Several open-source software, as well as spyware, abuse the DNS protocol for data exchange. While the scheme for data exchange remains the same, the communication pattern of the protocol varies. As a result, the detection techniques change as well. This session will discuss data exchange communication patterns of both open-source software and spyware, and explore techniques for their detection.
Learning Objectives: 1: Understand the importance of monitoring the DNS protocol for data leakage. 2: Learn to distinguish the DNS communication patterns of open-source software and malware. 3: Learn DNS exfiltration detection techniques based on the communication pattern.