Biblio
Filters: Author is Shashanka, M. [Clear All Filters]
.
2017. Detection of Exfiltration and Tunneling over DNS. 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA). :737–742.
This paper proposes a method to detect two primary means of using the Domain Name System (DNS) for malicious purposes. We develop machine learning models to detect information exfiltration from compromised machines and the establishment of command & control (C&C) servers via tunneling. We validate our approach by experiments where we successfully detect a malware used in several recent Advanced Persistent Threat (APT) attacks [1]. The novelty of our method is its robustness, simplicity, scalability, and ease of deployment in a production environment.