Litcius/Paper detail

Malicious DNS Tunneling Detection in Real-Traffic DNS Data

Danielle Lambion, Michael Josten, Femi Olumofin, Martine De Cock

202024 citationsDOI

Abstract

While originally not intended for data transfer, the Domain Name System (DNS) is currently used to this end anyway, in a process called DNS tunneling (DNST). Malicious users exploit DNST for data exfiltration from infected machines, posing a critical security threat. We train and evaluate state-of-the-art convolutional neural network, random forest, and ensemble classifiers to detect tunneling in DNS traffic. Finally, we assess the classifiers' performance and robustness by exposing them to one day of real-traffic data.

Topics & Concepts

Computer scienceRobustness (evolution)Convolutional neural networkExploitComputer networkRandom forestComputer securityArtificial intelligenceBiochemistryChemistryGeneNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-votingSpam and Phishing Detection