DNS Tunneling Detection Techniques - Classification, and Theoretical Comparison in Case of a Real APT Campaign

机译：DNS隧道检测技术 - 分类，以及真正的APT运动的理论比较

获取原文

页面导航

摘要
著录项
相似文献
相关主题

摘要

Domain Name System (DNS) plays an important role as a translation protocol in everyday use of the Internet. The purpose of DNS is to translate domain names into IP addresses and vice versa. However, its simple architecture can easily be misused for malicious activities. One huge security threat concerning DNS is tunneling, which helps attackers bypass the security systems unnoticed. A DNS tunnel can be used for three purposes: as a command and control channel, for data exfiltration or even for tunneling another protocol through it. In this paper, we surveyed different techniques for DNS tunneling detection. We classified those first based on the type of data and then within the categories based on the type of analysis. We conclude with a comparison between the various detection techniques. We introduce one real Advanced Persistent Threat campaign that utilizes DNS tunneling, and theoretically compare how well the surveyed detection techniques could detect it.

机译：域名系统（DNS）在日常使用Internet中扮演重要角色。 DNS的目的是将域名转换为IP地址，反之亦然。但是，它的简单架构很容易被滥用恶意活动。关于DNS的一个巨大的安全威胁是隧道，这有助于攻击者绕过无意的安全系统。 DNS隧道可用于三种目的：作为命令和控制信道，用于数据exfiltration，甚至通过它隧道隧道隧道隧道隧道。在本文中，我们调查了DNS隧道检测的不同技术。我们首先根据数据类型分类，然后根据分析类型在类别中分类。我们在各种检测技术之间进行了比较。我们介绍了一个使用DNS隧道的一个真正的高级持久威胁活动，从理论上比较了调查的检测技术如何检测到它。

著录项

来源
《International Conference on Next Generation Wired/Wireless Advanced Networks and Systems》|2017年|769p|共12页
会议地点
作者
Viivi Nuojua; Gil David; Timo Hamalainen;
展开▼
作者单位

展开▼
会议组织
原文格式 PDF
正文语种
中图分类 TP393-53;
关键词
DNS tunneling detection; Covert channels detection; APT;

机译：DNS隧道检测;隐蔽通道检测;APT;

相似文献

外文文献
中文文献
专利

1. Near-Real-Time Measurement of Sea-Salt Aerosol during the SEAS Campaign: Comparison of Emission-Based Sodium Detection with an Aerosol Volatility Technique [J] . P. CAMPUZANO-JOST, C. D. CLARK, H. MARING, Journal of atmospheric and oceanic technology . 2003,第10期

机译：SEAS战役中海盐气溶胶的近实时测量：基于排放的钠检测与气溶胶挥发性技术的比较
2. Detection of Leishmania infantum DNA by real-time PCR in canine oral and conjunctival swabs and comparison with other diagnostic techniques. [J] . Lombardo G., Pennisi M. G., Lupo T., Veterinary Parasitology . 2012,第1期

机译：实时PCR检测犬口腔和结膜拭子中的婴儿利什曼原虫 DNA，并与其他诊断技术进行比较。
3. Comparison of the AdvanSure Human Papillomavirus Screening Real-Time PCR, the Abbott RealTime High Risk Human Papillomavirus Test, and the Hybrid Capture Human Papillomavirus DNA Test for the Detection of Human Papillomavirus [J] . Annals of laboratory medicine. . 2012,第3期

机译：AdvanSure人乳头瘤病毒筛查实时荧光定量PCR，雅培实时高危人乳头瘤病毒检测和混合捕获人乳头瘤病毒DNA检测以检测人乳头瘤病毒的比较
4. DNS Tunneling Detection Techniques - Classification, and Theoretical Comparison in Case of a Real APT Campaign [C] . Viivi Nuojua, Gil David, Timo Haemaelaeinen Internet of things, smart spaces, and next generation networks and systems . 2017

机译：DNS隧道检测技术-分类和在实际APT活动中的理论比较
5. Comparison of Classification Techniques for Distributed Denial of Service Attack Detection. [D] . Kamath, Tanmayee Prakash. 2017

机译：分布式拒绝服务攻击检测的分类技术比较。
6. Comparison of the AdvanSure Human Papillomavirus Screening Real-Time PCR the Abbott RealTime High Risk Human Papillomavirus Test and the Hybrid Capture Human Papillomavirus DNA Test for the Detection of Human Papillomavirus [O] . Yusun Hwang, Miae Lee 2012

机译：AdvanSure人乳头瘤病毒筛查实时荧光定量PCR雅培实时高危人乳头瘤病毒检测和杂交捕获人乳头瘤病毒DNA检测检测人乳头瘤病毒的比较
7. DNS Tunneling Detection Techniques – Classification, and Theoretical Comparison in Case of a Real APT Campaign [O] . Nuojua, Viivi, David, Gil, Hämäläinen, Timo 2017

机译：DNS隧道检测技术–真实APT活动中的分类和理论比较
8. Performance of Self-Adaptive Techniques for Multi-Static, Concurrent Detection, Classification and Localization of Targets in Shallow Water Using Distributed Autonomous Sensor Networks [R] . Sabra, K. G. 2010

机译：利用分布式自治传感器网络实现浅水中目标多静态，并发检测，分类和定位的自适应技术

DNS Tunneling Detection Techniques - Classification, and Theoretical Comparison in Case of a Real APT Campaign

摘要

著录项

相似文献

相关主题

期刊订阅