Back to Search Start Over

Text analysis of DNS queries for data exfiltration protection of computer networks

Authors :
Ya. V. Bubnov
N. N. Ivanov
Source :
Informatika, Vol 17, Iss 3, Pp 78-86 (2020)
Publication Year :
2020
Publisher :
The United Institute of Informatics Problems of the National Academy of Sciences of Belarus, 2020.

Abstract

The paper proposes effective method of computer network protection from data exfiltration by the system of domain names. Data exfiltration by Domain Name System (DNS) is an approach to conceal the transfer of confidential data to remote adversary using data encapsulation into the requesting domain name. The DNS requests that transfer stolen information from a host infected by malicious software to an external host controlled by a malefactor are considered. The paper proposes a method of detecting such DNS requests based on text classification of domain names by convolutional neural network. The efficiency of the method is based on assumption that domain names exploited for data exfiltration differ from domain names formed from words of natural language. To classify the requests in convolutional neural network the use of character embedding for representing the string of a domain name is proposed. Quality evaluation of the trained neural network used for recognition of data exfiltration through domain name system using ROC-analysis is performed.The paper presents the software architecture used for deployment of trained neural network into existing infrastructure of the domain name system targeting practical computer networks protection from data exfiltration. The architecture implies creation of response policy zones for blocking of individual requests, classified as malicious.

Details

Language :
Russian
ISSN :
18160301
Volume :
17
Issue :
3
Database :
Directory of Open Access Journals
Journal :
Informatika
Publication Type :
Academic Journal
Accession number :
edsdoj.19d6a06d3b47e19b53df81a841a0ab
Document Type :
article
Full Text :
https://doi.org/10.37661/1816-0301-2020-17-3-78-86