| Presentation | 2019-09-06 A Study on Features Derived from Cache Property for DNS Tunneling Detection Naotake Ishikura, Daishi Kondo, Hideki Tode, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | A lot of enterprises are under threat of targeted attacks causing data exfiltration, and as a means of performing the attacks, DNS tunneling has been exploited in recent years.Although there are many research efforts to detect DNS tunneling, the previously proposed methods are only effective to identify DNS tunneling traffic generated by specific malware or DNS tunneling tools since the methods are built based on the anomalous traffic features caused by the malware or tools.Therefore, these methods cannot deal with forthcoming and unknown DNS tunneling that succeeds in leaking data by bypassing them.In order to handle the essential drawback of these methods, we focus on the fact that exfiltrating data over DNS tunneling definitely produces a cache miss on the DNS cache server where the source of the tunneling traffic directly connects, and we propose features derived from the cache property. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Targeted attacks / DNS tunneling / Feature engineering / Cache property |
| Paper # | NS2019-93 |
| Date of Issue | 2019-08-29 (NS) |
| Conference Information | |
| Committee | NS / IN / CS |
|---|---|
| Conference Date | 2019/9/5(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Research Institute of Electrical Communication, Tohoku Univ. |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | Session management (SIP/IMS), Interoperability/Standardization, NGN/NwGN/Future networks, Cloud/Data center networks, SDN (OpenFlow, etc.)/NFV, IPv6, Machine learning, etc. |
| Chair | Yoshikatsu Okazaki(NTT) / Takuji Kishida(NTT-AT) / Hidenori Nakazato(Waseda Univ.) |
| Vice Chair | Akihiro Nakao(Univ. of Tokyo) / Kenji Ishida(Hiroshima City Univ.) / Jun Terada(NTT) |
| Secretary | Akihiro Nakao(Osaka Pref Univ.) / Kenji Ishida(NTT) / Jun Terada(NTT Communications) |
| Assistant | Shinya Kawano(NTT) / / Kazutaka Hara(NTT) / Hiroyuki Saito(OKI) |
| Paper Information | |
| Registration To | Technical Committee on Network Systems / Technical Committee on Information Networks / Technical Committee on Communication Systems |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | A Study on Features Derived from Cache Property for DNS Tunneling Detection |
| Sub Title (in English) | |
| Keyword(1) | Targeted attacks |
| Keyword(2) | DNS tunneling |
| Keyword(3) | Feature engineering |
| Keyword(4) | Cache property |
| 1st Author's Name | Naotake Ishikura |
| 1st Author's Affiliation | Osaka Prefecture University(Osaka Pref. Univ.) |
| 2nd Author's Name | Daishi Kondo |
| 2nd Author's Affiliation | Osaka Prefecture University(Osaka Pref. Univ.) |
| 3rd Author's Name | Hideki Tode |
| 3rd Author's Affiliation | Osaka Prefecture University(Osaka Pref. Univ.) |
| Date | 2019-09-06 |
| Paper # | NS2019-93 |
| Volume (vol) | vol.119 |
| Number (no) | NS-194 |
| Page | pp.pp.25-30(NS), |
| #Pages | 6 |
| Date of Issue | 2019-08-29 (NS) |