Abstract | ||
---|---|---|
The paper deals with DNS tunneling detection by means of simple supervised learning schemes, applied to statistical features of DNS queries and answers. DNS traffic samples are used by exploiting the content of the entire DNS database, thus avoiding socket-by-socket inspection. Specific attention is devoted to the detection of small portions of malicious data, hidden by regular DNS communication. Second and third level DNS domains are analyzed. Despite the simplicity of the mechanism, good results are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. In this perspective, an empirical trade-off is found between fast and reliable detections. |
Year | DOI | Venue |
---|---|---|
2013 | 10.1109/ISCC.2013.6755060 | Computers and Communications |
Keywords | Field | DocType |
Internet,learning (artificial intelligence),pattern classification,query processing,telecommunication traffic,DNS database,DNS domain,DNS queries and answers,DNS traffic,DNS tunneling detection classifier,majority voting scheme,malicious data,regular DNS communication,socket-by-socket inspection,statistical feature,supervised learning scheme | Data mining,Computer science,Server,Supervised learning,Feature extraction,Majority rule,The Internet | Conference |
ISSN | Citations | PageRank |
1530-1346 | 7 | 0.55 |
References | Authors | |
8 | 3 |
Name | Order | Citations | PageRank |
---|---|---|---|
Maurizio Aiello | 1 | 109 | 13.92 |
Maurizio Mongelli | 2 | 139 | 25.56 |
Gianluca Papaleo | 3 | 98 | 9.93 |