nuojuadnstunnelingdetectiontechniques.pdf
Final Draft

DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign

Abstract
Domain Name System (DNS) plays an important role as a translation protocol in everyday use of the Internet. The purpose of DNS is to translate domain names into IP addresses and vice versa. However, its simple architecture can easily be misused for malicious activities. One huge security threat concerning DNS is tunneling, which helps attackers bypass the security systems unnoticed. A DNS tunnel can be used for three purposes: as a command and control channel, for data exfiltration or even for tunneling another protocol through it. In this paper, we surveyed different techniques for DNS tunneling detection. We classified those first based on the type of data and then within the categories based on the type of analysis. We conclude with a comparison between the various detection techniques. We introduce one real Advanced Persistent Threat campaign that utilizes DNS tunneling, and theoretically compare how well the surveyed detection techniques could detect it.
Main Authors
Nuojua, Viivi David, Gil Hämäläinen, Timo
Format
Conferences Conference paper
Published
2017
Series
Lecture Notes in Computer Science
Subjects
DNS tunneling detection
covert channels detection
APT
protokollat (tietoliikenne)
tietoturva
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/27214789
Publisher
Springer International Publishing
The permanent address of the publication
https://urn.fi/URN:NBN:fi:jyu-201710304091Use this for linking
Parent publication ISBN
978-3-319-67379-0
Review status
Peer reviewed
ISSN
0302-9743
DOI
https://doi.org/10.1007/978-3-319-67380-6_26
Conference
International Conference on Next Generation Wired/Wireless Advanced Networks and Systems
Language
English
Published in
Lecture Notes in Computer Science
Is part of publication
NEW2AN 2017, ruSMART 2017, NsCC 2017 : Internet of Things, Smart Spaces, and Next Generation Networks and Systems
Citation
  • Nuojua, V., David, G., & Hämäläinen, T. (2017). DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign. In O. Galinina, S. Andreev, S. Balandin, & Y. Koucheryavy (Eds.), NEW2AN 2017, ruSMART 2017, NsCC 2017 : Internet of Things, Smart Spaces, and Next Generation Networks and Systems (pp. 280-291). Springer International Publishing. Lecture Notes in Computer Science, 10531. https://doi.org/10.1007/978-3-319-67380-6_26
License
Open Access
Copyright© Springer International Publishing AG 2017. This is a final draft version of an article whose final and definitive form has been published by Springer. Published in this repository with the kind permission of the publisher.

Share

Similar Items