A Bigram based Real Time DNS Tunnel Detection Approach

  title={A Bigram based Real Time DNS Tunnel Detection Approach},
  author={Cheng Qi and Xiaojun Chen and Cui Xu and Jinqiao Shi and Peipeng Liu},
DNS (Domain Name System) tunnels can provide high-bandwidth covert channels that pose a significant risk to sensitive information inside the company networks. Sensitive data are embedded in DNS query and response packets to exfiltrate and infiltrate the network boundaries. However, traditional Intrusion Detection Systems (IDS) and Firewalls let DNS packets pass without any checking. This paper explores a novel approach to detect in real time whether a DNS packet is in a tunnel by scoring the… CONTINUE READING

From This Paper

Figures, tables, and topics from this paper.


Publications citing this paper.
Showing 1-10 of 10 extracted citations


Publications referenced by this paper.
Showing 1-7 of 7 references

A framework for DNS based detection and mitigation of malware infections on a network, Information

  • E. Stalmans, B. Irwin
  • Security South Africa (ISSA),
  • 2011
1 Excerpt

Alexa . com . Alexa top 1 , 000 , 000 global sites

  • H. van der Heide, N. Barendregt
  • 2011

Similar Papers

Loading similar papers…