FQDN similarity and cache-miss property based DNS tunneling detection technique
| dc.contributor.author | Bhowmik, M. | |
| dc.contributor.author | Chowdhary, A. | |
| dc.contributor.author | Rudra, B. | |
| dc.date.accessioned | 2026-02-06T06:36:14Z | |
| dc.date.issued | 2021 | |
| dc.description.abstract | Although there are many effective methods to detect DNS Tunneling attacks, the attacks still happen, and the attackers can mock genuine queries to bypass such checks. However, in data exfiltration, the DNS queries are continuously changing as some part of it represents the data itself. Thus, all such queries would result in a cache miss, and therefore we can use such properties to detect DNS Tunneling attacks. However, relying on this is not enough as it will also have many false positives. To overcome the problem, we propose three criteria-based methods that consider DNS Tunneling queries’ properties and use them to reduce the number of false positives and thus accurately detect DNS Tunneling traffic. We even discussed the bypassing checks in this paper, and they are both costly and require the attacker to make redundant queries. © Grenze Scientific Society, 2021. | |
| dc.identifier.citation | 12th International Conference on Advances in Computing, Control, and Telecommunication Technologies, ACT 2021, 2021, Vol.2021-August, , p. 513-518 | |
| dc.identifier.uri | https://doi.org/ | |
| dc.identifier.uri | https://idr.nitk.ac.in/handle/123456789/30316 | |
| dc.publisher | Grenze Scientific Society | |
| dc.subject | Data exfiltration | |
| dc.subject | DNS cache server | |
| dc.subject | DNS queries | |
| dc.subject | DNS tunneling | |
| dc.subject | DNS tunneling detection | |
| dc.subject | Dnscat2 | |
| dc.subject | FQDN | |
| dc.title | FQDN similarity and cache-miss property based DNS tunneling detection technique |