DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign [chapter]

Viivi Nuojua, Gil David, Timo Hämäläinen
<span title="">2017</span> <i title="Springer International Publishing"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/2w3awgokqne6te4nvlofavy5a4" style="color: black;">Lecture Notes in Computer Science</a> </i> &nbsp;
Domain Name System (DNS) plays an important role as a translation protocol in everyday use of the Internet. The purpose of DNS is to translate domain names into IP addresses and vice versa. However, its simple architecture can easily be misused for malicious activities. One huge security threat concerning DNS is tunneling, which helps attackers bypass the security systems unnoticed. A DNS tunnel can be used for three purposes: as a command and control channel, for data exfiltration or even for
more &raquo; ... unneling another protocol through it. In this paper, we surveyed different techniques for DNS tunneling detection. We classified those first based on the type of data and then within the categories based on the type of analysis. We conclude with a comparison between the various detection techniques. We introduce one real Advanced Persistent Threat campaign that utilizes DNS tunneling, and theoretically compare how well the surveyed detection techniques could detect it.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-67380-6_26">doi:10.1007/978-3-319-67380-6_26</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/l6cfglfzvbehvmv4enavgttnqy">fatcat:l6cfglfzvbehvmv4enavgttnqy</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20200309133504/https://jyx.jyu.fi/bitstream/handle/123456789/55746/nuojuadnstunnelingdetectiontechniques.pdf;jsessionid=6EF308DDD15BD1CEEDCB62F46117216D?sequence=1" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/a2/6c/a26c6d376ee62f481778a93f1c49a0a1fac6d1c2.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1007/978-3-319-67380-6_26"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> springer.com </button> </a>