Litcius/Paper detail

On the Impact of DNS Over HTTPS Paradigm on Cyber Systems

Kimo Bumanglag, Houssain Kettani

202026 citationsDOI

Abstract

The Domain Name System (DNS) protocol has been in use for over thirty years. As the primary method of resolving domain names to Internet Protocol (IP) addresses, it is a fundamental component of the Internet. Despite its position of importance, the protocol lacks built-in security mechanisms to address confidentiality, integrity, or availability. Malware can use DNS to fulfill attacker objectives, such as establishing command and control (C2) or exfiltrating data. Various enhancements have been implemented in an attempt to address security after-the-fact. The latest such enhancement is DNS over HTTPS. Methods have also been developed to detect malware's use of DNS. In this paper, we review the weaknesses of the DNS protocol and how malware has abused those weaknesses, enhancements to DNS security, and how malware uses DNS and how that use is detected, with a special emphasis on the effects that DNS over HTTPS may have on an organization's security.

Topics & Concepts

Domain Name SystemComputer scienceMalwareComputer securityThe InternetProtocol (science)Name serverCryptovirologyComputer networkWorld Wide WebPathologyMedicineAlternative medicineNetwork Security and Intrusion DetectionAdvanced Malware Detection TechniquesSpam and Phishing Detection