Paper Abstract and Keywords |
Presentation |
2019-09-06 11:15
A Study on Features Derived from Cache Property for DNS Tunneling Detection Naotake Ishikura, Daishi Kondo, Hideki Tode (Osaka Pref. Univ.) NS2019-93 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
A lot of enterprises are under threat of targeted attacks causing data exfiltration, and as a means of performing the attacks, DNS tunneling has been exploited in recent years.Although there are many research efforts to detect DNS tunneling, the previously proposed methods are only effective to identify DNS tunneling traffic generated by specific malware or DNS tunneling tools since the methods are built based on the anomalous traffic features caused by the malware or tools.Therefore, these methods cannot deal with forthcoming and unknown DNS tunneling that succeeds in leaking data by bypassing them.In order to handle the essential drawback of these methods, we focus on the fact that exfiltrating data over DNS tunneling definitely produces a cache miss on the DNS cache server where the source of the tunneling traffic directly connects, and we propose features derived from the cache property. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
Targeted attacks / DNS tunneling / Feature engineering / Cache property / / / / |
Reference Info. |
IEICE Tech. Rep., vol. 119, no. 194, NS2019-93, pp. 25-30, Sept. 2019. |
Paper # |
NS2019-93 |
Date of Issue |
2019-08-29 (NS) |
ISSN |
Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
NS2019-93 |
Conference Information |
Committee |
NS IN CS NV |
Conference Date |
2019-09-05 - 2019-09-06 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Research Institute of Electrical Communication, Tohoku Univ. |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
Session management (SIP/IMS), Interoperability/Standardization, NGN/NwGN/Future networks, Cloud/Data center networks, SDN (OpenFlow, etc.)/NFV, IPv6, Machine learning, etc. |
Paper Information |
Registration To |
NS |
Conference Code |
2019-09-NS-IN-CS-NV |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
A Study on Features Derived from Cache Property for DNS Tunneling Detection |
Sub Title (in English) |
|
Keyword(1) |
Targeted attacks |
Keyword(2) |
DNS tunneling |
Keyword(3) |
Feature engineering |
Keyword(4) |
Cache property |
Keyword(5) |
|
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Naotake Ishikura |
1st Author's Affiliation |
Osaka Prefecture University (Osaka Pref. Univ.) |
2nd Author's Name |
Daishi Kondo |
2nd Author's Affiliation |
Osaka Prefecture University (Osaka Pref. Univ.) |
3rd Author's Name |
Hideki Tode |
3rd Author's Affiliation |
Osaka Prefecture University (Osaka Pref. Univ.) |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2019-09-06 11:15:00 |
Presentation Time |
25 minutes |
Registration for |
NS |
Paper # |
NS2019-93 |
Volume (vol) |
vol.119 |
Number (no) |
no.194 |
Page |
pp.25-30 |
#Pages |
6 |
Date of Issue |
2019-08-29 (NS) |
|