arrow.tudublin.ie
Open in
urlscan Pro
50.18.241.247
Public Scan
URL:
https://arrow.tudublin.ie/nsdcon/2/
Submission: On February 28 via api from IL — Scanned from IL
Submission: On February 28 via api from IL — Scanned from IL
Form analysis 1 forms found in the DOM
GET https://arrow.tudublin.ie/do/search/
<form method="get" action="https://arrow.tudublin.ie/do/search/" id="sidebar-search">
<label for="search" accesskey="4"> Enter search terms: </label>
<div>
<span class="border">
<input type="text" name="q" class="search" id="search">
</span>
<input type="submit" value="Search" class="searchbutton" style="font-size:11px;">
</div>
<label for="context" class="visually-hidden"> Select context to search: </label>
<div>
<span class="border">
<select name="fq" id="context">
<option value="virtual_ancestor_link:"https://arrow.tudublin.ie/nsdcon"">in this series</option>
<option value="virtual_ancestor_link:"https://arrow.tudublin.ie"">in this repository</option>
<option value="virtual_ancestor_link:"http:/"">across all repositories</option>
</select>
</span>
</div>
</form>Text Content
We use cookies to help provide and enhance our service and tailor content. By closing this message, you agree to the use of cookies. Close Menu * Home * Search * Browse Collections * My Account * About * Digital Commons Network™ Skip to main content * Home * About * FAQ * My Account * < Previous * Next > * Home > Faculties > Faculty of Computing, Digital and Data > Informatics > NSDFG > conference > 2 CONFERENCE PAPERS TITLE DETECTION OF DNS BASED COVERT CHANNELS AUTHORS Stephen Sheridan, Technological University DublinFollow Anthony Keane, Technological University DublinFollow DOCUMENT TYPE Conference Paper RIGHTS This item is available under a Creative Commons License for non-commercial use only DISCIPLINES Computer Sciences, Information Science PUBLICATION DETAILS Sheridan, S., Keane, A. In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK, July 2nd 2015. ABSTRACT Information theft or data exfiltration, whether personal or corporate, is now a lucrative mainstay of cybercrime activity. Recent security reports have suggested that while information, such as credit card data is still a prime target, other data such as corporate secrets, employee files and intellectual property are increasingly sought after on the black market. Malicious actors that are intent on exfiltrating valuable data, usually employ some form of Advanced Persistent Threat (APT) in order to exfiltrate large amounts of data over a long period of time with a high degree of covertness. Botnets are prime examples of APTs that are usually established on targeted systems through malware or exploit kits that leverage system vulnerabilities. Once established, Botnets rely on covert command and control (C&C) communications with a central server, this allows a malicious actor to keep track of compromised systems and to send out instructions for compromised systems to do their biding. Covert channels provide an ideal mechanism for data exfiltration and the exchange of command and control messages that are essential to a Botnets effectiveness. Our work focuses on one particular form of covert channel that enables communication of hidden messages over normal Domain Name Server (DNS) network traffic. Covert channels based on DNS traffic are of particular interest, as DNS requests are an essential part of most Internet traffic and as a result are rarely filtered or blocked by firewalls. As part of our work we have created a test bed system that uses a covert DNS channel to exfiltrate data from a compromised host. Using this system we have carried out network traffic analysis that uses baseline comparisons as a means to fingerprint covert DNS activity. Even though detection of covert DNS activity is relatively straightforward, there is anecdotal evidence to suggest that most organisations do not filter or pay enough attention to DNS traffic and are therefore susceptible to data exfiltration attacks once a host on their network has been compromised. Our work shows that freely available covert DNS tools have particular traffic signatures that can be detected in order to mitigate data exfiltration and C&C traffic. RECOMMENDED CITATION Sheridan, S., Keane, A. (2015). In Proceedings of the 14th European Conference on Cyber Warfare and Security (ECCWS), University of Hertfordshire, Hatfield, UK. Download 3,194 DOWNLOADS Since June 14, 2016 Plum Print visual indicator of research metrics PlumX Metrics * Usage * Downloads: 3175 * Abstract Views: 91 see details INCLUDED IN Computer Sciences Commons SHARE Facebook LinkedIn WhatsApp Email Share COinS SEARCH Enter search terms: Select context to search: in this series in this repository across all repositories Advanced Search * Notify me via email or RSS BROWSE * Collections * Journal Collection * Special Collections * Disciplines * TU Dublin Authors AUTHOR CORNER * Author FAQ * Submit Research Elsevier - Digital Commons Home | About | FAQ | My Account | Accessibility Statement Privacy Copyright ✓ Thanks for sharing! AddToAny More…