Suphannee Sivakorn (Columbia University), Kangkook Jee (NEC Labs America), Yixin Sun (Princeton University), Lauri Korts-Pärn (Cyber Defense Institute), Zhichun Li (NEC Labs America), Cristian Lumezanu (NEC Labs America), Zhenyu Wu (NEC Labs America), Lu-An Tang (NEC Labs America), Ding Li (NEC Labs America)

Modern malware and cyber attacks depend heavily on DNS services to make their campaigns reliable and difficult to track. Monitoring network DNS activities and blocking suspicious domains have been proven an effective technique in countering such attacks. However, recent successful campaigns reveal that at- tackers adapt by using seemingly benign domains and public web storage services to hide malicious activity. Also, the recent support for encrypted DNS queries provides attacker easier means to hide malicious traffic from network-based DNS monitoring.

We propose PDNS, an end-point DNS monitoring system based on DNS sensor deployed at each host in a network, along with a centralized backend analysis server. To detect such attacks, PDNS expands the monitored DNS activity context and examines process context which triggered that activity. Specifically, each deployed PDNS sensor matches domain name and the IP address related to the DNS query with process ID, binary signature, loaded DLLs, and code signing information of the program that initiated it. We evaluate PDNS on a DNS activity dataset collected from 126 enterprise hosts and with data from multiple malware sources. Using ML Classifiers including DNN, our results outperform most previous works with high detection accuracy: a true positive rate at 98.55% and a low false positive rate at 0.03%.

View More Papers

Sereum: Protecting Existing Smart Contracts Against Re-Entrancy Attacks

Michael Rodler (University of Duisburg-Essen), Wenting Li (NEC Laboratories, Germany), Ghassan O. Karame (NEC Laboratories, Germany), Lucas Davi (University of Duisburg-Essen)

Read More

BadBluetooth: Breaking Android Security Mechanisms via Malicious Bluetooth Peripherals

Fenghao Xu (The Chinese University of Hong Kong), Wenrui Diao (Jinan University), Zhou Li (University of California, Irvine), Jiongyi Chen (The Chinese University of Hong Kong), Kehuan Zhang (The Chinese University of Hong Kong)

Read More

Quantity vs. Quality: Evaluating User Interest Profiles Using Ad...

Muhammad Ahmad Bashir (Northeastern University), Umar Farooq (LUMS Pakistan), Maryam Shahid (LUMS Pakistan), Muhammad Fareed Zaffar (LUMS Pakistan), Christo Wilson (Northeastern University)

Read More

JavaScript Template Attacks: Automatically Inferring Host Information for Targeted...

Michael Schwarz (Graz University of Technology), Florian Lackner (Graz University of Technology), Daniel Gruss (Graz University of Technology)

Read More