Corpus ID: 195699756

Identifying DNS-tunneled traffic with predictive models

@article{Berg2019IdentifyingDT,
  title={Identifying DNS-tunneled traffic with predictive models},
  author={A. Berg and D. Forsberg},
  journal={ArXiv},
  year={2019},
  volume={abs/1906.11246}
}
DNS is a distributed, fault tolerant system that avoids a single point of failure. As such it is an integral part of the internet as we use it today and hence deemed a safe protocol which is let through firewalls and proxies with no or little checks. This can be exploited by malicious agents. Network forensics is effective but struggles due to size of data and manual labour. This paper explores to what extent predictive models can be used to predict network traffic, what protocols are tunneled… Expand
2 Citations
Detecting abnormal DNS traffic using unsupervised machine learning
  • PDF

References

SHOWING 1-10 OF 33 REFERENCES
Harnessing Predictive Models for Assisting Network Forensic Investigations of DNS Tunnels
  • 9
  • Highly Influential
Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting
  • 123
  • PDF
Detection of Malicious and Low Throughput Data Exfiltration Over the DNS Protocol
  • 40
  • PDF
Entropy-based Prediction of Network Protocols in the Forensic Analysis of DNS Tunnels
  • 9
  • PDF
DNS for Massive-Scale Command and Control
  • 66
  • Highly Influential
  • PDF
Detecting DNS Tunnels Using Character Frequency Analysis
  • 68
  • PDF
On Botnets That Use DNS for Command and Control
  • 115
  • Highly Influential
  • PDF
Breaking and Improving Protocol Obfuscation
  • 51
  • PDF
Network forensics: Review, taxonomy, and open challenges
  • 77
  • PDF
...
1
2
3
4
...