Detection of DNS-Based Covert Channels
ABSTRACT
A compromised network will normally have some form of covert communication system installed. Covert communication channels can take many forms and can remain undetected until a major data breach has taken place. Compromised networks allow hackers to access private and confidential information so that they can engage in illegal behaviours such as data exfiltration. This article demonstrates that DNS-based covert channels have particular traffic signatures that can be detected in order to mitigate data exfiltration and malware command, and to control traffic.
AUTHORS
School of Informatics and Engineering Institute of Technology Blanchardstown, Dublin
Ireland
Stephen Sheridan has held a fulltime lecturing position in the Institute of Technology Blanchardstown (ITB) since 2001 and is a member of ITB’s Security Research group. Stephen has been responsible for the design and delivery of a wide range of Computer Science modules including Java Programming, Data Structures and Algorithms, Derivation of Algorithms and Computational Intelligence. Stephen’s research interests include information security, covert channels, computational intelligence, and formal methods.
School of Informatics and Engineering
Institute of Technology Blanchardstown
Dublin, Ireland
Dr. Anthony Keane is currently the Head of Department of Informatics at the Institute of Technology in Blanchardstown (ITB). He is also a principle investigator in the Security Research Lab, located in the Learning & Innovation Centre in ITB where he has several master and doctoral research students working with industrial partners such as IBM, Dell, BH-Consulting, and Rits. Dr. Keane’s main research areas cover Network and Cyber Security, Digital and Cloud Forensics, Internet Safety, and Cyber Bullying. Dr. Keane has a BSc (Physics) from University College Galway (1986), an MSc from University College London (1992) and PhD (Astrophysics) from University College Dublin (1997).
Before joining the Institute of Technology Blanchardstown in 1999, Dr. Keane worked as a computer consultant and software engineer in London and as a research assistant in the Cosmic Physics Section of the Dublin Institute for Advanced Studies (DIAS). Currently serving as a board member of InfoSecurity Ireland (ISI), IRISS, and the Irish Chapter of the Cloud Security Alliance, Dr. Keane is a Fellow of the Irish Computer Society and member of the Third Level Computer Forum. As an Irish academic contact for the European Network and Information Security Agency (ENISA), he has helped organize events in security awareness and training, funded through the EU.
Published In
Journal of Information Warfare
The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.
Quick Links
Archive