Data leakage detection in DNS communications with the help of machine learning on the Splunk platform
The DNS protocol was developed in the beginnings of the Internet and still works in an almost unchanged form. Its simplicity is unique and has been proven for years, but the architecture does not provide protection against, for example, tunneling of communications that can be used to leak data from organizations. Our proposed detection of ex-data filtering using the DNS protocol is based on machine learning that is sufficiently resistant to FP (false positives). In a live demonstration, we show the functionality of the technique and the limitations of classical methods.
Sign in to Spring ITAPA 2024
Marek Kľoc
Marek Kľoc graduated in 2003 from the Technical University in Košice, Faculty of Electrical Engineering and Informatics, Study program of Information Systems Design and Operation. Since 2005, he has been working at LYNX in the Cyber Security Department, which he also led between 2015 and 2018. As a security architect, he has participated in many projects and implementations in the private sector and in the public sector.
See more info about the speaker
