Botconf Author Listing

Yarin Ozery

Last known affiliation: Akamai Technologies, inc.
Bio: Yarin Ozery is a senior software engineer and security researcher. He’s been working for Akamai at the Enterprise Security Group division for the past year and a half. Yarin’s focus is on developing innovative ML and Big Data solutions to protect Akamai’s customers. Yarin has a B.Sc in computer science from the Technion – Israel Institute of Technology and he’s currently pursuing a M.Sc degree from the Software and Information System Engineering department at Ben Gurion University of the Negev.
Date: 2023-04-13
The Case For Real Time Detection of Data Exchange Over the DNS Protocol
Yarin Ozery 🗣

Abstract (click to view)

Data exfiltration and detection has been the subject of lots of research in recent years. DNS exfiltration is the process of abusing the DNS protocol, originally designed for hostname resolving, to send data from a querying machine to a remote nameserver. While DNS exfiltration is commonly associated with free DNS tunneling applications, it’s also used by bots (e.g., Feederbot, Morto) to steal sensitive data from compromised enterprises and communicate with their command and control servers.

In this talk, we present a new real-time DNS exfiltration detection solution designed to be deployed on recursive DNS resolvers, based on estimating the amount of data that is transferred to registered domains via DNS requests FQDN. The algorithm is designed to be light-weight in both memory requirements and execution run time and allows real-time mitigation of DNS exfiltration campaigns.

Slides Icon
Scroll to Top