Data Exfiltration

Detection of DNS-Based Covert Channels

ABSTRACT

A compromised network will normally have some form of covert communication system installed. Covert communication channels can take many forms and can remain undetected until a major data breach has taken place. Compromised networks allow hackers to access private and confidential information so that they can engage in illegal behaviours such as data exfiltration. This article demonstrates that DNS-based covert channels have particular traffic signatures that can be detected in order to mitigate data exfiltration and malware command, and to control traffic.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com