DNS tunnels detection via DNS-images |
| |
Institution: | 1. School of Economics and Management, Beihang University, Beijing 100191, China;2. Key Laboratory of Complex System Analysis and Management Decision, Ministry of Education, Beijing 100191, China |
| |
Abstract: | DNS tunneling is a typical attack adopted by cyber-criminals to compromise victims’ devices, steal sensitive data, or perform fraudulent actions against third parties without their knowledge. The fraudulent traffic is encapsulated into DNS queries to evade intrusion detection. Unfortunately, traditional defense systems based on Deep Packet Inspection cannot always detect such traffic. As a result, DNS tunneling is one problem that has worried the cybersecurity community over the past decade.In this paper, we propose a robust and reliable Deep Learning-based DNS tunneling detection approach to mine valuable insight from DNS query payloads. More precisely, several features are first extracted by the DNS flow, and then they are arranged as bi-dimensional images. A Convolutional Neural Network is used to automatically and adaptively learn spatial hierarchies of features to be used in a fully connected neural network for traffic classification. The proposed approach may result in an extremely interesting task in predictive security approaches to attack detection.The effectiveness of the proposal is evaluated in several experiments using a real-world traffic dataset. The obtained results show that our approach achieves 99.99% of accuracy and performs better than state-of-the-art solutions. |
| |
Keywords: | DNS security DNS tunneling Data exfiltration Anomaly detection Classification Convolutional neural network |
本文献已被 ScienceDirect 等数据库收录! |
|