Corpus ID: 195699756

Identifying DNS-tunneled traffic with predictive models

@article{Berg2019IdentifyingDT,
  title={Identifying DNS-tunneled traffic with predictive models},
  author={A. Berg and D. Forsberg},
  journal={ArXiv},
  year={2019},
  volume={abs/1906.11246}
}
DNS is a distributed, fault tolerant system that avoids a single point of failure. As such it is an integral part of the internet as we use it today and hence deemed a safe protocol which is let through firewalls and proxies with no or little checks. This can be exploited by malicious agents. Network forensics is effective but struggles due to size of data and manual labour. This paper explores to what extent predictive models can be used to predict network traffic, what protocols are tunneled… Expand
2 Citations
Detecting abnormal DNS traffic using unsupervised machine learning

References

SHOWING 1-10 OF 33 REFERENCES
Harnessing Predictive Models for Assisting Network Forensic Investigations of DNS Tunnels
Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting
Detection of Malicious and Low Throughput Data Exfiltration Over the DNS Protocol
DNS for Massive-Scale Command and Control
Detecting DNS Tunnels Using Character Frequency Analysis
On Botnets That Use DNS for Command and Control
Breaking and Improving Protocol Obfuscation
Network forensics: Review, taxonomy, and open challenges
...
1
2
3
4
...