DNSxD: Detecting Data Exfiltration over DNS

Jacob Steadman, Sandra Scott-Hayward

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)
2167 Downloads (Pure)

Abstract

According to a 2017 SANS report, 1 in 20 organisations fall victim to data exfiltration. Data exfiltration, often the final stage of a cyber attack has damaging consequences for the victim organisation. The use of the Domain Name System (DNS) protocol for data exfiltration was first discussed in 1998. Twenty years on, this covert transmission method has become more sophisticated as malicious actors adapt to evade detection techniques. The popularity of DNS for data exfiltration is due to the essential nature of the protocol for network communication. This paper addresses the issue of DNS-based data exfiltration proposing a detection and mitigation method leveraging the Software-Defined Network (SDN) architecture. Popular DNS data exfiltration attacks and current exfiltration detection mechanisms are analysed to generate a feature-set for DNS data exfiltration detection. The DNSxD application is presented and its performance evaluated in comparison with the current exfiltration detection mechanisms.
Original languageEnglish
Title of host publicationProceedings of the IEEE Conference on Network Functions Virtualization and Software-Defined Networking
Place of PublicationVerona, Italy
PublisherInstitute of Electrical and Electronics Engineers Inc.
Number of pages6
ISBN (Electronic)978-1-5386-8281-4
ISBN (Print)978-1-5386-8282-1
DOIs
Publication statusPublished - 30 May 2019
Event2018 IEEE Conference on Network Functions Virtualization and Software-Defined Networking - Verona, Italy
Duration: 27 Nov 201829 Nov 2018
http://nfvsdn2018.ieee-nfvsdn.org/

Conference

Conference2018 IEEE Conference on Network Functions Virtualization and Software-Defined Networking
Country/TerritoryItaly
CityVerona
Period27/11/201829/11/2018
Internet address

Fingerprint

Dive into the research topics of 'DNSxD: Detecting Data Exfiltration over DNS'. Together they form a unique fingerprint.

Cite this