Identifying DNS Exfiltration based on Lexical Attributes of Query Name

Sensitive and personal information theft is one of the biggest threats faces by enterprise networks. DNS is frequently used by sophisticated attackers to exfiltrate data over DNS queries, or facilitate command and control communications for malware in networks (i.e., tunneling). Commercial firewalls and intrusion detection systems (IDSs) seemingly have some capabilities to detect evolving attack vectors, but they are expensive and inflexible hardware solutions, yet incapable of offering advanced security features at high throughput. This paper develops and evaluates novel deep neural network-based DNS exfiltration using 1 Million benign domains and 1 Million DNS exfiltrated domains. We then compare its performance with state-of-the-art methods that show our deep learning-based framework outperforms with an accuracy of more than 99.9%.