Toggle Main Menu Toggle Search

Open Access padlockePrints

Domain Name System (DNS) tunnelling detection using Structured Occurrence Nets (SONs)

Lookup NU author(s): Talal Alharbi, Professor Maciej KoutnyORCiD



This is the final published version of a conference proceedings (inc. abstract) that has been published in its final definitive form by CEUR-WS, 2019.

For re-use rights please refer to the publisher's terms and conditions.


© 2019 CEUR Workshop Proceedings. All rights reserved.Today, serious warnings regarding the increasing number of DNS tunnelling methods are on the rise. Attackers have used such techniques to steal data from millions of accounts. The existing literature has thoroughly demonstrated the extent of the damage which DNS tunnelling can achieve on any given DNS server. However, through SONs - Petri net-based formalisms which portray the behaviour of complex evolving systems, such threats can be alleviated. As a concept, SONs are originally grounded in Occurrence Nets (ONs) and already yielded results in terms of successful cybercrime analysis. For instance, adding of alternates to SONs initially used in [10] was extended to in [15] in order to model and analyse system activities such as cybercrime or accidents, which may show contradictory or uncertain evidence in terms of actual activity. The current paper proposes the use of SON features with the purpose of detecting DNS tunnelling, in the event of an actual attack.

Publication metadata

Author(s): Alharbi T, Koutny M

Editor(s): Daniel Moldt, Ekkart Kindler, Manuel Wimmer

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: Proceedings of the International Workshop on Petri Nets and Software Engineering (PNSE 2019)

Year of Conference: 2019

Pages: 93-108

Online publication date: 23/06/2019

Acceptance date: 02/04/2018

Date deposited: 02/09/2019

ISSN: 1613-0073

Publisher: CEUR-WS


Series Title: CEUR Workshop Proceedings