Malicious DNS Tunneling Detection in Real-Traffic DNS Data
Danielle Lambion, Michael Josten, Femi Olumofin, Martine De Cock
Abstract
While originally not intended for data transfer, the Domain Name System (DNS) is currently used to this end anyway, in a process called DNS tunneling (DNST). Malicious users exploit DNST for data exfiltration from infected machines, posing a critical security threat. We train and evaluate state-of-the-art convolutional neural network, random forest, and ensemble classifiers to detect tunneling in DNS traffic. Finally, we assess the classifiers' performance and robustness by exposing them to one day of real-traffic data.
Topics & Concepts
Computer scienceRobustness (evolution)Convolutional neural networkExploitComputer networkRandom forestComputer securityArtificial intelligenceBiochemistryChemistryGeneNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-votingSpam and Phishing Detection