Summary of DNS traffic filtering trends as a component of modern information systems security
Abstract
The study analyzes sources related to methods and technologies for DNS (Domain Name System) traffic filtering. Five main directions are identified that are actively used to enhance security at the DNS level. All examined technologies offer improvements in the quality of DNS filtering. It is emphasized that combining different approaches simultaneously can enhance overall security. The summary of research results on DNS traffic security issues indicates certain problems in the quality of the threat intelligence channels used. Therefore, the implementation of AI and LM technologies should enhance the "depth" of extracting useful information about current threats. It is emphasized that the consideration of information security issues should be conducted exclusively in the context of preventing the disparity of artificial intelligence (AI) capabilities in favor of the adversary (i.e., cybercriminals). Practically, this means that future DNS filtering systems should widely implement the latest advancements in VR, AI, LM, and DL technologies. This is particularly important in countering Domain Generation Algorithm (DGA) mechanisms and the spread of botnets. The specific issues of ensuring a consensus on the security and performance of current information and communication systems when implementing DNS encryption tools are highlighted. The primary problem associated with DNS traffic encryption is the potential for its misuse by attackers to conceal their destructive activities (phishing, spam, etc.).
Downloads
References
What is DNS? https://www.cloudflare.com/learning/dns/what-is-dns/
Погоріла, К., Лєсная, Ю., Богданова, Є., & Малахов, С. (2022). Соціальний інжиніринг, як фактор реалізації інсайдерських загроз. Scientific Collection «InterConf», (111): with the Proceedings of the 1st International Scientific and Practical Conference «Scientific Community: Interdisciplinary Research» (June 6-8, 2022). Boston, USA; pp. 494-501. https://archive.interconf.center/index.php/conference-proceeding/article/view/645/666
Лєсная, Ю., Малахов, С. Узагальнення основних передумов реалізації фішингових атак. Proceedings of the XVII International Scientific and Practical Conference. Ankara, Turkey. 2023. Pp.453-457. https://doi.org/10.46299/ISG.2023.1.17
What is DNS filtering? https://www.cloudflare.com/learning/access-management/what-is-dns-filtering/
Яремчук, К., Воскобойников, Д., & Мелкозьорова, О. (2022). Сучасні загрози та способи забезпечення безпеки веб-застосунків. Комп’ютерні науки та кібербезпека, (2), 28-34. https://doi.org/10.26565/2519-2310-2022-2-03
Богданова, Є., Чорна, Т., & Малахов, С. (2022). Огляд поточного стану загроз, що обумовлені впливом експлойтів. Комп’ютерні науки та кібербезпека, (2), 35-40.
https://doi.org/10.26565/2519-2310-2022-2-04
Кохановська, Т., Нарежний, О., & Дьяченко, О. (2020). Дослідження можливостей технології Honeypot. Комп’ютерні науки та кібербезпека, 1(1), 33-42. https://doi.org/10.26565/2519-2310-2020-1-03
Михайленко Д., Нємцев М. Особливості технології мережевих пасток як інструменту активного захисту та аналізу дій атакуючої сторони. Proceedings of the XXI International Scientific and Practical Conference. Melbourne, Australia. 2023. Pp. 483-487. https://doi.org/10.46299/ISG.2023.1.21
Січкар, М., & Малахов, С. (2024). Узагальнення особливостей відомих засобів міжмережевого екранування. Proceedings of the XXI International Scientific and Practical Conference. Sofia, Bulgaria. 2024. Pp. 370-376. https://doi.org/10.46299/ISG.2024.1.21
What is a Threat Intelligence Feed? https://www.crowdstrike.com/cybersecurity-101/threat-intelligence/threat-intelligence-feeds/
Guofei Gu, Junjie Zhang & Wenke Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. URL: https://people.engr.tamu.edu/guofei/paper/Gu_NDSS08_botSniffer.pdf
How Does a DNS Amplification Attack Work? (2024). Check Point. https://www.checkpoint.com/cyber-hub/network-security/what-is-dns-security/what-is-a-dns-amplification-attack/
Albulayhi, K., Smadi, A., Sheldon, F., & Abercrombie, R. (2021). IoT Intrusion Detection Taxonomy, Reference Architecture, and Analyses. Sensors, (6432), 21. https://doi.org/10.3390/s21196432
Коробейнікова, Т., & Федчук, Т. (2024). Огляд протоколів DNS, DOH та DOT. Collection of Scientific Papers «ΛΌГOΣ», (March 1, 2024; Paris, France), 253–256. https://doi.org/10.36074/logos-01.03.2024.056
Гайкова, В., & Малахов, С. (2021). Аналіз факторів і умов реалізації кібербулінгу з урахуванням можливостей сучасних інформаційних систем. Комп’ютерні науки та кібербезпека, (1), 50-59. https://doi.org/10.26565/2519-2310-2021-1-04
Hugo M. Connery. DNS Response Policy Zones History, Overview, Usage and Research. URL: https://www.dnsrpz.info/RPZ-History-Usage-Research.pdf
What Are Domain Generation Algorithms? URL: https://www.akamai.com/glossary/what-are-dgas
Anhar Haneef. On the Scalable Generation of Cyber Threat Intelligence from Passive DNS Streams URL: http://surl.li/phbham
Keijo Korte. Measuring the quality of Open Source Cyber Threat Intelligence Feeds. URL: http://surl.li/yhiqoe
Vector Guo Li, Matthew Dunn, Paul Pearce, Damon McCoy, Geoffrey M. Voelker, Stefan Savage, Kirill Levchenko. Reading the Tea Leaves: A Comparative Analysis of Threat Intelligence, URL: https://www.usenix.org/system/files/sec19-li-vector_guo.pdf
Constantinos Patsakis, Fran Casino. Exploiting Statistical and Structural Features for the Detection of Domain Generation Algorithms. URL: https://arxiv.org/pdf/1912.05849
Joewie J. Koh, Barton Rhodes. Inline Detection of Domain Generation Algorithms with Context-Sensitive Word Embeddings. URL: https://arxiv.org/pdf/1811.08705
Amara Dinesh Kumar, Harish Thodupunoori, R. Vinayakumar, K. P. Soman, Prabaharan Poornachandran, Mamoun Alazab, and Sitalakshmi Venkatraman. Enhanced Domain Generating
Algorithm Detection Based on Deep Neural Networks. URL http://surl.li/sgufmu
Minzhao Lyu, Hassan Habibi Gharakheili, Vijay Sivaraman. A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques. URL: https://arxiv.org/pdf/2201.00900
Chaoyi Lu, Baojun Liu, Zhou Li, Shuang Hao, Haixin Duan, Mingming Zhang, Chunying Leng, Ying Liu, Zaifeng Zhang & Jianping Wu. An End-to-End, Large-Scale Measurement of
DNS-over-Encryption: How Far Have We Come? URL: http://surl.li/ebouep
Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, Carmela Troncoso. Encrypted DNS - Privacy? A Traffic Analysis Perspective. URL: https://arxiv.org/abs/1906.09682
Hugo M. Connery. DNS Response Policy Zones History, Overview, Usage and Research. URL: https://www.dnsrpz.info/RPZ-History-Usage-Research.pdf
Скибун, О. (2023). Фішинг та фішери в сучасному світі. Grail of Science, (23), 259–264. https://doi.org/10.36074/grail-of-science.23.12.2022.38
Hikaru Ichise, Yong Jin & Katsuyoshi Iida. Policy-based Detection and Blocking System for Abnormal Direct Outbound DNS Queries using RPZ. URL: https://eprints.lib.hokudai.ac.jp/dspace/handle/2115/86951
Kamal Alieyan, Ammar Almomani, Ahmad Manasrah, Mohammed M. Kadhum. A survey of botnet detection based on DNS. URL: http://surl.li/vqinqn
Hyunsang Choi, Hanwoo Lee, Heejo Lee, Hyogon Kim. Botnet Detection by Monitoring Group Activities in DNS Traffic. URL: http://surl.li/nbbypc
David Zhao, Issa Traore, Bassam Sayed, Wei Lu, Sherif Saad, Ali Ghorbani, Dan Garant. Botnet detection based on traffic behavior analysis and flow intervals. URL: http://surl.li/ydwehw
Чепель, Д., Малахов, С. & Колованова, Є. (2024). Огляд можливостей фільтрації DNS, як інструмента безпеки сучасних інформаційних систем. Grail of Science, (42), 395–398. https://doi.org/10.36074/grail-of-science.02.08.2024
Copyright (c) 2024 Computer Science and Cybersecurity
This work is licensed under a Creative Commons Attribution 4.0 International License.
