@article{38b3f321d9e14483b81c4a64708df087,
title = "DNSxP: Enhancing data exfiltration protection through data plane programmability",
abstract = "According to a 2019 Radware report, guarding sensitive data is the highest priority area for investment in cyber security. This is no surprise given the high number of reported data breach incidents annually, and the implication of these on the individuals or organisations targeted. Data exfiltration is a key stage in this form of cyber-attack, and the use of the Domain Name System protocol for data exfiltration is popular due to the essential nature of the protocol for network communication. This paper presents a DNS data exfiltration Protection (DNSxP) security architecture leveraging Software-Defined Networking and Data Plane Programmability. The solution is developed based on analysis of different malicious use cases for transmitting data over the DNS protocol. By performing coarse-grained packet filtering and analysis in the data plane, clear benign or malicious traffic can be identified quickly, while suspicious traffic is passed to additional security controls at the SDN controller for classification. As the results demonstrate, this approach offers the combined benefit of reducing data loss during an exfiltration attack and reducing network resource consumption",
author = "Jacob Steadman and Sandra Scott-Hayward",
year = "2021",
month = aug,
day = "4",
doi = "10.1016/j.comnet.2021.108174",
language = "English",
volume = "195",
journal = "Computer Networks",
issn = "1389-1286",
publisher = "Elsevier B.V.",
}