| dc.contributor.author | Nuojua, Viivi | |
| dc.contributor.author | David, Gil | |
| dc.contributor.author | Hämäläinen, Timo | |
| dc.contributor.editor | Galinina, Olga | |
| dc.contributor.editor | Andreev, Sergey | |
| dc.contributor.editor | Balandin, Sergey | |
| dc.contributor.editor | Koucheryavy, Yevgeni | |
| dc.date.accessioned | 2017-10-31T12:29:47Z | |
| dc.date.available | 2018-09-13T21:35:40Z | |
| dc.date.issued | 2017 | |
| dc.identifier.citation | Nuojua, V., David, G., & Hämäläinen, T. (2017). DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign. In O. Galinina, S. Andreev, S. Balandin, & Y. Koucheryavy (Eds.), <i>NEW2AN 2017, ruSMART 2017, NsCC 2017 : Internet of Things, Smart Spaces, and Next Generation Networks and Systems</i> (pp. 280-291). Springer International Publishing. Lecture Notes in Computer Science, 10531. <a href="https://doi.org/10.1007/978-3-319-67380-6_26" target="_blank">https://doi.org/10.1007/978-3-319-67380-6_26</a> | |
| dc.identifier.other | CONVID_27214789 | |
| dc.identifier.other | TUTKAID_74960 | |
| dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/55746 | |
| dc.description.abstract | Domain Name System (DNS) plays an important role as a translation
protocol in everyday use of the Internet. The purpose of DNS is to translate domain
names into IP addresses and vice versa. However, its simple architecture
can easily be misused for malicious activities. One huge security threat concerning
DNS is tunneling, which helps attackers bypass the security systems unnoticed.
A DNS tunnel can be used for three purposes: as a command and control
channel, for data exfiltration or even for tunneling another protocol through it. In
this paper, we surveyed different techniques for DNS tunneling detection. We
classified those first based on the type of data and then within the categories based
on the type of analysis. We conclude with a comparison between the various detection
techniques. We introduce one real Advanced Persistent Threat campaign
that utilizes DNS tunneling, and theoretically compare how well the surveyed
detection techniques could detect it. | |
| dc.format.extent | 769 | |
| dc.language.iso | eng | |
| dc.publisher | Springer International Publishing | |
| dc.relation.ispartof | NEW2AN 2017, ruSMART 2017, NsCC 2017 : Internet of Things, Smart Spaces, and Next Generation Networks and Systems | |
| dc.relation.ispartofseries | Lecture Notes in Computer Science | |
| dc.subject.other | DNS tunneling detection | |
| dc.subject.other | covert channels detection | |
| dc.subject.other | APT | |
| dc.title | DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign | |
| dc.type | conferenceObject | |
| dc.identifier.urn | URN:NBN:fi:jyu-201710304091 | |
| dc.contributor.laitos | Informaatioteknologian tiedekunta | fi |
| dc.contributor.laitos | Faculty of Information Technology | en |
| dc.contributor.oppiaine | Tietotekniikka | fi |
| dc.contributor.oppiaine | Mathematical Information Technology | en |
| dc.type.uri | http://purl.org/eprint/type/ConferencePaper | |
| dc.date.updated | 2017-10-30T13:15:10Z | |
| dc.relation.isbn | 978-3-319-67379-0 | |
| dc.type.coar | http://purl.org/coar/resource_type/c_5794 | |
| dc.description.reviewstatus | peerReviewed | |
| dc.format.pagerange | 280-291 | |
| dc.relation.issn | 0302-9743 | |
| dc.type.version | acceptedVersion | |
| dc.rights.copyright | © Springer International Publishing AG 2017. This is a final draft version of an article whose final and definitive form has been published by Springer. Published in this repository with the kind permission of the publisher. | |
| dc.rights.accesslevel | openAccess | fi |
| dc.relation.conference | International Conference on Next Generation Wired/Wireless Advanced Networks and Systems | |
| dc.subject.yso | protokollat (tietoliikenne) | |
| dc.subject.yso | tietoturva | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p9894 | |
| jyx.subject.uri | http://www.yso.fi/onto/yso/p5479 | |
| dc.relation.doi | 10.1007/978-3-319-67380-6_26 | |
| dc.type.okm | A4 | |
