Deteksi Tunneling Domain Name System dengan Fitur Cache Property

Zalfa Hilmi Abdilah(1), Atep Aulia Rahman(2*),

(1) Universitas Widyatama, Bandung, Jawa Barat, Indonesia
(2) Universitas Widyatama, Bandung, Jawa Barat, Indonesia
(*) Corresponding Author

Abstract


Many companies and agencies are being attacked with data exfiltration. The attack was carried out through malware from the target by exploiting secret channels and abusing the domain system. (DNS). By creating a virus by an attacker that can infect the target malware, it will generate a client tunelling, so that the attacker can enter through the communication channels he has created to the target Malware. Attackers can control malware remotely and steal data that leaks data from targets, which will affect the profitability of companies and agencies. Therefore, the author prioritizes the traces left behind of DNS tuneling that cannot be hidden by proposing the property cache feature as a method of detecting DNS tuning

Full Text:

PDF

References


Ishikura, Naotake, et al. "Cache-property-aware features for dns tunneling detection" 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN). IEEE, 2020.

M. Al-Kasassbeh and T. Khairallah, “Winning tactics with DNS tunnelling” Netw. Security, vol. 2019, no. 12, pp. 12–19, 2019.

Oskar Pearson, DNS Tunnel - through bastion hosts, 1998, [Online]. Available: https://seclists.org/bugtraq/1998/Apr/79.

Greg Farnham, Detecting DNS tunneling, 2013, https://www.sans.org/readingroom/whitepapers/dns/detecting-dns-tunneling-34152.

E. Skoudis, The six most dangerous new attack techniques and what is coming next? [Online]. Availabel: https://blogs.sans.org/pentesting/files/2012/ 03/RSA-2012-EXP-108-Skoudis-Ullrich.pdf.

(2014). New FrameworkPOS Variant Exfiltrates Data via DNS Requests. [Online]. Available: https://www.gdatasoftware.com/blog/ 2014/10/23942-new-frameworkpos-variant-exfiltrates-data-via-dns-

K. Born and D. Gustafson, “Detecting DNS tunnels using charac-ter frequency analysis” 2010. [Online]. Available: https://arxiv.org/abs/ 1004.4358.

S. Chen, B. Lang, H. Liu, D. Li, and C. Gao, “DNS covert channel detection method using the LSTM model” Comput. Security, vol. 104, May 2021, Art. no. 102095.

(2011). Morto Worm Sets a (DNS) Record. [Online]. Available: https://community.broadcom.com/symantecenterprise/communities/ community home/librarydocuments/viewdocument?DocumentKey= 268f079a-2bb8-4775-9ef9-1b02e32ca55d&CommunityKey=1ecf5f55- 9545-44d6-b0f4-4e4a7f5f5e68&tab=librarydocumentsdnscat2. Accessed: Mar. 18, 2021. [Online]. Available: https://github. com/iagox86/dnscat2.

G. K. Zipf, Human Behavior and the Principle of Least Effort. Cambridge, MA, USA: Addison-Wesley, 1949.

Wijaya, Sandi. 2004, Mekanisme dan Implementasi Cache Poisoning Pada DNS Server. Bandung: ITB.

C. Qi, X. Chen, C. Xu, J. Shi, and P. Liu, “A bigram based real time DNS tunnel detection approach” Procedia Comput. Sci., vol. 17, pp. 852–860, 2013.

Technitium DNS. PostProcessQueryAsync. https://github.com/ TechnitiumSoftware/DnsServer/blob/v11.0.1/DnsServerCore/Dns/ DnsServer.cs#L985, 2023.

Anugrah, Faula Tanang, Syariful Ikhwan, dan Jafaruddin Gusti AG. "Implementasi Intrusion Prevention System (IPS) Menggunakan Suricata Untuk Serangan SQL Injection." Teknik: Jurnal Ilmiah Elektroteknika 21.2 (2022): 199-210.




DOI: http://dx.doi.org/10.30645/jurasik.v9i1.719

DOI (PDF): http://dx.doi.org/10.30645/jurasik.v9i1.719.g694

Refbacks

  • There are currently no refbacks.



JURASIK (Jurnal Riset Sistem Informasi dan Teknik Informatika)
Published Papers Indexed/Abstracted By:

Jumlah Kunjungan : View My Stats