEE Transactions on …, 2013 - ieeexplore.ieee.org
Attackers, in particular botnet controllers, use stealthy messaging systems to set up large-
scale command and control. To systematically understand the potential capability of …

Detecting DNS tunnel through binary-classification based on behavior features

J Liu, S Li, Y Zhang, J Xiao, P Chang… - 2017 IEEE Trustcom …, 2017 - ieeexplore.ieee.org
DNS tunnel is a typical Internet covert channel used by attackers or bots to evade the
malicious activities detection. The stolen information is encoded and encapsulated into the …

Practical comprehensive bounds on surreptitious communication over {DNS}

V Paxson, M Christodorescu, M Javed, J Rao… - 22nd USENIX Security …, 2013 - usenix.org
DNS queries represent one of the most common forms of network traffic, and likely the least
blocked by sites. As such, DNS provides a highly attractive channel for attackers who wish to …

DNS-based anti-evasion technique for botnets detection

S Lysenko, O Pomorova, O Savenko… - 2015 IEEE 8th …, 2015 - ieeexplore.ieee.org
A new DNS-based anti-evasion technique for botnets detection is proposed. It is based on a
cluster analysis of the features obtained from the payload of DNS-messages. The method …

DNS covert channel detection via behavioral analysis: a machine learning approach

S Saeli, F Bisio, P Lombardo, D Massa - arXiv preprint arXiv:2010.01582, 2020 - arxiv.org
Detecting covert channels among legitimate traffic represents a severe challenge due to the
high heterogeneity of networks. Therefore, we propose an effective covert channel detection …