Abstract
Domain Name System (DNS) is one of the building blocks of the Internet that plays the key role of translating domain names into IP addresses. DNS can be vulnerable to security threats affecting DNS servers or exploiting the DNS protocol. In this paper, we address DNS protocol exploitation that causes data breaches via DNS tunneling, where an attacker employs techniques to exfiltrate sensitive data from a victim network. This usually happens by breaking the target data into small chunks and encoding them into DNS queries. The malicious DNS queries are then communicated from the target to the attacker machine. These DNS queries will finally be decoded and put together at the attacker side to recover the breached data. Since DNS is a fundamental service, it cannot be blocked in order to mitigate these DNS tunneling attacks. Conventional signature-based intrusion detection systems are not very effective to detect these anomalies, either. Using some of the available DNS tunneling tools we first show how this phenomenon can occur. Then, we discuss our technique which employs a special ensemble of machine learning algorithms to build a robust classifier to detect such attacks. Our ensemble classifier achieves high accuracy and near-zero false positives on a training set based on real benign data and generated malicious DNS traffic.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
