Information Based Heavy Hitters for Real-Time DNS Data Exfiltration Detection

Ozery, Yarin; Nadler, Asaf; Shabtai, Asaf

doi:10.14722/ndss.2024.24388

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article2

Other1

Relationship

Self Cite0

Independent3

Authors

Journals

Cited by 3 publications

References 40 publications

(83 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

GraphTunnel: Robust DNS Tunnel Detection Based on DNS Recursive Resolution Graph

Gao,

Niu,

Gong

et al. 2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

GraphTunnel: Robust DNS Tunnel Detection Based on DNS Recursive Resolution Graph

Gao,

Niu,

Gong

et al. 2024

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Toward Real Time DGA Domains Detection in Encrypted Traffic

Tapsoba,

Ouédraogo,

Diallo

et al. 2024

Proceedings of the 7th International Conference on Networking, Intelligent Systems and Security

View full text Add to dashboard Cite

Comparison of Machine Learning Algorithms for Detection of Data Exfiltration Over DNS

Açıkgözoğlu

2024

Yalvaç Akademi Dergisi

View full text Add to dashboard Cite

Nowadays, computers are indispensable for business processes and home users. The widespread use of the Internet provides convenience in many areas from education to research. However, most of the users are unaware of technical security measures and use the Internet unconsciously. This situation leads to inadequate security measures against cyber-attacks. Various trainings are organised for conscious and safe internet use, but these efforts are not enough. Therefore, artificial intelligence-based solutions that can detect cyber incidents and close security gaps are becoming necessary. DNS tunnelling is a method used by malware to leak data over the internet. Vulnerable computers can put users in difficult situations by learning IP addresses from the wrong DNS servers. Innovative methods have been developed to detect this tunnelling. Some methods can detect low and slow data leakage through DNS in real time. There are also hybrid DNS tunnelling detection systems that achieve high accuracy and F-score using packet length and specific features. Feature-based methods sensitive to cache characteristics effectively characterise DNS tunnelling traffic with low false detection rates. These methods offer effective strategies for internet security. In this study, the detection of DNS tunnelling attacks by machine learning algorithms on the CIC-Bell-DNS-EXF-2021 dataset was investigated.

show abstract

Information Based Heavy Hitters for Real-Time DNS Data Exfiltration Detection

Cited by 3 publications

References 40 publications

GraphTunnel: Robust DNS Tunnel Detection Based on DNS Recursive Resolution Graph

GraphTunnel: Robust DNS Tunnel Detection Based on DNS Recursive Resolution Graph

Toward Real Time DGA Domains Detection in Encrypted Traffic

Comparison of Machine Learning Algorithms for Detection of Data Exfiltration Over DNS

Contact Info

Product

Resources

About