Lorena de Souza Bezerra Borges, Robson de Oliveira Albuquerque, R. T. de Sousa Júnior
{"title":"基于云平台的DNS隧道检测安全模型","authors":"Lorena de Souza Bezerra Borges, Robson de Oliveira Albuquerque, R. T. de Sousa Júnior","doi":"10.1109/WCNPS56355.2022.9969715","DOIUrl":null,"url":null,"abstract":"DNS tunneling uses DNS protocol features to establish command and control channels thus being possibly exploited as a malicious tool for data exfiltration. DNS tunneling security threats affect crossplatform systems within local and cloud computing resources. This article proposes an effective DNS tunnel detection methodology integrating cloud-based resources. The proposed detection methods compose an unsupervised machine-learning model execution for anomaly identification. The validation uses a collected DNS traffic dataset and shows the practical approach for C2, data exfiltration, and heartbeat tunnel test situations, as high levels of anomaly detection are obtained even for those lightweight data during the transfer process. This study has an operational approach and could be adapted to compose security control systems for organizations.","PeriodicalId":120276,"journal":{"name":"2022 Workshop on Communication Networks and Power Systems (WCNPS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2022-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A security model for DNS tunnel detection on cloud platform\",\"authors\":\"Lorena de Souza Bezerra Borges, Robson de Oliveira Albuquerque, R. T. de Sousa Júnior\",\"doi\":\"10.1109/WCNPS56355.2022.9969715\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DNS tunneling uses DNS protocol features to establish command and control channels thus being possibly exploited as a malicious tool for data exfiltration. DNS tunneling security threats affect crossplatform systems within local and cloud computing resources. This article proposes an effective DNS tunnel detection methodology integrating cloud-based resources. The proposed detection methods compose an unsupervised machine-learning model execution for anomaly identification. The validation uses a collected DNS traffic dataset and shows the practical approach for C2, data exfiltration, and heartbeat tunnel test situations, as high levels of anomaly detection are obtained even for those lightweight data during the transfer process. This study has an operational approach and could be adapted to compose security control systems for organizations.\",\"PeriodicalId\":120276,\"journal\":{\"name\":\"2022 Workshop on Communication Networks and Power Systems (WCNPS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-11-17\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 Workshop on Communication Networks and Power Systems (WCNPS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WCNPS56355.2022.9969715\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Workshop on Communication Networks and Power Systems (WCNPS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCNPS56355.2022.9969715","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A security model for DNS tunnel detection on cloud platform
DNS tunneling uses DNS protocol features to establish command and control channels thus being possibly exploited as a malicious tool for data exfiltration. DNS tunneling security threats affect crossplatform systems within local and cloud computing resources. This article proposes an effective DNS tunnel detection methodology integrating cloud-based resources. The proposed detection methods compose an unsupervised machine-learning model execution for anomaly identification. The validation uses a collected DNS traffic dataset and shows the practical approach for C2, data exfiltration, and heartbeat tunnel test situations, as high levels of anomaly detection are obtained even for those lightweight data during the transfer process. This study has an operational approach and could be adapted to compose security control systems for organizations.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
