Filters








1,735 Hits in 3.6 sec

A Study of Newly Observed Hostnames and DNS Tunneling in the Wild [article]

Dennis Tatang, Florian Quinkert, Nico Dolecki, Thorsten Holz
2019 arXiv   pre-print
Motivated by these empirical measurement results, we propose and implement a method to identify DNS tunnels via a step-wise filtering approach that relies on general characteristics of such tunnels (e.g  ...  The domain name system (DNS) is a crucial backbone of the Internet and millions of new domains are created on a daily basis.  ...  Additionally, we provide a survey of the development of DNS tunnel usage by malicious software.  ... 
arXiv:1902.08454v1 fatcat:2kr4mfpzafgevc6yuvjlcq5yme

An Analysis of Internet Censorship Circumvention Techniques

Tianbo Lu, Jinyang Zhao, Lingling Zhao, Yang Li, WanJiang Han
2016 International Journal of Security and Its Applications  
In this paper, we tried to analyze the current situation of censorship and anti-censorship techniques and give a comprehensive view on the censorship circumvention techniques and systems.  ...  still not a very useful and convenient technique to ensure the anonymity of internet communication.  ...  [16] give a survey on Internet censorship detection. They proposed a reference for censoring techniques and a characterization of censoring systems, with definitions of related concepts.  ... 
doi:10.14257/ijsia.2016.10.5.06 fatcat:jaogpvvdurcy5deu6w6e27jvpy

DoH Tunneling Detection System For Enterprise Network Using Deep Learning Technique

Tuan Anh Nguyen, Minho Park
2022 Applied Sciences  
Therefore, we propose a detection system for DoH tunneling attacks based on Transformer to detect a malicious DoH tunneling and build a fully functional DoH detection system that can be integrated with  ...  Previous research used Supervised Machine Learning methods to detect DoH tunneling, which required a high volume of labeled data.  ...  Since DoH is a very recently developed technology, there is little research detecting DoH tunnels. In [29] , the authors surveyed the effectiveness of traffic analysis attacks on DoH traffic.  ... 
doi:10.3390/app12052416 fatcat:zfeyk2umqbggbgb43iy5jnkcx4

DNS Tunneling Detection by Cache-Property-Aware Features

Naotake Ishikura, Daishi Kondo, Vassilis Vassiliades, Iordan Iordanov, Hideki Tode
2021 IEEE Transactions on Network and Service Management  
In this study, we propose a DNS tunneling detection method based on the cacheproperty-aware features.  ...  The rule-based filter achieves a higher rate of DNS tunneling attack detection than the LSTM one, which instead detects the attack more quickly, while both maintain a low misdetection rate.  ...  We extend the previous work with the following contributions. • performing a comprehensive survey of DNS tunneling research in terms of attack and detection methods, • introducing a new cache-property-aware  ... 
doi:10.1109/tnsm.2021.3078428 fatcat:f4wa5uro5vbdnkqv6yn2mc5fqy

A Glance through the VPN Looking Glass: IPv6 Leakage and DNS Hijacking in Commercial VPN clients

Vasile C. Perta, Marco V. Barbera, Gareth Tyson, Hamed Haddadi, Alessandro Mei
2015 Proceedings on Privacy Enhancing Technologies  
The work is extended by developing more sophisticated DNS hijacking attacks that allow all traffic to be transparently captured.We conclude discussing a range of best practices and countermeasures that  ...  We analyse 14 of the most popular ones, inspecting their internals and their infrastructures.  ...  DNS hijacking To detect DNS hijacking attacks, an approach similar to the SmartDNS could be used.  ... 
doi:10.1515/popets-2015-0006 dblp:journals/popets/PertaBTHM15 fatcat:mpw3p4adrfb45mh6rjqa3j2hw4

Automated feature engineering for HTTP tunnel detection

Jonathan J. Davis, Ernest Foo
2016 Computers & security  
The classifier addresses a problem in computer network security, namely the detection of HTTP tunnels.  ...  Testing showed that both classifiers achieved a detection rate above 99.93% at a false positive rate below 0.01%.  ...  We added a DNS 'A' record to direct traffic for our registered subdomain to our fake DNS server (the tunnel server) on an external host.  ... 
doi:10.1016/j.cose.2016.01.006 fatcat:psdgq4nxu5hojmr57ikax46aj4

Survey on Measurement Methods for IPv6 Deployment

Viktória Iró, Gábor Lencse
2020 Acta Technica Jaurinensis  
Next, we introduce various client-side tools that can be used in a much broader context, and then present the use of survey methods.  ...  Then we are reviewing some researches, which provide more comprehensive insight into the transition to IPv6 using complex measurement methods.  ...  A well-organized survey can be a cost-effective complementary or confirmatory tool in combination with other method(s). However, we do not recommend to rely on such data exclusively.  ... 
doi:10.14513/actatechjaur.v13.n2.544 fatcat:ltafyhnzgrax5gyft6nsv6en5m

A Comparison of Internet Protocol (IPv6) Security Guidelines

Steffen Hermann, Benjamin Fabian
2014 Future Internet  
The later two are scores defined in this paper and are based on the Requests for Comments relevant for IPv6 that were categorized, weighted and ranked for importance using an expert survey.  ...  Our results could also support strategic management decisions on security priorities as well as for the choice of security guidelines for IPv6 roll-outs.  ...  Routing and DNS: With a coverage of 29 of 40 possible relevant RFCs and a completeness of 0.73 (73%) Routing and DNS is one of the less covered categories.  ... 
doi:10.3390/fi6010001 fatcat:nx6bzelghjckberkvhkl3gbqx4

Covert channels and countermeasures in computer network protocols [Reprinted from IEEE Communications Surveys and Tutorials]

S. Zander, G. Armitage, P. Branch
2007 IEEE Communications Magazine  
There are a number of different scenarios for covert communication depending on whether Alice and Bob are the sender and receiver of the A diverse range of individuals and groups has found reason to utilize  ...  Initially, covert channels were identified as a security threat on monolithic systems such as mainframes. More recently, focus has shifted toward covert channels in computer network protocols.  ...  We present only a few examples of different covert channel types. The interested reader is referred to a comprehensive survey in [4] .  ... 
doi:10.1109/mcom.2007.4395378 fatcat:ln5uuk2ienezblonn3n7ofn3j4

Side-Channel Analysis for Detecting Protocol Tunneling

Harakrishnan Bhanu, Jason Schwier, Ryan Craven, Richard R. Brooks, Kathryn Hempstalk, Daniele Gunetti, Christopher Griffin
2011 Advances in Internet of Things  
Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable.  ...  Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol.  ...  We provided a brief, but comprehensive survey of known side channel vulnerabilities for protocol tunneling. We then provided a tutorial for our HMM approach to protocol detection.  ... 
doi:10.4236/ait.2011.12003 fatcat:4d6drvlktvckfjybbm7k3j5qdu

Making middleboxes someone else's problem

Justine Sherry, Shaddi Hasan, Colin Scott, Arvind Krishnamurthy, Sylvia Ratnasamy, Vyas Sekar
2012 Proceedings of the ACM SIGCOMM 2012 conference on Applications, technologies, architectures, and protocols for computer communication - SIGCOMM '12  
Our discussion of APLOMB is data-driven, guided by a survey of 57 enterprise networks, the first large-scale academic study of middlebox deployment.  ...  We show that APLOMB solves real problems faced by network administrators, can outsource over 90% of middlebox hardware in a typical large enterprise network, and, in a case study of a real enterprise,  ...  ; Neil Doran, Zhixin Tang, and Mark Poepping for helping us refine initial versions of our survey; and Ashok Anand for sharing the WAN optimization modules.  ... 
doi:10.1145/2342356.2342359 dblp:conf/sigcomm/SherryHSKRS12 fatcat:ccg7ms2jbncg7n7sszibi2fj3q

Making middleboxes someone else's problem

Justine Sherry, Shaddi Hasan, Colin Scott, Arvind Krishnamurthy, Sylvia Ratnasamy, Vyas Sekar
2012 Computer communication review  
Our discussion of APLOMB is data-driven, guided by a survey of 57 enterprise networks, the first large-scale academic study of middlebox deployment.  ...  We show that APLOMB solves real problems faced by network administrators, can outsource over 90% of middlebox hardware in a typical large enterprise network, and, in a case study of a real enterprise,  ...  ; Neil Doran, Zhixin Tang, and Mark Poepping for helping us refine initial versions of our survey; and Ashok Anand for sharing the WAN optimization modules.  ... 
doi:10.1145/2377677.2377680 fatcat:pkle64trgbe53aznvk6non42hu

Survey on Botnet Detection Techniques: Classification, Methods, and Evaluation

Ying Xing, Hui Shu, Hao Zhao, Dannong Li, Li Guo, Jude Hemanth
2021 Mathematical Problems in Engineering  
Combing with expert scores and objective weights, this survey proposes quantitative evaluation and gives a visual representation for typical detection methods.  ...  This survey analyzes and compares the most important efforts in the botnet detection area in recent years.  ...  A comprehensive botnet detection is analyzed in [12] . is survey classifies botnet detection techniques into four classes: signature-based, anomaly-based, DNS-based, and mining-based.  ... 
doi:10.1155/2021/6640499 fatcat:hkafnnj2cnbzjdbuk6iel3b5cm

Domain Name System Security and Privacy: A Contemporary Survey [article]

Aminollah Khormali, Jeman Park, Hisham Alasmary, Afsah Anwar, David Mohaisen
2020 arXiv   pre-print
In order to comprehensively understand the root causes of the vulnerabilities of DNS, it is mandatory to review the various activities in the research community on DNS landscape.  ...  To this end, this paper surveys more than 170 peer-reviewed papers, which are published in both top conferences and journals in the last ten years, and summarizes vulnerabilities in DNS and corresponding  ...  Finally, the key characteristics of our survey in this paper can be summarized as: 1. we conduct a comprehensive survey mainly focusing on recent major advances in the area of DNS security and privacy.  ... 
arXiv:2006.15277v1 fatcat:loknouehirdhvdgztkevi27vse

An Analysis of the Privacy and Security Risks of Android VPN Permission-enabled Apps

Muhammad Ikram, Narseo Vallina-Rodriguez, Suranga Seneviratne, Mohamed Ali Kaafar, Vern Paxson
2016 Proceedings of the 2016 ACM on Internet Measurement Conference - IMC '16  
In this paper we provide a first comprehensive analysis of 283 Android apps that use the Android VPN permission, which we extracted from a corpus of more than 1.4 million apps on the Google Play store.  ...  We also report on a number of apps actively performing TLS interception.  ...  The authors would like to thank our shepherd, Ben Zhao, and the anonymous reviewers for constructive feedback on preparation of the final version of this paper.  ... 
doi:10.1145/2987443.2987471 fatcat:gkgoyssztrgqzl3yw4h5ud6veu
« Previous Showing results 1 — 15 out of 1,735 results