Detection of DNS Based Covert Channels

Covert channels based on DNS traffic are of particular interest, as DNS requests are an essential part of most Internet traffic and as a result are rarely filtered or blocked by firewalls. As part of our work we have created a test bed system that uses a covert DNS channel to exfiltrate data from a compromised host. Using this system we have carried out network traffic analysis that uses baseline comparisons as a means to fingerprint covert DNS activity. Even though detection of covert DNS activity is relatively straightforward, there is anecdotal evidence to suggest that most organisations do not filter or pay enough attention to DNS traffic and are therefore susceptible to data exfiltration attacks once a host on their network has been compromised. Our work shows that freely available covert DNS tools have particular traffic signatures that can be detected in order to mitigate data exfiltration and C&C traffic.

Supervisor: Dr. Anthony Keane - Student: Stephen Sheridan
Duration: 4 Years
Start date: October 2013 Completed: June 2018

Cloud Forensics

Digital Forensic Investigations in the Cloud Environment

Current forensic capabilities offered by cloud service providers are at times insufficient owing to complexity of the cloud environment. Therefore, clients often need to consult third parties during investigations. We are working on developing a standard framework for digital forensics intermediary services in the cloud environments to enable a quicker, more convenient and forensically sound investigation process for clients.

Supervisor: Dr. Anthony Keane - Student: Neha Thethi
Project partner: Brian Honan Consulting
Funding Source: Irish Research Council(IRC) - Employment based Postgraduate Programme
Duration: 3 Years
Start date: March 2014 Funding end date: March 2017

The Impact of Steganography on Electronic Communications and Methods Deployed to Discover the Extent of its use using Steganalysis

Research objectives are:

  • Research the possibility of steganography being detected by visual or auditory means.
  • To identify the different levels of complexity of steganography in electronic communications.
  • Analyse the cost to security when steganography is used to bypass current mechanisms.
  • Examine if the use of steganography can be used to communicate secretly in jurisdictions where the use of encryption is restricted.
  • Perform statistical analysis of success rates of steganography detectability using current forms of steganalysis.


Supervisor: Dr. Anthony Keane - Student: Michael Hegarty
Duration: 4 Years
Start date: January 2015 Expected end date: Jan 2019

Software Defined Networking Security: Defending SDN Networks from Attack

This project explores the security of the Software Defined Networking Paradigm, and examines whether it can be protected using current Intrusion Detection Systems/Intrusion Prevention Systems.
Supervisor: Dr. Christina Thorpe Student: Mark Lane
Start date: March 2015 Expected end date: March 2020