Abstract

Essential Internet services are vital for many aspects of modern living, yet those services remain valuable to threat actors who use them for network intrusions and data exfiltration. This quantitative research study, focused on the single-subject experimental design, analyzed the ability of the novel Fedona Convolutional Neural Network (CNN) to detect Domain Name System (DNS) covert channel communications generated by the DNSExfiltrator open source tool. The post-positivism theoretical framework guided the experiment design and analysis. Data collected during execution of DNSExfiltrator in a laboratory environment tested the deep learning model’s ability to identify exfiltration data within DNS TXT records. The results showed 100% accuracy when exfiltrated file sizes exceeded 2 Kilobytes (Kb) using the maximum transmission packet size, although performance fell dramatically for files below 1 Kb in size. This research expanded understanding of neural networks applied to covert channel detection.