Detection of malicious and low throughput data exfiltration over the DNS protocol
In the presence of security countermeasures, a malware designed for data exfiltration must
use a covert channel to achieve its goal. The Domain Name System (DNS) protocol is a …
use a covert channel to achieve its goal. The Domain Name System (DNS) protocol is a …
DNS tunneling detection by cache-property-aware features
N Ishikura, D Kondo, V Vassiliades… - … on Network and …, 2021 - ieeexplore.ieee.org
Many enterprises are under threat of targeted attacks aiming at data exfiltration. To launch
such attacks, in recent years, attackers with their malware have exploited a covert channel …
such attacks, in recent years, attackers with their malware have exploited a covert channel …
Monitoring enterprise DNS queries for detecting data exfiltration from internal hosts
Enterprise networks constantly face the threat of valuable and sensitive data being stolen by
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
A comprehensive survey on DNS tunnel detection
Y Wang, A Zhou, S Liao, R Zheng, R Hu, L Zhang - Computer Networks, 2021 - Elsevier
Abstract Domain Name System (DNS) tunnels, established between the controlled host and
master server disguised as the authoritative domain name server, can be used as a secret …
master server disguised as the authoritative domain name server, can be used as a secret …
Detection of malicious payload distribution channels in DNS
AM Kara, H Binsalleeh, M Mannan… - 2014 IEEE …, 2014 - ieeexplore.ieee.org
Botmasters are known to use different protocols to hide their activities. Throughout the past
few years, several protocols have been abused, and recently Domain Name System (DNS) …
few years, several protocols have been abused, and recently Domain Name System (DNS) …
Injection Attacks Reloaded: Tunnelling Malicious Payloads over {DNS}
P Jeitner, H Shulman - 30th USENIX Security Symposium (USENIX …, 2021 - usenix.org
The traditional design principle for Internet protocols indicates:" Be strict when sending and
tolerant when receiving"[RFC1958], and DNS is no exception to this. The transparency of …
tolerant when receiving"[RFC1958], and DNS is no exception to this. The transparency of …
A bigram based real time DNS tunnel detection approach
C Qi, X Chen, C Xu, J Shi, P Liu - Procedia Computer Science, 2013 - Elsevier
DNS (Domain Name System) tunnels can provide high-bandwidth covert channels that pose
a significant risk to sensitive information inside the company networks. Sensitive data are …
a significant risk to sensitive information inside the company networks. Sensitive data are …
Detecting DNS over HTTPS based data exfiltration
DNS is often used by attackers as a covert channel for data exfiltration, also known as DNS
tunneling. Since the plaintext DNS lookup leads to privacy issues, DNS over HTTPS (DoH) …
tunneling. Since the plaintext DNS lookup leads to privacy issues, DNS over HTTPS (DoH) …
Real-time detection of DNS exfiltration and tunneling from enterprise networks
Enterprise networks constantly face the threat of valuable and sensitive data being stolen by
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
On the impact of DNS over HTTPS paradigm on cyber systems
K Bumanglag, H Kettani - 2020 3rd International Conference on …, 2020 - ieeexplore.ieee.org
The Domain Name System (DNS) protocol has been in use for over thirty years. As the
primary method of resolving domain names to Internet Protocol (IP) addresses, it is a …
primary method of resolving domain names to Internet Protocol (IP) addresses, it is a …