A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques-Reference-Cited by-同舟云学术

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Published:2022-12-23 Issue:8 Volume:55 Page:1-28
ISSN:0360-0300
Container-title:ACM Computing Surveys
language:en
Short-container-title:ACM Comput. Surv.

Author:

Lyu Minzhao¹^ORCID,Gharakheili Hassan Habibi¹^ORCID,Sivaraman Vijay¹^ORCID

Affiliation:

1. University of New South Wales, Sydney, NSW, Australia

Abstract

The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role in Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform secure and private domain name lookups. We survey the DNS encryption literature published from 2016 to 2021, focusing on its current landscape and how it is misused by malware, and highlighting the existing techniques developed to make inferences from encrypted DNS traffic. First, we provide an overview of various standards developed in the space of DNS encryption and their adoption status, performance, benefits, and security issues. Second, we highlight ways that various malware families can exploit DNS encryption to their advantage for botnet communications and/or data exfiltration. Third, we discuss existing inference methods for profiling normal patterns and/or detecting malicious encrypted DNS traffic. Several directions are presented to motivate future research in enhancing the performance and security of DNS encryption.

Publisher

Association for Computing Machinery (ACM)

Subject

General Computer Science,Theoretical Computer Science

Link

https://dl.acm.org/doi/pdf/10.1145/3547331

Reference117 articles.

1. 2018. DNSExfiltrator. https://github.com/Arno0x/DNSExfiltrator. Accessed: 2021-11-01.

2. 2018. HTTPS-Only Features in Major Browsers. https://www.digicert.com/blog/https-only-features-in-browsers. Accessed: 2021-10-12.

3. 2019. DNSTT. https://github.com/Mygod/dnstt. Accessed: 2021-10-12.

4. 2019. Research into Data Exfiltration using DOH. https://sysopfb.github.io/exfiltration /c2/2019/09/22/DOH-exfiltration.html. Accessed: 2021-10-12.

5. 2021. DNSCrypt & DoH Servers. https://dnscrypt.info/public-servers/. Accessed: 2021-10-19.

Cited by 26 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. A Cross-Layer Survey on Secure and Low-Latency Communications in Next-Generation IoT;IEEE Transactions on Network and Service Management;2024-08

2. Real-Time Analysis of Encrypted DNS Traffic for Threat Detection;ICC 2024 - IEEE International Conference on Communications;2024-06-09

3. Comparative analysis of DNS over HTTPS detectors;Computer Networks;2024-06

4. On Cross-Layer Interactions of QUIC, Encrypted DNS and HTTP/3: Design, Evaluation, and Dataset;IEEE Transactions on Network and Service Management;2024-06

5. C2-DNSWatch: Endpoint Framework for Detecting Command and Control (C2) Connection of Advanced Persistent Threats (APTs);2024 13th International Conference on Communications, Circuits and Systems (ICCCAS);2024-05-10