DNS Tunnels are built through proper tools that allow embedding data on DNS queries and response. Each tool has its own approach to the building tunnels in DNS that differently affects the network performance. In this paper, we propose a brief architectural analysis of the current state-of-the-art of DNS Tunneling tools. Then, wepropose the first comparative analysis of such tools in term of pe...

Billions of packets traverse computer networks every day. Often, these packets have legitimate destinations such as buying a book at amazon.com or streaming a video. Unfortunately, malicious and suspicious network traffic continues to plague the Internet. One example is abusing the Domain Name System (DNS) protocol to exfiltrate sensitive data, establish backdoor tunnels, or control botnets. To...

This document describes the use of Transport Layer Security (TLS) to provide privacy for DNS. Encryption provided by TLS eliminates opportunities for eavesdropping and on-path tampering with DNS queries in the network, such as discussed in RFC 7626. In addition, this document specifies two usage profiles for DNS over TLS and provides advice on performance considerations to minimize overhead fro...

DNS servers often fail or have bad implementations of algorithms that decrease the efficiency of the DNS system. We introduce a method for clustering misconfigured DNS sources. Using machine learning methods, we analyzed 24 hours of DNS requests that were collected on the A-root DNS server. The 50 gigabyte data set was a log containing 10-40 million requests per hour. We selected the hour of 1:...

Billions of legitimate packets traverse computer networks every day. Unfortunately, malicious traffic also traverses these same networks. An example is traffic that abuses the Domain Name System (DNS) protocol to exfiltrate sensitive data, establish backdoor tunnels or control botnets. This paper describes the TRAPP-2 system, an extended version of the Tracking and Analysis for Peer-to-Peer (TR...

The Domain Name Service (DNS) is a critical core component of the global Internet and integral to the majority of corporate intranets. It provides resolution services between the human-readable name-based system addresses and the machine operable Internet Protocol (IP) based addresses required for creating network level connections. Whilst structured as a globally dispersed resilient tree data ...

Network packet transport services (namely the Internet) are subject to significant security issues. This paper aims to apply Machine Learning methods based on Neural Networks (Extreme Learning Machines or ELM) to analyze the Internet traffic in order to detect specific malicious activities. This is performed by classifying traffic for a key service run over the internet: the Domain Name System ...

As the hidden backbone of today's Internet, the Domain Name System (DNS) provides name resolution service for almost every networked application. To exploit the rich DNS query information for traffic engineering or user behavior analysis, both passive capturing and active probing techniques have been proposed in recent years. Despite its full visibility of DNS behaviors, the passive capturing t...