DNS Tunneling: Threat Landscape and Improved Detection Solutions
Novruz Amirov, Baran Isik, Bilal Ihsan Tuncer, Serif Bahtiyar
TL;DR
This paper presents a machine learning-based approach to improve the detection of DNS tunneling, a covert communication method often missed by traditional rule-based methods, enhancing cybersecurity defenses.
Contribution
The paper introduces a novel machine learning framework that analyzes DNS traffic features for more accurate detection of tunneling activities, surpassing traditional methods.
Findings
Machine learning algorithms effectively detect DNS tunneling.
Proposed method outperforms rule-based detection approaches.
Analysis shows high accuracy in identifying covert DNS channels.
Abstract
Detecting Domain Name System (DNS) tunneling is a significant challenge in security due to its capacity to hide harmful actions within DNS traffic that appears to be normal and legitimate. Traditional detection methods are based on rule-based approaches or signature matching methods that are often insufficient to accurately identify such covert communication channels. This research is about effectively detecting DNS tunneling. We propose a novel approach to detect DNS tunneling with machine learning algorithms. We combine machine learning algorithms to analyze the traffic by using features extracted from DNS traffic. Analyses results show that the proposed approach is a good candidate to detect DNS tunneling accurately.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsNetwork Security and Intrusion Detection · IPv6, Mobility, Handover, Networks, Security · Internet Traffic Analysis and Secure E-voting