Flow-Based Detection of DNS Tunnels

Abstract : DNS tunnels allow circumventing access and security policies in firewalled networks. Such a security breach can be misused for activities like free web browsing, but also for command & control traffic or cyber espionage, thus motivating the search for effective automated DNS tunnel detection techniques. In this paper we develop such a technique, based on the monitoring and analysis of network flows. Our methodology combines flow information with statistical methods for anomaly detection. The contribution of our paper is twofold. Firstly, based on flow-derived variables that we identified as indicative of DNS tunnelling activities, we identify and evaluate a set of non-parametrical statistical tests that are particularly useful in this context. Secondly, the efficacy of the resulting tests is demonstrated by extensive validation experiments in an operational environment, covering many different usage scenarios.
Type de document :
Communication dans un congrès
Guillaume Doyen; Martin Waldburger; Pavel Čeleda; Anna Sperotto; Burkhard Stiller. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. Springer, Lecture Notes in Computer Science, LNCS-7943, pp.124-135, 2013, Emerging Management Mechanisms for the Future Internet. 〈10.1007/978-3-642-38998-6_16〉
Liste complète des métadonnées

Littérature citée [14 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01489962
Contributeur : Hal Ifip <>
Soumis le : mardi 14 mars 2017 - 17:06:12
Dernière modification le : jeudi 4 octobre 2018 - 22:12:02
Document(s) archivé(s) le : jeudi 15 juin 2017 - 14:54:17

Fichier

978-3-642-38998-6_16_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Wendy Ellens, Piotr Żuraniewski, Anna Sperotto, Harm Schotanus, Michel Mandjes, et al.. Flow-Based Detection of DNS Tunnels. Guillaume Doyen; Martin Waldburger; Pavel Čeleda; Anna Sperotto; Burkhard Stiller. 7th International Conference on Autonomous Infrastructure (AIMS), Jun 2013, Barcelona, Spain. Springer, Lecture Notes in Computer Science, LNCS-7943, pp.124-135, 2013, Emerging Management Mechanisms for the Future Internet. 〈10.1007/978-3-642-38998-6_16〉. 〈hal-01489962〉

Partager

Métriques

Consultations de la notice

138

Téléchargements de fichiers

233