Summary of DNS traffic filtering trends as a component of modern information systems security

  • Danylo Chepel CSD Student (master), Department of Security of Information Systems and Technologies, V. N. Karazin Kharkiv National University, Ukraine https://orcid.org/0009-0009-7449-8095
  • Serhii Malakhov Ph.D., Senior Researcher, Computer Science Department, V.N. Karazin Kharkiv National University, Ukraine https://orcid.org/0000-0001-8826-1616
Keywords: DNS, DGA, RPZ, information security, traffic filtering

Abstract

The study analyzes sources related to methods and technologies for DNS (Domain Name System) traffic filtering. Five main directions are identified that are actively used to enhance security at the DNS level. All examined technologies offer improvements in the quality of DNS filtering. It is emphasized that combining different approaches simultaneously can enhance overall security. The summary of research results on DNS traffic security issues indicates certain problems in the quality of the threat intelligence channels used. Therefore, the implementation of AI and LM technologies should enhance the "depth" of extracting useful information about current threats. It is emphasized that the consideration of information security issues should be conducted exclusively in the context of preventing the disparity of artificial intelligence (AI) capabilities in favor of the adversary (i.e., cybercriminals). Practically, this means that future DNS filtering systems should widely implement the latest advancements in VR, AI, LM, and DL technologies. This is particularly important in countering Domain Generation Algorithm (DGA) mechanisms and the spread of botnets. The specific issues of ensuring a consensus on the security and performance of current information and communication systems when implementing DNS encryption tools are highlighted. The primary problem associated with DNS traffic encryption is the potential for its misuse by attackers to conceal their destructive activities (phishing, spam, etc.).

Downloads

Download data is not yet available.

References

What is DNS? https://www.cloudflare.com/learning/dns/what-is-dns/

Погоріла, К., Лєсная, Ю., Богданова, Є., & Малахов, С. (2022). Соціальний інжиніринг, як фактор реалізації інсайдерських загроз. Scientific Collection «InterConf», (111): with the Proceedings of the 1st International Scientific and Practical Conference «Scientific Community: Interdisciplinary Research» (June 6-8, 2022). Boston, USA; pp. 494-501. https://archive.interconf.center/index.php/conference-proceeding/article/view/645/666

Лєсная, Ю., Малахов, С. Узагальнення основних передумов реалізації фішингових атак. Proceedings of the XVII International Scientific and Practical Conference. Ankara, Turkey. 2023. Pp.453-457. https://doi.org/10.46299/ISG.2023.1.17

What is DNS filtering? https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/

Яремчук, К., Воскобойников, Д., & Мелкозьорова, О. (2022). Сучасні загрози та способи забезпечення безпеки веб-застосунків. Комп’ютерні науки та кібербезпека, (2), 28-34. https://doi.org/10.26565/2519-2310-2022-2-03

Богданова, Є., Чорна, Т., & Малахов, С. (2022). Огляд поточного стану загроз, що обумовлені впливом експлойтів. Комп’ютерні науки та кібербезпека, (2), 35-40.

https://doi.org/10.26565/2519-2310-2022-2-04

Кохановська, Т., Нарежний, О., & Дьяченко, О. (2020). Дослідження можливостей технології Honeypot. Комп’ютерні науки та кібербезпека, 1(1), 33-42. https://doi.org/10.26565/2519-2310-2020-1-03

Михайленко Д., Нємцев М. Особливості технології мережевих пасток як інструменту активного захисту та аналізу дій атакуючої сторони. Proceedings of the XXI International Scientific and Practical Conference. Melbourne, Australia. 2023. Pp. 483-487. https://doi.org/10.46299/ISG.2023.1.21

Січкар, М., & Малахов, С. (2024). Узагальнення особливостей відомих засобів міжмережевого екранування. Proceedings of the XXI International Scientific and Practical Conference. Sofia, Bulgaria. 2024. Pp. 370-376. https://doi.org/10.46299/ISG.2024.1.21

What is a Threat Intelligence Feed? https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/threat-intelligence-feeds/

Guofei Gu, Junjie Zhang & Wenke Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. URL: https://people.engr.tamu.edu/guofei/paper/Gu_NDSS08_botSniffer.pdf

How Does a DNS Amplification Attack Work? (2024). Check Point. https://www.checkpoint.com/cyber-hub/network-security/what-is-dns-security/what-is-a-dns-amplification-attack/

Albulayhi, K., Smadi, A., Sheldon, F., & Abercrombie, R. (2021). IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses. Sensors, (6432), 21. https://doi.org/10.3390/s21196432

Коробейнікова, Т., & Федчук, Т. (2024). Огляд протоколів DNS, DOH та DOT. Collection of Scientific Papers «ΛΌГOΣ», (March 1, 2024; Paris, France), 253–256. https://doi.org/10.36074/logos-01.03.2024.056

Гайкова, В., & Малахов, С. (2021). Аналіз факторів і умов реалізації кібербулінгу з урахуванням можливостей сучасних інформаційних систем. Комп’ютерні науки та кібербезпека, (1), 50-59. https://doi.org/10.26565/2519-2310-2021-1-04

Hugo M. Connery. DNS Response Policy Zones History, Overview, Usage and Research. URL: https://www.dnsrpz.info/RPZ-History-Usage-Research.pdf

What Are Domain Generation Algorithms? URL: https://www.akamai.com/glossary/what-are-dgas

Anhar Haneef. On the Scalable Generation of Cyber Threat Intelligence from Passive DNS Streams URL: http://surl.li/phbham

Keijo Korte. Measuring the quality of Open Source Cyber Threat Intelligence Feeds. URL: http://surl.li/yhiqoe

Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M. Voelker, Stefan Savage, Kirill Levchenko. Reading the Tea Leaves: A Comparative Analysis of Threat Intelligence, URL: https://www.usenix.org/system/files/sec19-li-vector_guo.pdf

Constantinos Patsakis, Fran Casino. Exploiting Statistical and Structural Features for the Detection of Domain Generation Algorithms. URL: https://arxiv.org/pdf/1912.05849

Joewie J. Koh, Barton Rhodes. Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings. URL: https://arxiv.org/pdf/1811.08705

Amara Dinesh Kumar, Harish Thodupunoori, R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, Mamoun Alazab, and Sitalakshmi Venkatraman. Enhanced Domain Generating

Algorithm Detection Based on Deep Neural Networks. URL http://surl.li/sgufmu

Minzhao Lyu, Hassan Habibi Gharakheili, Vijay Sivaraman. A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques. URL: https://arxiv.org/pdf/2201.00900

Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang & Jianping Wu. An End-to-End, Large-Scale Measurement of

DNS-over-Encryption: How Far Have We Come? URL: http://surl.li/ebouep

Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso. Encrypted DNS - Privacy? A Traffic Analysis Perspective. URL: https://arxiv.org/abs/1906.09682

Hugo M. Connery. DNS Response Policy Zones History, Overview, Usage and Research. URL: https://www.dnsrpz.info/RPZ-History-Usage-Research.pdf

Скибун, О. (2023). Фішинг та фішери в сучасному світі. Grail of Science, (23), 259–264. https://doi.org/10.36074/grail-of-science.23.12.2022.38

Hikaru Ichise, Yong Jin & Katsuyoshi Iida. Policy-based Detection and Blocking System for Abnormal Direct Outbound DNS Queries using RPZ. URL: https://eprints.lib.hokudai.ac.jp/dspace/handle/2115/86951

Kamal Alieyan, Ammar Almomani, Ahmad Manasrah, Mohammed M. Kadhum. A survey of botnet detection based on DNS. URL: http://surl.li/vqinqn

Hyunsang Choi, Hanwoo Lee, Heejo Lee, Hyogon Kim. Botnet Detection by Monitoring Group Activities in DNS Traffic. URL: http://surl.li/nbbypc

David Zhao, Issa Traore, Bassam Sayed, Wei Lu, Sherif Saad, Ali Ghorbani, Dan Garant. Botnet detection based on traffic behavior analysis and flow intervals. URL: http://surl.li/ydwehw

Чепель, Д., Малахов, С. & Колованова, Є. (2024). Огляд можливостей фільтрації DNS, як інструмента безпеки сучасних інформаційних систем. Grail of Science, (42), 395–398. https://doi.org/10.36074/grail-of-science.02.08.2024

Published
2024-09-09
Cited
How to Cite
Danylo Chepel, & Serhii Malakhov. (2024). Summary of DNS traffic filtering trends as a component of modern information systems security. Computer Science and Cybersecurity, (1), 6-21. https://doi.org/10.26565/2519-2310-2024-1-01
Section
Статті