DNSxP: Enhancing data exfiltration protection through data plane programmability

Jacob Steadman*, Sandra Scott-Hayward

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

According to a 2019 Radware report, guarding sensitive data is the highest priority area for investment in cyber security. This is no surprise given the high number of reported data breach incidents annually, and the implication of these on the individuals or organisations targeted. Data exfiltration is a key stage in this form of cyber-attack, and the use of the Domain Name System protocol for data exfiltration is popular due to the essential nature of the protocol for network communication. This paper presents a DNS data exfiltration Protection (DNSxP) security architecture leveraging Software-Defined Networking and Data Plane Programmability. The solution is developed based on analysis of different malicious use cases for transmitting data over the DNS protocol. By performing coarse-grained packet filtering and analysis in the data plane, clear benign or malicious traffic can be identified quickly, while suspicious traffic is passed to additional security controls at the SDN controller for classification. As the results demonstrate, this approach offers the combined benefit of reducing data loss during an exfiltration attack and reducing network resource consumption
Original languageEnglish
Article number 108174
Number of pages13
JournalComputer Networks
Volume195
Early online date24 May 2021
DOIs
Publication statusEarly online date - 24 May 2021

Fingerprint

Dive into the research topics of 'DNSxP: Enhancing data exfiltration protection through data plane programmability'. Together they form a unique fingerprint.

Cite this