DNS tunneling is a typical attack adopted by cyber-criminals to compromise victims' devices,steal sensitive data, or perform fraudulent actions against third parties without their knowledge.The fraudulent traffic is encapsulated into DNS queries to evade intrusion detection. Unfortu-nately, traditional defense systems based on Deep Packet Inspection cannot always detect suchtraffic. As a result, DNS tunneling is one problem that has worried the cybersecurity communityover the past decade.In this paper, we propose a robust and reliable Deep Learning-based DNS tunneling detectionapproach to mine valuable insight from DNS query payloads. More precisely, several featuresare first extracted by the DNS flow, and then they are arranged as bi-dimensional images. AConvolutionalNeuralNetworkis used to automatically and adaptively learn spatial hierarchies offeatures to be used in a fully connected neural network for traffic classification. The proposedapproach may result in an extremely interesting task in predictive security approaches to attackdetection.The effectiveness of the proposal is evaluated in several experiments using a real-worldtraffic dataset. The obtained results show that our approach achieves 99.99% of accuracy andperforms better than state-of-the-art solutions

DNS tunnels detection via DNS-images

Gianni D'Angelo;Arcangelo Castiglione;Francesco Palmieri
2022

Abstract

DNS tunneling is a typical attack adopted by cyber-criminals to compromise victims' devices,steal sensitive data, or perform fraudulent actions against third parties without their knowledge.The fraudulent traffic is encapsulated into DNS queries to evade intrusion detection. Unfortu-nately, traditional defense systems based on Deep Packet Inspection cannot always detect suchtraffic. As a result, DNS tunneling is one problem that has worried the cybersecurity communityover the past decade.In this paper, we propose a robust and reliable Deep Learning-based DNS tunneling detectionapproach to mine valuable insight from DNS query payloads. More precisely, several featuresare first extracted by the DNS flow, and then they are arranged as bi-dimensional images. AConvolutionalNeuralNetworkis used to automatically and adaptively learn spatial hierarchies offeatures to be used in a fully connected neural network for traffic classification. The proposedapproach may result in an extremely interesting task in predictive security approaches to attackdetection.The effectiveness of the proposal is evaluated in several experiments using a real-worldtraffic dataset. The obtained results show that our approach achieves 99.99% of accuracy andperforms better than state-of-the-art solutions
File in questo prodotto:
Non ci sono file associati a questo prodotto.

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11386/4806719
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 2
  • ???jsp.display-item.citation.isi??? 1
social impact