DNS tunneling is a typical attack adopted by cyber-criminals to compromise victims' devices,steal sensitive data, or perform fraudulent actions against third parties without their knowledge.The fraudulent traffic is encapsulated into DNS queries to evade intrusion detection. Unfortu-nately, traditional defense systems based on Deep Packet Inspection cannot always detect suchtraffic. As a result, DNS tunneling is one problem that has worried the cybersecurity communityover the past decade.In this paper, we propose a robust and reliable Deep Learning-based DNS tunneling detectionapproach to mine valuable insight from DNS query payloads. More precisely, several featuresare first extracted by the DNS flow, and then they are arranged as bi-dimensional images. AConvolutionalNeuralNetworkis used to automatically and adaptively learn spatial hierarchies offeatures to be used in a fully connected neural network for traffic classification. The proposedapproach may result in an extremely interesting task in predictive security approaches to attackdetection.The effectiveness of the proposal is evaluated in several experiments using a real-worldtraffic dataset. The obtained results show that our approach achieves 99.99% of accuracy andperforms better than state-of-the-art solutions
DNS tunnels detection via DNS-images
Gianni D'Angelo;Arcangelo Castiglione;Francesco Palmieri
2022-01-01
Abstract
DNS tunneling is a typical attack adopted by cyber-criminals to compromise victims' devices,steal sensitive data, or perform fraudulent actions against third parties without their knowledge.The fraudulent traffic is encapsulated into DNS queries to evade intrusion detection. Unfortu-nately, traditional defense systems based on Deep Packet Inspection cannot always detect suchtraffic. As a result, DNS tunneling is one problem that has worried the cybersecurity communityover the past decade.In this paper, we propose a robust and reliable Deep Learning-based DNS tunneling detectionapproach to mine valuable insight from DNS query payloads. More precisely, several featuresare first extracted by the DNS flow, and then they are arranged as bi-dimensional images. AConvolutionalNeuralNetworkis used to automatically and adaptively learn spatial hierarchies offeatures to be used in a fully connected neural network for traffic classification. The proposedapproach may result in an extremely interesting task in predictive security approaches to attackdetection.The effectiveness of the proposal is evaluated in several experiments using a real-worldtraffic dataset. The obtained results show that our approach achieves 99.99% of accuracy andperforms better than state-of-the-art solutionsI documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
