Detection of DNS-Based Covert Channels

ABSTRACT

A compromised network will normally have some form of covert communication system installed. Covert communication channels can take many forms and can remain undetected until a major data breach has taken place. Compromised networks allow hackers to access private and confidential information so that they can engage in illegal behaviours such as data exfiltration. This article demonstrates that DNS-based covert channels have particular traffic signatures that can be detected in order to mitigate data exfiltration and malware command, and to control traffic.


AUTHORS

Photo of Stephen Sheridan

School of Informatics and Engineering Institute of Technology Blanchardstown, Dublin
Ireland

Stephen Sheridan has held a fulltime lecturing position in the Institute of Technology Blanchardstown (ITB) since 2001 and is a member of ITB’s Security Research group. Stephen has been responsible for the design and delivery of a wide range of Computer Science modules including Java Programming, Data Structures and Algorithms, Derivation of Algorithms and Computational Intelligence. Stephen’s research interests include information security, covert channels, computational intelligence, and formal methods.

Photo of Dr. Anthony Keane

School of Informatics and Engineering

Institute of Technology Blanchardstown

Dublin, Ireland

Dr. Anthony Keane is currently the Head of Department of Informatics at the Institute of Technology in Blanchardstown (ITB). He is also a principle investigator in the Security Research Lab, located in the Learning & Innovation Centre in ITB where he has several master and doctoral research students working with industrial partners such as IBM, Dell, BH-Consulting, and Rits. Dr. Keane’s main research areas cover Network and Cyber Security, Digital and Cloud Forensics, Internet Safety, and Cyber Bullying. Dr. Keane has a BSc (Physics) from University College Galway (1986), an MSc from University College London (1992) and PhD (Astrophysics) from University College Dublin (1997). 

Before joining the Institute of Technology Blanchardstown in 1999, Dr. Keane worked as a computer consultant and software engineer in London and as a research assistant in the Cosmic Physics Section of the Dublin Institute for Advanced Studies (DIAS). Currently serving as a board member of InfoSecurity Ireland (ISI), IRISS, and the Irish Chapter of the Cloud Security Alliance, Dr. Keane is a Fellow of the Irish Computer Society and member of the Third Level Computer Forum. As an Irish academic contact for the European Network and Information Security Agency (ENISA), he has helped organize events in security awareness and training, funded through the EU.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

C

C2
C2S
CDX
CIA
CIP
CPS

I

IA
ICS

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.871.3949
  • jiw@gbpts.com