In a world that relies heavily on data, protection of that data and of the motion of that
data is of the utmost importance. Covert communication channels attempt to circumvent
established methods of control, such as rewalls and proxies, by utilizing non-standard
means of getting messages between two endpoints. The Domain Name System (DNS), the
system that translates text-based resource names into machine-readable resource records,
is a very common and e ective platform upon which covert channels can be built. This
work proposes, and demonstrates the e ectiveness of, a novel technique that estimates
data transmission throughput over DNS in order to identify the existence of a DNS tunnel
against the background noise of legitimate network tra c. The proposed technique is
robust in the face of the obfuscation techniques that are able to hide tunnels from existing
detection methods.
| Identifer | oai:union.ndltd.org:MANITOBA/oai:mspace.lib.umanitoba.ca:1993/23550 |
| Date | 22 April 2014 |
| Creators | Himbeault, Michael |
| Contributors | Baltes, Jacky (Computer Science) McLeod, Bob (Electrical and Computer Engineering), Card, Paul (Electrical & Computer Engineering) Atrey, Pradeep (Applied Computer Sciences, University of Winnipeg) |
| Source Sets | University of Manitoba Canada |
| Detected Language | English |
Page generated in 0.0018 seconds