DNS is one of the most used and versatile Internet protocols. Besides its primary function, DNS is widely used for other purposes, such as using domain name resolution for obtaining zip codes, currency conversions, transferring or tunnelling data, and querying all sorts of services like Wikipedia and many more (1).
Cyber threat actors understand DNS is a critical part of the Internet and is one of the few protocols that is always allowed in any network; therefore, they abuse it to conduct their malicious activities. This makes it extremely challenging for defenders, who need to balance between security and usability.
As partners in DNS4EU, we contribute our machine learning and cybersecurity knowledge through our expert research group, the Stratosphere Laboratory (AI Center, FEE). Our team is focused on the research and development of new detection algorithms able to take advantage of all the threat intelligence information provided by other partners to detect malicious activities.
Detecting malicious DNS activity on the scale of DNS4EU is challenging. Our team is also committed to research methods that allow us to reduce the number of false positives to make the experience of every user better and safer. Our research not only focuses on understanding state-of-the-art security attacks through DNS and machine learning techniques but also to be able to understand better the detection methods through explainable AI approaches. These approaches can help us create better and more robust detection methods.
DNS4EU aims to improve the Internet of more than 100 million Europeans, and we hope to contribute to making it better and safer.
This blog post was written by the Stratosphere Laboratory, AI Center, FEE, Czech Technical University in Prague (CTU in Prague). CTU in Prague is a member of the DNS4EU consortium.
(1 - https://archive.fosdem.org/2023/schedule/event/dns_bizarre_and_unusual_uses_of_dns/)