Detection of DNS Tunneling in Mobile Networks Using Machine Learning | SpringerLink
Skip to main content
Springer Nature Link
Log in

Detection of DNS Tunneling in Mobile Networks Using Machine Learning

  • Conference paper
  • First Online:
Information Science and Applications 2017 (ICISA 2017)

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 424))

Included in the following conference series:

  • 3274 Accesses

Abstract

Lately, costly and threatening DNS tunnels on the mobile networks bypassing the mobile operator’s Policy and Charging Enforcement Function (PCEF), has shown the vulnerability of the mobile networks caused by the Domain Name System (DNS) which calls for protection solutions. Unfortunately there is currently no really adequate solution. This paper proposes to use machine learning techniques in the detection and mitigation of a DNS tunneling in mobile networks. Two machine learning techniques, namely One Class Support Vector Machine (OCSVM) and K-Means are experimented and the results prove that machine learning techniques could yield quite efficient detection solutions. The paper starts with a comprehensive introduction to DNS tunneling in mobile networks. Next the challenges in DNS tunneling detections are reviewed. The main part of the paper is the description of proposed DNS tunneling detection using machine learning.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
JPY 3498
Price includes VAT (Japan)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
JPY 34319
Price includes VAT (Japan)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
JPY 42899
Price includes VAT (Japan)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
JPY 42899
Price includes VAT (Japan)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. IETF: RFC 1034 Domain names – concepts and facilities, Internet standard, November 1987

    Google Scholar 

  2. IETF: RFC 1035 Domain names - Implementation and specification - Internet standard, November 1987

    Google Scholar 

  3. Pure Hacking: Reverse DNS Tunneling – Staged Loading Shellcode, Ty Miller, Blackhat (2008)

    Google Scholar 

  4. Ayaya: Black Ops of DNS, Dan Kaminsky, Blackhat (2004)

    Google Scholar 

  5. OzymanDNS – Dan Kaminsky (2004). https://dankaminsky.com/2004/07/29/51/

  6. Dns2tcp - Hervé Schauer Consultants. http://www.hsc.fr/ressources/outils/dns2tcp/

  7. Iodine. http://code.kryo.se/iodine/

  8. Heyoka. http://heyoka.sourceforge.net/

  9. DNScat. http://tadek.pietraszek.org/projects/DNScat/

  10. MagicTunnel. http://www.magictunnel.net/

  11. Element53 – Sander Nijhof. https://nijhof.biz/element53/

  12. VPN over DNS. https://www.vpnoverdns.com/

  13. SANS Institute: Data Charging Bypass - How your IDS can help, Hassan Mourad, September 2014

    Google Scholar 

  14. SANS Institute: Detecting DNS Tunneling, Greg Farnham, February 2013

    Google Scholar 

  15. Bianco, D.: A traffic-analysis approach to detecting DNS tunnels. http://blog.vorant.com/2006/05/traffic-analysis-approach-to-detecting.html. Accessed 3 May 2006

  16. Pietraszek, T.: Dnscat. http://tadek.pietraszek.org/projects/DNScat/. Accessed 31 Oct 2004

  17. Heavy Reading: DNS Security for Service Providers: An Active Approach at L7 – White Paper – Patrick Donegan, October 2015

    Google Scholar 

  18. Do, V.T., Engelstad, P., Feng, B., van Do, T.: Strengthening mobile network security using machine learning. In: Younas, M., Awan, I., Kryvinska, N., Strauss, C., van Thanh, D. (eds.) MobiWIS 2016. LNCS, vol. 9847, pp. 173–183. Springer, Heidelberg (2016). doi:10.1007/978-3-319-44215-0_14

    Google Scholar 

  19. Mitchell, T.M.: Machine Learning. Mcgraw-Hill Companies Inc, New York (1997). ISBN 0-47-042807-7

    MATH  Google Scholar 

  20. Manevitz, L.M., Yousef, M.: One-class SVMs for document classification. J. Mach. Learn. Res. 2, 139–154 (2002)

    MATH  Google Scholar 

  21. MacQueen, J.B.: Some methods for classification and analysis of multivariate observations. In: Proceedings of 5th Berkeley Symposium on Mathematical Statistics and Probability, pp. 281–297. University of California Press, Berkeley (1967). MR 0214227, Zbl 0214.46201, Accessed 07 Apr 2009

    Google Scholar 

  22. SlowDNS: A free VPN over DNS Tunneling Tool. http://slowdns.com/

  23. Bengio, Y.: Learning deep architectures for AI. Found. Trends Mach. Learn. 2, 1–127 (2009). doi:10.1561/2200000006

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Wolffia AS, Martin Linges vei 15, 1364, Fornebu, Norway

    Van Thuan Do

  2. Oslo and Akershus University College of Applied Sciences, Pilestredet 46, 0167, Oslo, Norway

    Paal Engelstad, Boning Feng & Thanh van Do

  3. Telenor ASA, Snarøyveien 30, 1331, Fornebu, Norway

    Thanh van Do

Authors
  1. Van Thuan Do
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paal Engelstad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Boning Feng
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Thanh van Do
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Thanh van Do .

Editor information

Editors and Affiliations

  1. Kyonggi University, Seongnam-si, Gyeonggi, Korea (Republic of)

    Kuinam Kim

  2. modelizeIT Inc., CEO and NYU , Stony Brook, New York, USA

    Nikolai Joukov

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer Nature Singapore Pte Ltd.

About this paper

Cite this paper

Do, V.T., Engelstad, P., Feng, B., van Do, T. (2017). Detection of DNS Tunneling in Mobile Networks Using Machine Learning. In: Kim, K., Joukov, N. (eds) Information Science and Applications 2017. ICISA 2017. Lecture Notes in Electrical Engineering, vol 424. Springer, Singapore. https://doi.org/10.1007/978-981-10-4154-9_26

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-4154-9_26

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-4153-2

  • Online ISBN: 978-981-10-4154-9

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation