Publication

Abstract : The effective coordination of attacks between malicious actors and compromised devices via Command and Control (C&C) communication channels presents a substantial cybersecurity threat. These channels often exploit legitimate protocols like the Domain Name System [DNS], making their detection challenging amidst regular network traffic. This paper introduces a unique approach to identifying C&C communication concealed within DNS queries in real-time. Our system employs deep learning techniques for accurate and efficient anomaly detection while conserving resources. Utilizing a pre-trained deep learning model trained on the CIRA-CIC-DoHBrw-2020 dataset, we distinguish between legitimate DNS traffic, encrypted DNS over HTTPS (DoH) traffic, and malicious C&C communication masquerading as DNS queries. To ensure lightweight operation suitable for resource-constrained systems, we implement the entire workflow, from data capture to model inference, as a Rust binary. This methodology provides a novel combination of real-time detection for prompt response to C&C activity, lightweight operation for widespread deployment, and high accuracy leveraging deep learning capabilities. By proactively identifying and mitigating C&C communication linked to zombie DNS botnets, our proposed system shows potential for significantly bolstering network security.