Monitoring Security of Enterprise Hosts via DNS Data Analysis

by   Jawad Ahmed, et al.

Enterprise Networks are growing in scale and complexity, with heterogeneous connected assets needing to be secured in different ways. Nevertheless, virtually all connected assets use the Domain Name System (DNS) for address resolution, and DNS has thus become a convenient vehicle for attackers to covertly perform Command and Control (C C) communication, data theft, and service disruption across a wide range of assets. Enterprise security appliances that monitor network traffic typically allow all DNS traffic through as it is vital for accessing any web service; they may at best match against a database of known malicious patterns, and are therefore ineffective against zero-day attacks. This thesis focuses on three high-impact cyber-attacks that leverage DNS, specifically data exfiltration, malware C C communication, and service disruption. Using big data (over 10B packets) of DNS network traffic collected from a University campus and a Government research organization over a 6-month period, we illustrate the anatomy of these attacks, train machines for automatically detecting such attacks, and evaluate their efficacy in the field.


page 1

page 2

page 28

page 30

page 31

page 33

page 34


Adversarial Deep Ensemble: Evasion Attacks and Defenses for Malware Detection

Malware remains a big threat to cyber security, calling for machine lear...

PORTFILER: Port-Level Network Profiling for Self-Propagating Malware Detection

Recent self-propagating malware (SPM) campaigns compromised hundred of t...

Analyzing Enterprise DNS Traffic to Classify Assets and Track Cyber-Health

The Domain Name System (DNS) is a critical service that enables domain n...

Precise URL Phishing Detection Using Neural Networks

With the development of the Internet, ways of obtaining important data s...

On Blowback Traffic on the Internet

This paper considers the phenomenon where a single probe to a target gen...

Securing Big Data from Eavesdropping Attacks in SCADA/ICS Network Data Streams through Impulsive Statistical Fingerprinting

While data from Supervisory Control And Data Acquisition (SCADA) systems...

Please sign up or login with your details

Forgot password? Click here to reset