Information-Entropy-Based DNS Tunnel Prediction

DNS tunneling techniques are often used for malicious purposes. Network security mechanisms have struggled to detect DNS tunneling. Network forensic analysis has been proposed as a solution, but it is slow, invasive and tedious as network forensic analysis tools struggle to deal with undocumented and new network tunneling techniques.

[1]  Dawn Xiaodong Song,et al.  Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[2]  Maurizio Dusi,et al.  Detecting HTTP Tunnels with Statistical Mechanisms , 2007, 2007 IEEE International Conference on Communications.

[3]  Maurizio Dusi,et al.  Detection of Encrypted Tunnels Across Network Boundaries , 2008, 2008 IEEE International Conference on Communications.

[4]  Marco Mellia,et al.  Revealing skype traffic: when randomness plays with you , 2007, SIGCOMM 2007.

[5]  Erik Hjelmvik,et al.  Breaking and Improving Protocol Obfuscation , 2010 .

[6]  Jens Myrup Pedersen,et al.  On the ground truth problem of malicious DNS traffic analysis , 2015, Comput. Secur..

[7]  Kenton Born,et al.  Detecting DNS Tunnels Using Character Frequency Analysis , 2010, ArXiv.

[8]  Renata Teixeira,et al.  Early Recognition of Encrypted Applications , 2007, PAM.

[9]  Riyad Alshammari,et al.  Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? , 2011, Comput. Networks.

[10]  Riyad Alshammari,et al.  Machine learning based encrypted traffic classification: Identifying SSH and Skype , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[11]  Kenton Born PSUDP: A PASSIVE APPROACH TO NETWORK-WIDE COVERT COMMUNICATION , 2010 .

[12]  Raymond A. Hansen,et al.  A Study on Botnets Utilizing DNS , 2015, RIIT '15.

[13]  Sudip Saha,et al.  DNS for Massive-Scale Command and Control , 2013, IEEE Transactions on Dependable and Secure Computing.

[14]  Maurizio Dusi,et al.  Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting , 2009, Comput. Networks.

[15]  Felix C. Freiling,et al.  On Botnets That Use DNS for Command and Control , 2011, 2011 Seventh European Conference on Computer Network Defense.