English

A Pipeline for DNS-Based Software Fingerprinting

Networking and Internet Architecture 2022-08-16 v1

Abstract

In this paper, we present the modular design and implementation of DONUT, a novel tool for identifying software running on a device. Our tool uses a rule-based approach to detect software-specific DNS fingerprints (stored in an easily extendable database) in passively monitored DNS traffic. We automated the rule extraction process for DONUT with the help of ATLAS, a novel tool we developed for labeling network traffic by the software that created it. We demonstrate the functionality of our pipeline by generating rules for a number of applications, evaluate the performance as well as scalability of the analysis, and confirm the functional correctness of DONUT using an artificial data set for which the ground-truth is known. In addition, we evaluate DONUT's analysis results on a large real-world data set with unknown ground truth.

Keywords

Cite

@article{arxiv.2208.07042,
  title  = {A Pipeline for DNS-Based Software Fingerprinting},
  author = {Sebastian Schäfer and Ulrike Meyer},
  journal= {arXiv preprint arXiv:2208.07042},
  year   = {2022}
}

Comments

10 pages, 9 figures

R2 v1 2026-06-25T01:42:24.513Z