English
Related papers

Related papers: Combating Malicious DNS Tunnel

200 papers

High-bandwidth covert channels pose significant risks to sensitive and proprietary information inside company networks. Domain Name System (DNS) tunnels provide a means to covertly infiltrate and exfiltrate large amounts of information…

Cryptography and Security · Computer Science 2010-04-27 Kenton Born , David Gustafson

The DNS infrastructure is infamous for facilitating reflective amplification attacks. Various countermeasures such as server shielding, access control, rate limiting, and protocol restrictions have been implemented. Still, the threat…

Cryptography and Security · Computer Science 2025-10-23 Maynard Koch , Florian Dolzmann , Thomas C. Schmidt , Matthias Wählisch

Nowadays, malware increasingly uses DNS-based covert channels in order to evade detection and maintain stealthy communication with its command-and-control servers. While prior work has focused on detecting such activity, identifying…

Cryptography and Security · Computer Science 2025-11-26 Pascal Ruffing , Denis Petrov , Sebastian Zillien , Steffen Wendzel

Domain Generation Algorithms (DGAs) are used by adversaries to establish Command and Control (C\&C) server communications during cyber attacks. Blacklists of known/identified C\&C domains are often used as one of the defense mechanisms.…

Cryptography and Security · Computer Science 2021-01-05 Ibrahim Yilmaz , Ambareen Siraj , Denis Ulybyshev

Malicious actors exploit the DNS namespace to launch spam campaigns, phishing attacks, malware, and other harmful activities. Combating these threats requires visibility into domain existence, ownership and nameservice activity that the DNS…

Networking and Internet Architecture · Computer Science 2024-09-26 Raffaele Sommese , Gautam Akiwate , Antonia Affinito , Moritz Müller , Mattijs Jonker , KC Claffy

Hundreds of thousands of malicious domains are created everyday. These malicious domains are hosted on a wide variety of network infrastructures. Traditionally, attackers utilize bullet proof hosting services (e.g. MaxiDed, Cyber Bunker) to…

Cryptography and Security · Computer Science 2021-11-30 Nimesha Wickramasinghe , Mohamed Nabeel , Kenneth Thilakaratne , Chamath Keppitiyagama , Kasun De Zoysa

TLS uses X.509 certificates for server authentication. A X.509 certificate is a complex document and various innocent errors may occur while creating/ using it. Also, many certificates belong to malicious websites and should be rejected by…

Cryptography and Security · Computer Science 2017-05-26 Sankalp Bagaria , R. Balaji , B. S. Bindhumadhava

Improperly configured domain name system (DNS) servers are sometimes used as packet reflectors as part of a DoS or DDoS attack. Detecting packets created as a result of this activity is logically possible by monitoring the DNS request and…

Networking and Internet Architecture · Computer Science 2021-11-10 Keiichi Shima , Ryo Nakamura , Kazuya Okada , Tomohiro Ishihara , Daisuke Miyamoto , Yuji Sekiya

To maintain the privacy of users' web browsing history, popular browsers encrypt their DNS traffic using the DNS-over-HTTPS (DoH) protocol. Unfortunately, encrypting DNS packets prevents many existing intrusion detection systems from using…

Cryptography and Security · Computer Science 2023-10-18 Sergio Salinas Monroy , Aman Kumar Gupta , Garrett Wahlstedt

Domain Name System (DNS) is a critical component of the Internet infrastructure, responsible for translating domain names into IP addresses. However, DNS is vulnerable to some malicious attacks, including DNS cache poisoning, which…

Cryptography and Security · Computer Science 2023-12-08 Yufan Fu , Jiuqi Wei , Ying Li , Botao Peng , Xiaodong Li

Detection of malware-infected computers and detection of malicious web domains based on their encrypted HTTPS traffic are challenging problems, because only addresses, timestamps, and data volumes are observable. The detection problems are…

Machine Learning · Computer Science 2019-06-24 Paul Prasse , Rene Knaebel , Lukas Machlica , Tomas Pevny , Tobias Scheffer

Internet miscreants increasingly utilize short-lived disposable domains to launch various attacks. Existing detection mechanisms are either too late to catch such malicious domains due to limited information and their short life spans or…

Cryptography and Security · Computer Science 2025-02-17 Fatih Deniz , Mohamed Nabeel , Ting Yu , Issa Khalil

The Domain Name System (DNS) is essential for the Internet, giving a mechanism to resolve hostnames into Internet Protocol (IP) addresses. DNS is known as the world's largest distributed database that manages hostnames and Internet…

Cryptography and Security · Computer Science 2021-08-31 Hassnain ul hassan , Rizal Mohd Nor , Md Amiruzzaman , Sharyar Wani , Md. Rajibul Islam

The persistent threat posed by malicious domain names in cyber-attacks underscores the urgent need for effective detection mechanisms. Traditional machine learning methods, while capable of identifying such domains, often suffer from high…

Cryptography and Security · Computer Science 2025-02-24 Daiki Chiba , Hiroki Nakano , Takashi Koide

DNS Security Extensions (DNSSEC) provide the most effective way to fight DNS cache poisoning attacks. Yet, very few DNS resolvers perform DNSSEC validation. Identifying such systems is non-trivial and the existing methods are not suitable…

Cryptography and Security · Computer Science 2024-06-06 Yevheniya Nosyk , Maciej Korczyński , Andrzej Duda

In this paper we introduce an intrusion detection system for Denial of Service (DoS) attacks against Domain Name System (DNS). Our system architecture consists of two most important parts: a statistical preprocessor and a neural network…

Cryptography and Security · Computer Science 2009-12-10 Samaneh Rastegari , M. Iqbal Saripan , Mohd Fadlee A. Rasid

Malicious web domains represent a big threat to web users' privacy and security. With so much freely available data on the Internet about web domains' popularity and performance, this study investigated the performance of well-known machine…

Cryptography and Security · Computer Science 2019-02-26 Zhongyi Hu , Raymond Chiong , Ilung Pranata , Willy Susilo , Yukun Bao

Virtually every Internet communication typically involves a Domain Name System (DNS) lookup for the destination server that the client wants to communicate with. Operators of DNS recursive resolvers---the machines that receive a client's…

Networking and Internet Architecture · Computer Science 2022-01-25 Paul Schmitt , Anne Edmundson , Nick Feamster

With web applications becoming a preferred method of presenting graphical user interfaces to users, software vulnerabilities affecting web applications are becoming more and more prevalent and devastating. Some of these vulnerabilities,…

Cryptography and Security · Computer Science 2019-08-14 Michael Flanders

Detecting and intercepting malicious requests are one of the most widely used ways against attacks in the network security. Most existing detecting approaches, including matching blacklist characters and machine learning algorithms have all…

Machine Learning · Computer Science 2020-11-13 Wenhao Li , Bincheng Zhang , Jiajie Zhang