Lookup NU author(s): Talal Alharbi,
Professor Maciej Koutny
This is the final published version of a conference proceedings (inc. abstract) that has been published in its final definitive form by CEUR-WS, 2019.
For re-use rights please refer to the publisher's terms and conditions.
© 2019 CEUR Workshop Proceedings. All rights reserved.Today, serious warnings regarding the increasing number of DNS tunnelling methods are on the rise. Attackers have used such techniques to steal data from millions of accounts. The existing literature has thoroughly demonstrated the extent of the damage which DNS tunnelling can achieve on any given DNS server. However, through SONs - Petri net-based formalisms which portray the behaviour of complex evolving systems, such threats can be alleviated. As a concept, SONs are originally grounded in Occurrence Nets (ONs) and already yielded results in terms of successful cybercrime analysis. For instance, adding of alternates to SONs initially used in  was extended to in  in order to model and analyse system activities such as cybercrime or accidents, which may show contradictory or uncertain evidence in terms of actual activity. The current paper proposes the use of SON features with the purpose of detecting DNS tunnelling, in the event of an actual attack.
Author(s): Alharbi T, Koutny M
Editor(s): Daniel Moldt, Ekkart Kindler, Manuel Wimmer
Publication type: Conference Proceedings (inc. Abstract)
Publication status: Published
Conference Name: Proceedings of the International Workshop on Petri Nets and Software Engineering (PNSE 2019)
Year of Conference: 2019
Online publication date: 23/06/2019
Acceptance date: 02/04/2018
Date deposited: 02/09/2019
Series Title: CEUR Workshop Proceedings