Text analysis of DNS queries for data exfiltration protection of computer networks

Text analysis of DNS queries for data exfiltration protection of computer networks

The paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain n...

Full description

Saved in:
Bibliographic Details
Main Authors: Ya. V. Bubnov, N. N. Ivanov
Format: Article
Language:Russian
Published: National Academy of Sciences of Belarus, the United Institute of Informatics Problems 2020-09-01
Series:Informatika
Subjects:
domain name system
computer network security
data exfiltration
text classification
convolutional neural network
Online Access:https://inf.grid.by/jour/article/view/1057
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain name. The DNS requests that transfer stolen information from a host infected by malicious software to an external host controlled by a malefactor are considered. The paper proposes a method of detecting such DNS requests based on text classification of domain names by convolutional neural network. The efficiency of the method is based on assumption that domain names exploited for data exfiltration differ from domain names formed from words of natural language. To classify the requests in convolutional neural network the use of character embedding for representing the string of a domain name is proposed. Quality evaluation of the trained neural network used for recognition of data exfiltration through domain name system using ROC-analysis is performed.The paper presents the software architecture used for deployment of trained neural network into existing infrastructure of the domain name system targeting practical computer networks protection from data exfiltration. The architecture implies creation of response policy zones for blocking of individual requests, classified as malicious.
ISSN:1816-0301

Similar Items