Yarin Ozery (Ben-Gurion University of the Negev, Akamai Technologies inc.), Asaf Nadler (Ben-Gurion University of the Negev), Asaf Shabtai (Ben-Gurion University of the Negev)

Data exfiltration over the DNS protocol and its detection have been researched extensively in recent years. Prior studies focused on offline detection methods, which although capable of detecting attacks, allow a large amount of data to be exfiltrated before the attack is detected and dealt with. In this paper, we introduce Information-based Heavy Hitters (ibHH), a real-time detection method which is based on live estimations of the amount of information transmitted to registered domains. ibHH uses constant-size memory and supports constant-time queries, which makes it suitable for deployment on recursive DNS servers to further reduce detection and response time. In our eval- uation, we compared the performance of the proposed method to that of leading state-of-the-art DNS exfiltration detection methods on real-world datasets comprising over 250 billion DNS queries. The evaluation demonstrates ibHH’s ability to successfully detect exfiltration rates as slow as 0.7B/s, with a false positive alert rate of less than 0.004, with significantly lower resource consumption compared to other methods.

View More Papers

Towards Real-time Voice Interaction Data Collection Monitoring and Ambient...

Tu Le (University of California, Irvine), Zixin Wang (Zhejiang University), Danny Yuxing Huang (New York University), Yaxing Yao (Virginia Tech), Yuan Tian (University of California, Los Angeles)

Read More

Secret-Shared Shuffle with Malicious Security

Xiangfu Song (National University of Singapore), Dong Yin (Ant Group), Jianli Bai (The University of Auckland), Changyu Dong (Guangzhou University), Ee-Chien Chang (National University of Singapore)

Read More

IDA: Hybrid Attestation with Support for Interrupts and TOCTOU

Fatemeh Arkannezhad (UCLA), Justin Feng (UCLA), Nader Sehatbakhsh (UCLA)

Read More

Separation is Good: A Faster Order-Fairness Byzantine Consensus

Ke Mu (Southern University of Science and Technology, China), Bo Yin (Changsha University of Science and Technology, China), Alia Asheralieva (Loughborough University, UK), Xuetao Wei (Southern University of Science and Technology, China & Guangdong Provincial Key Laboratory of Brain-inspired Intelligent Computation, SUSTech, China)

Read More