DNS Tunneling: A Deep Learning based Lexicographical Detection Approach

• URL: http://arxiv.org/abs/2006.06122v2
• Date: Sun, 14 Jun 2020 23:28:51 GMT
• Title: DNS Tunneling: A Deep Learning based Lexicographical Detection Approach
• Authors: Franco Palau, Carlos Catania, Jorge Guerra, Sebastian Garcia, and Maria Rigaki
• Abstract summary: DNS Tunneling is attractive to hackers who exploit it to establish bidirectional communication with machines infected with malware. The present work proposes a detection approach based on a Convolutional Neural Network (CNN) with a minimal architecture complexity. Despite its simple architecture, the resulting CNN model correctly detected more than 92% of total Tunneling domains with a false positive rate close to 0.8%.
• Score: 1.3701366534590496
• License: http://creativecommons.org/licenses/by-sa/4.0/
• Abstract: Domain Name Service is a trusted protocol made for name resolution, but during past years some approaches have been developed to use it for data transfer. DNS Tunneling is a method where data is encoded inside DNS queries, allowing information exchange through the DNS. This characteristic is attractive to hackers who exploit DNS Tunneling method to establish bidirectional communication with machines infected with malware with the objective of exfiltrating data or sending instructions in an obfuscated way. To detect these threats fast and accurately, the present work proposes a detection approach based on a Convolutional Neural Network (CNN) with a minimal architecture complexity. Due to the lack of quality datasets for evaluating DNS Tunneling connections, we also present a detailed construction and description of a novel dataset that contains DNS Tunneling domains generated with five well-known DNS tools. Despite its simple architecture, the resulting CNN model correctly detected more than 92% of total Tunneling domains with a false positive rate close to 0.8%.

Related papers

• MTDNS: Moving Target Defense for Resilient DNS Infrastructure [2.8721132391618256]
  DNS (Domain Name System) is one of the most critical components of the Internet. Researchers have been constantly developing methods to detect and defend against the attacks against DNS. Most solutions discard packets for defensive approaches, which can cause legitimate packets to be dropped. We propose MTDNS, a resilient MTD-based approach that employs Moving Target Defense techniques.
  arXiv  Detail & Related papers  (2024-10-03T06:47:16Z)
• Guardians of DNS Integrity: A Remote Method for Identifying DNSSEC Validators Across the Internet [0.9319432628663636]
  We propose a novel technique for identifying DNSSEC-validating resolvers. We find that while most open resolvers are DNSSEC-enabled, less than 18% in IPv4 (38% in IPv6) validate received responses.
  arXiv  Detail & Related papers  (2024-05-30T08:58:18Z)
• DNS-Rec: Data-aware Neural Architecture Search for Recommender Systems [79.76519917171261]
  This paper addresses the computational overhead and resource inefficiency prevalent in Sequential Recommender Systems (SRSs) We introduce an innovative approach combining pruning methods with advanced model designs. Our principal contribution is the development of a Data-aware Neural Architecture Search for Recommender System (DNS-Rec)
  arXiv  Detail & Related papers  (2024-02-01T07:22:52Z)
• Multi-Task DNS Security Analysis via High-Order Heterogeneous Graph Embedding [2.1842847029116443]
  I propose a novel joint DNS embedding model to formulate the DNS query behavior via a similarity-enhanced graph with heterogeneous entities. Experiments on real DNS traffic demonstrate that the joint optimization of multiple tasks with the latent high-order proximities can lead to better security analysis performance for all the tasks.
  arXiv  Detail & Related papers  (2024-01-15T01:18:57Z)
• TI-DNS: A Trusted and Incentive DNS Resolution Architecture based on Blockchain [8.38094558878305]
  Domain Name System (DNS) is vulnerable to some malicious attacks, including DNS cache poisoning. This paper presents TI-DNS, a blockchain-based DNS resolution architecture designed to detect and correct the forged DNS records. TI-DNS is easy to be adopted as it only requires modifications to the resolver side of current DNS infrastructure.
  arXiv  Detail & Related papers  (2023-12-07T08:03:10Z)
• Learning State-Augmented Policies for Information Routing in Communication Networks [92.59624401684083]
  We develop a novel State Augmentation (SA) strategy to maximize the aggregate information at source nodes using graph neural network (GNN) architectures. We leverage an unsupervised learning procedure to convert the output of the GNN architecture to optimal information routing strategies. In the experiments, we perform the evaluation on real-time network topologies to validate our algorithms.
  arXiv  Detail & Related papers  (2023-09-30T04:34:25Z)
• A cross-domain recommender system using deep coupled autoencoders [77.86290991564829]
  Two novel coupled autoencoder-based deep learning methods are proposed for cross-domain recommendation. The first method aims to simultaneously learn a pair of autoencoders in order to reveal the intrinsic representations of the items in the source and target domains. The second method is derived based on a new joint regularized optimization problem, which employs two autoencoders to generate in a deep and non-linear manner the user and item-latent factors.
  arXiv  Detail & Related papers  (2021-12-08T15:14:26Z)
• Classifying DNS Servers based on Response Message Matrix using Machine Learning [1.898617934078969]
  We propose a detection mechanism for DNS servers used as reflectors by using a DNS server feature matrix built from a small number of packets and a machine learning algorithm. The F1 score of bad DNS server detection was more than 0.9 when the test and training data are generated within the same day, and more than 0.7 for the data not used for the training and testing phase of the same day.
  arXiv  Detail & Related papers  (2021-11-09T10:20:17Z)
• MD-CSDNetwork: Multi-Domain Cross Stitched Network for Deepfake Detection [80.83725644958633]
  Current deepfake generation methods leave discriminative artifacts in the frequency spectrum of fake images and videos. We present a novel approach, termed as MD-CSDNetwork, for combining the features in the spatial and frequency domains to mine a shared discriminative representation.
  arXiv  Detail & Related papers  (2021-09-15T14:11:53Z)
• Optimized Random Forest Model for Botnet Detection Based on DNS Queries [8.641714871787595]
  Domain Name System (DNS) protocol has several security vulnerabilities. One promising solution to detect DNS-based botnet attacks is adopting machine learning (ML) based solutions. This paper proposes a novel optimized ML-based framework to detect botnets based on their corresponding DNS queries.
  arXiv  Detail & Related papers  (2020-12-16T16:34:11Z)
• Noise-Response Analysis of Deep Neural Networks Quantifies Robustness and Fingerprints Structural Malware [48.7072217216104]
  Deep neural networks (DNNs) have structural malware' (i.e., compromised weights and activation pathways) It is generally difficult to detect backdoors, and existing detection methods are computationally expensive and require extensive resources (e.g., access to the training data) Here, we propose a rapid feature-generation technique that quantifies the robustness of a DNN, fingerprints' its nonlinearity, and allows us to detect backdoors (if present) Our empirical results demonstrate that we can accurately detect backdoors with high confidence orders-of-magnitude faster than existing approaches (seconds versus
  arXiv  Detail & Related papers  (2020-07-31T23:52:58Z)
• Boosting Deep Neural Networks with Geometrical Prior Knowledge: A Survey [77.99182201815763]
  Deep Neural Networks (DNNs) achieve state-of-the-art results in many different problem settings. DNNs are often treated as black box systems, which complicates their evaluation and validation. One promising field, inspired by the success of convolutional neural networks (CNNs) in computer vision tasks, is to incorporate knowledge about symmetric geometrical transformations.
  arXiv  Detail & Related papers  (2020-06-30T14:56:05Z)
• Automating Botnet Detection with Graph Neural Networks [106.24877728212546]
  Botnets are now a major source for many network attacks, such as DDoS attacks and spam. In this paper, we consider the neural network design challenges of using modern deep learning techniques to learn policies for botnet detection automatically.
  arXiv  Detail & Related papers  (2020-03-13T15:34:33Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.