Title :
Basic classifiers for DNS tunneling detection
Author :
Aiello, Marco ; Mongelli, Maurizio ; Papaleo, Gianluca
Author_Institution :
Inst. of Electron., Comput. & Telecommun. Eng., Genoa, Italy
Abstract :
The paper deals with DNS tunneling detection by means of simple supervised learning schemes, applied to statistical features of DNS queries and answers. DNS traffic samples are used by exploiting the content of the entire DNS database, thus avoiding socket-by-socket inspection. Specific attention is devoted to the detection of small portions of malicious data, hidden by regular DNS communication. Second and third level DNS domains are analyzed. Despite the simplicity of the mechanism, good results are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. In this perspective, an empirical trade-off is found between fast and reliable detections.
Keywords :
Internet; learning (artificial intelligence); pattern classification; query processing; telecommunication traffic; DNS database; DNS domain; DNS queries and answers; DNS traffic; DNS tunneling detection classifier; majority voting scheme; malicious data; regular DNS communication; socket-by-socket inspection; statistical feature; supervised learning scheme; Feature extraction; Reliability; Servers; Tunneling; Vectors;
Conference_Titel :
Computers and Communications (ISCC), 2013 IEEE Symposium on
Conference_Location :
Split
DOI :
10.1109/ISCC.2013.6755060
