Jyväskylän yliopisto | JYX-julkaisuarkisto

 
Näytä aineisto 

DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign

ThumbnailFinal Draft
155.1 Kb

Lataukset:  
Show download detailsHide download details  
Nuojua, V., David, G., & Hämäläinen, T. (2017). DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign. In O. Galinina, S. Andreev, S. Balandin, & Y. Koucheryavy (Eds.), NEW2AN 2017, ruSMART 2017, NsCC 2017 : Internet of Things, Smart Spaces, and Next Generation Networks and Systems (pp. 280-291). Springer International Publishing. Lecture Notes in Computer Science, 10531. https://doi.org/10.1007/978-3-319-67380-6_26
Julkaistu sarjassa
Lecture Notes in Computer Science
Tekijät
Nuojua, Viivi |
David, Gil |
Hämäläinen, Timo
Toimittajat
Galinina, Olga |
Andreev, Sergey |
Balandin, Sergey |
Koucheryavy, Yevgeni
Päivämäärä
2017
Oppiaine
TietotekniikkaMathematical Information Technology
Tekijänoikeudet
© Springer International Publishing AG 2017. This is a final draft version of an article whose final and definitive form has been published by Springer. Published in this repository with the kind permission of the publisher.

 
Domain Name System (DNS) plays an important role as a translation protocol in everyday use of the Internet. The purpose of DNS is to translate domain names into IP addresses and vice versa. However, its simple architecture can easily be misused for malicious activities. One huge security threat concerning DNS is tunneling, which helps attackers bypass the security systems unnoticed. A DNS tunnel can be used for three purposes: as a command and control channel, for data exfiltration or even for tunneling another protocol through it. In this paper, we surveyed different techniques for DNS tunneling detection. We classified those first based on the type of data and then within the categories based on the type of analysis. We conclude with a comparison between the various detection techniques. We introduce one real Advanced Persistent Threat campaign that utilizes DNS tunneling, and theoretically compare how well the surveyed detection techniques could detect it.
Julkaisija
Springer International Publishing
Emojulkaisun ISBN
978-3-319-67379-0
Konferenssi
International Conference on Next Generation Wired/Wireless Advanced Networks and Systems
Kuuluu julkaisuun
NEW2AN 2017, ruSMART 2017, NsCC 2017 : Internet of Things, Smart Spaces, and Next Generation Networks and Systems
ISSN Hae Julkaisufoorumista
0302-9743
Asiasanat
DOI
https://doi.org/10.1007/978-3-319-67380-6_26
URI

http://urn.fi/URN:NBN:fi:jyu-201710304091

Julkaisu tutkimustietojärjestelmässä

https://converis.jyu.fi/converis/portal/detail/Publication/27214789

Metadata
Näytä kaikki kuvailutiedot
Kokoelmat
Tietosuojailmoitus

Saavutettavuusseloste

Ellei toisin mainittu, julkisesti saatavilla olevia JYX-metatietoja (poislukien tiivistelmät) saa vapaasti uudelleenkäyttää CC0-lisenssillä.