According to a 2017 SANS report, 1 in 20 organisations fall victim to data exfiltration. Data exfiltration, often the final stage of a cyber attack has damaging consequences for the victim organisation. The use of the Domain Name System (DNS) protocol for data exfiltration was first discussed in 1998. Twenty years on, this covert transmission method has become more sophisticated as malicious actors adapt to evade detection techniques. The popularity of DNS for data exfiltration is due to the essential nature of the protocol for network communication. This paper addresses the issue of DNS-based data exfiltration proposing a detection and mitigation method leveraging the Software-Defined Network (SDN) architecture. Popular DNS data exfiltration attacks and current exfiltration detection mechanisms are analysed to generate a feature-set for DNS data exfiltration detection. The DNSxD application is presented and its performance evaluated in comparison with the current exfiltration detection mechanisms.
|Title of host publication||Proceedings of the IEEE Conference on Network Functions Virtualization and Software-Defined Networking|
|Place of Publication||Verona, Italy|
|Publisher||Institute of Electrical and Electronics Engineers (IEEE)|
|Number of pages||6|
|Publication status||Published - 30 May 2019|
|Event||2018 IEEE Conference on Network Functions Virtualization and Software-Defined Networking - Verona, Italy|
Duration: 27 Nov 2018 → 29 Nov 2018
|Conference||2018 IEEE Conference on Network Functions Virtualization and Software-Defined Networking|
|Period||27/11/2018 → 29/11/2018|
FingerprintDive into the research topics of 'DNSxD: Detecting Data Exfiltration over DNS'. Together they form a unique fingerprint.
Student thesis: Doctoral Thesis › Doctor of Philosophy