A novel approach to detecting covert DNS tunnels using throughput estimation
Loading...
Date
2014-04-22
Authors
Himbeault, Michael
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
In a world that relies heavily on data, protection of that data and of the motion of that
data is of the utmost importance. Covert communication channels attempt to circumvent
established methods of control, such as rewalls and proxies, by utilizing non-standard
means of getting messages between two endpoints. The Domain Name System (DNS), the
system that translates text-based resource names into machine-readable resource records,
is a very common and e ective platform upon which covert channels can be built. This
work proposes, and demonstrates the e ectiveness of, a novel technique that estimates
data transmission throughput over DNS in order to identify the existence of a DNS tunnel
against the background noise of legitimate network tra c. The proposed technique is
robust in the face of the obfuscation techniques that are able to hide tunnels from existing
detection methods.
Description
Keywords
dns, network security, entropy, covert channels