Journal of Applied Mathematics & Bioinformatics

Entropy-Based Evaluation of DNS Activity for Threat Hunting

  • Pdf Icon [ Download ]
  • Times downloaded: 9129
  • Abstract

    The paper documents, based mainly on published papers where a consistent mathematical description of cyberspace and various types of Cyber-Attacks and protection measures are presented, a mathematical approach for Cyber Threat Hunting using Domain Name System (DNS) observations. After referring to the various Advanced Persistent Threat (APT) hunting techniques we propose a high level, mainly, entropy-based technique for detecting the existence of various threat vectors in our networks, demystifying DNS Anomalies.

    Keywords: Domain Name System (DNS), Advanced Persistent Threat (APT) actors, Entropy, Anomaly Detection.