Monitoring enterprise DNS queries for detecting data exfiltration from internal hosts
Enterprise networks constantly face the threat of valuable and sensitive data being stolen by
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
Real-time detection of DNS exfiltration and tunneling from enterprise networks
Enterprise networks constantly face the threat of valuable and sensitive data being stolen by
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
cyber-attackers. Sophisticated attackers are increasingly exploiting the Domain Name …
Detection of malicious and low throughput data exfiltration over the DNS protocol
In the presence of security countermeasures, a malware designed for data exfiltration must
use a covert channel to achieve its goal. The Domain Name System (DNS) protocol is a …
use a covert channel to achieve its goal. The Domain Name System (DNS) protocol is a …
Hierarchical anomaly-based detection of distributed DNS attacks on enterprise networks
Domain Name System (DNS) is a critical service for enterprise operations, and is often made
openly accessible across firewalls. Malicious actors use this fact to attack organizational …
openly accessible across firewalls. Malicious actors use this fact to attack organizational …
Lightweight hybrid detection of data exfiltration using dns based on machine learning
S Mahdavifar, A Hanafy Salem, P Victor… - Proceedings of the …, 2021 - dl.acm.org
Domain Name System (DNS) is a popular way to steal sensitive information from enterprise
networks and maintain a covert tunnel for command and control communications with a …
networks and maintain a covert tunnel for command and control communications with a …
Detecting malware domains at the upper {DNS} hierarchy
In recent years Internet miscreants have been leveraging the DNS to build malicious
network infrastructures for malware command and control. In this paper we propose a novel …
network infrastructures for malware command and control. In this paper we propose a novel …
DNS tunneling detection by cache-property-aware features
N Ishikura, D Kondo, V Vassiliades… - … on Network and …, 2021 - ieeexplore.ieee.org
Many enterprises are under threat of targeted attacks aiming at data exfiltration. To launch
such attacks, in recent years, attackers with their malware have exploited a covert channel …
such attacks, in recent years, attackers with their malware have exploited a covert channel …
Early detection of malicious flux networks via large-scale passive DNS traffic analysis
In this paper, we present FluxBuster, a novel passive DNS traffic analysis system for
detecting and tracking malicious flux networks. FluxBuster applies large-scale monitoring of …
detecting and tracking malicious flux networks. FluxBuster applies large-scale monitoring of …
Detecting malicious activity with DNS backscatter over time
K Fukuda, J Heidemann… - IEEE/ACM Transactions on …, 2017 - ieeexplore.ieee.org
Network-wide activity is when one computer (the originator) touches many others (the
targets). Motives for activity may be benign (mailing lists, content-delivery networks, and …
targets). Motives for activity may be benign (mailing lists, content-delivery networks, and …
A method for identifying compromised clients based on DNS traffic analysis
M Stevanovic, JM Pedersen, A D'Alconzo… - International Journal of …, 2017 - Springer
DNS is widely abused by Internet criminals in order to provide reliable communication within
malicious network infrastructure as well as flexible and resilient hosting of malicious content …
malicious network infrastructure as well as flexible and resilient hosting of malicious content …