Text analysis of DNS queries for data exfiltration protection of computer networks
The paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain n...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | Russian |
| Published: |
National Academy of Sciences of Belarus, the United Institute of Informatics Problems
2020-09-01
|
| Series: | Informatika |
| Subjects: | |
| Online Access: | https://inf.grid.by/jour/article/view/1057 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832543445860745216 |
|---|---|
| author | Ya. V. Bubnov N. N. Ivanov |
| author_facet | Ya. V. Bubnov N. N. Ivanov |
| author_sort | Ya. V. Bubnov |
| collection | DOAJ |
| description | The paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain name. The DNS requests that transfer stolen information from a host infected by malicious software to an external host controlled by a malefactor are considered. The paper proposes a method of detecting such DNS requests based on text classification of domain names by convolutional neural network. The efficiency of the method is based on assumption that domain names exploited for data exfiltration differ from domain names formed from words of natural language. To classify the requests in convolutional neural network the use of character embedding for representing the string of a domain name is proposed. Quality evaluation of the trained neural network used for recognition of data exfiltration through domain name system using ROC-analysis is performed.The paper presents the software architecture used for deployment of trained neural network into existing infrastructure of the domain name system targeting practical computer networks protection from data exfiltration. The architecture implies creation of response policy zones for blocking of individual requests, classified as malicious. |
| format | Article |
| id | doaj-art-ae19d6a06d3b47e19b53df81a841a0ab |
| institution | Kabale University |
| issn | 1816-0301 |
| language | Russian |
| publishDate | 2020-09-01 |
| publisher | National Academy of Sciences of Belarus, the United Institute of Informatics Problems |
| record_format | Article |
| series | Informatika |
| spelling | doaj-art-ae19d6a06d3b47e19b53df81a841a0ab2025-02-03T11:40:29ZrusNational Academy of Sciences of Belarus, the United Institute of Informatics ProblemsInformatika1816-03012020-09-01173788610.37661/1816-0301-2020-17-3-78-86935Text analysis of DNS queries for data exfiltration protection of computer networksYa. V. Bubnov0N. N. Ivanov1Belarusian State University of Informatics and RadioelectronicsBelarusian State University of Informatics and RadioelectronicsThe paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain name. The DNS requests that transfer stolen information from a host infected by malicious software to an external host controlled by a malefactor are considered. The paper proposes a method of detecting such DNS requests based on text classification of domain names by convolutional neural network. The efficiency of the method is based on assumption that domain names exploited for data exfiltration differ from domain names formed from words of natural language. To classify the requests in convolutional neural network the use of character embedding for representing the string of a domain name is proposed. Quality evaluation of the trained neural network used for recognition of data exfiltration through domain name system using ROC-analysis is performed.The paper presents the software architecture used for deployment of trained neural network into existing infrastructure of the domain name system targeting practical computer networks protection from data exfiltration. The architecture implies creation of response policy zones for blocking of individual requests, classified as malicious.https://inf.grid.by/jour/article/view/1057domain name systemcomputer network securitydata exfiltrationtext classificationconvolutional neural network |
| spellingShingle | Ya. V. Bubnov N. N. Ivanov Text analysis of DNS queries for data exfiltration protection of computer networks Informatika domain name system computer network security data exfiltration text classification convolutional neural network |
| title | Text analysis of DNS queries for data exfiltration protection of computer networks |
| title_full | Text analysis of DNS queries for data exfiltration protection of computer networks |
| title_fullStr | Text analysis of DNS queries for data exfiltration protection of computer networks |
| title_full_unstemmed | Text analysis of DNS queries for data exfiltration protection of computer networks |
| title_short | Text analysis of DNS queries for data exfiltration protection of computer networks |
| title_sort | text analysis of dns queries for data exfiltration protection of computer networks |
| topic | domain name system computer network security data exfiltration text classification convolutional neural network |
| url | https://inf.grid.by/jour/article/view/1057 |
| work_keys_str_mv | AT yavbubnov textanalysisofdnsqueriesfordataexfiltrationprotectionofcomputernetworks AT nnivanov textanalysisofdnsqueriesfordataexfiltrationprotectionofcomputernetworks |