Jacob Steadman scite author profile

Jacob Steadman

3Publications

19Citation Statements Received

59Citation Statements Given

How they've been cited

How they cite others

Affiliations

Queen's University Belfast

Publications

Order By: Most citations

DNSxD: Detecting Data Exfiltration Over DNS

Steadman¹,

Scott-Hayward²

2018

View full text Add to dashboard Cite

According to a 2017 SANS report, 1 in 20 organisations fall victim to data exfiltration. Data exfiltration, often the final stage of a cyber attack has damaging consequences for the victim organisation. The use of the Domain Name System (DNS) protocol for data exfiltration was first discussed in 1998. Twenty years on, this covert transmission method has become more sophisticated as malicious actors adapt to evade detection techniques. The popularity of DNS for data exfiltration is due to the essential nature of the protocol for network communication. This paper addresses the issue of DNS-based data exfiltration proposing a detection and mitigation method leveraging the Software-Defined Network (SDN) architecture. Popular DNS data exfiltration attacks and current exfiltration detection mechanisms are analysed to generate a feature-set for DNS data exfiltration detection. The DNSxD application is presented and its performance evaluated in comparison with the current exfiltration detection mechanisms.

show abstract

DNSxP: Enhancing data exfiltration protection through data plane programmability

Steadman

Scott-Hayward

2021

Computer Networks

View full text Add to dashboard Cite

Detecting Data Exfiltration over Encrypted DNS

Steadman

Scott-Hayward

2022

View full text Add to dashboard Cite

Data breaches linked to individual and company information are exposed on an almost daily basis. With increasing media attention and visibility of this security issue, users are becoming more aware of privacy concerns related to their activity on the Internet. Fundamental to the operation of the Internet is the Domain Name System (DNS), which translates domain names to IP addresses enabling easy web browsing. Encrypted DNS has become popular to increase user privacy by ensuring that activity transmitted over domain queries is not visible to intermediary network devices between the client and the DNS endpoint. Unfortunately, this undermines the security services designed to analyse DNS traffic for the detection of exploitation of DNS for use as a covert communication and data exfiltration channel. In this work, we propose a solution, DoHxP, to enable protection of DNS over HTTPS (DoH) traffic from data exfiltration without compromising user privacy. Our results show that DoHxP successfully prevents up to 99.88% of the malicious DoH traffic from being transmitted outside of the network.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Jacob Steadman

DNSxD: Detecting Data Exfiltration Over DNS

DNSxP: Enhancing data exfiltration protection through data plane programmability

Detecting Data Exfiltration over Encrypted DNS

Contact Info

Product

Resources

About