论文信息 - Domain Name System (DNS) Tunneling Detection using Structured Occurrence Nets (SONs)

Domain Name System (DNS) Tunneling Detection using Structured Occurrence Nets (SONs)

Today, serious warnings regarding the increasing number of DNS tunnelling methods are on the rise. Attackers have used such techniques to steal data from millions of accounts. The existing literature has thoroughly demonstrated the extent of the damage which DNS tunnelling can achieve on any given DNS server. However, through SONs Petri net-based formalisms which portray the behaviour of complex evolving systems, such threats can be alleviated. As a concept, SONs are originally grounded in Occurrence Nets (ONs) and already yielded results in terms of successful cybercrime analysis. For instance, adding of alternates to SONs initially used in [10] was extended to in [15] in order to model and analyse system activities such as cybercrime or accidents, which may show contradictory or uncertain evidence in terms of actual activity. The current paper proposes the use of SON features with the purpose of detecting DNS tunnelling, in the event of an actual attack.

Maciej Koutny | Talal Alharbi | M. Koutny | Talal Alharbi

[1] Maciej Koutny,et al. Structured Occurrence Nets: A Formalism for Aiding System Failure Prevention and Analysis Techniques , 2009, Fundam. Informaticae.

[2] Peipeng Liu,et al. A Bigram based Real Time DNS Tunnel Detection Approach , 2013, ITQM.

[3] Bowen Li,et al. SONCraft: A Tool for Construction, Simulation, and Analysis of Structured Occurrence Nets , 2018, 2018 18th International Conference on Application of Concurrency to System Design (ACSD).

[4] Kwan-Wu Chin,et al. On the viability and performance of DNS tunneling , 2008 .

[5] Brian Randell. Occurrence Nets Then and Now: The Path to Structured Occurrence Nets , 2011, Petri Nets.

[6] Antonios Atlasis,et al. Detecting DNS Tunneling , 2019 .

[7] Maurizio Aiello,et al. A Comparative Performance Evaluation of DNS Tunneling Tools , 2011, CISIS.

[8] Gilbert S Omenn,et al. An evaluation, comparison, and accurate benchmarking of several publicly available MS/MS search algorithms: Sensitivity and specificity analysis , 2005, Proteomics.

[9] Robert Tappan Morris,et al. DNS performance and the effectiveness of caching , 2001, IMW '01.

[10] Kenton Born,et al. Detecting DNS Tunnels Using Character Frequency Analysis , 2010, ArXiv.

[11] Maciej Koutny,et al. Visualising Data Sets in Structured Occurrence Nets , 2018, PNSE@Petri Nets/ACSD.