Feature transformation and Mutual Information for DNS tunneling analysis
作者: E. Cambiaso , M. Aiello , M. Mongelli , G. Papaleo
DOI: 10.1109/ICUFN.2016.7536939
关键词: Feature transformation 、 Data mining 、 Peer to peer computing 、 Computer science 、 Security policy 、 Computer network 、 Mutual information 、 Principal component analysis 、 Server
摘要: Tunneling attacks are executed to bypass security policies or leak sensitive data outside of a network. In this paper, we propose an innovative algorithm profile DNS tunnels. Our approach combines Principal Component Analysis and Mutual Information. The proposed is validated on live Results show that, under specific conditions, anomalies correctly characterized through the method. Other cases require instead further investigation.
sci-hub.se 参考文章(18)
Christian Callegari, Loris Gazzarrini, Stefano Giordano, Michele Pagano, Teresa Pepe, Improving PCA-based anomaly detection by using multiple time scale analysis and Kullback-Leibler divergence International Journal of Communication Systems. ,vol. 27, pp. 1731- 1751 ,(2014) , 10.1002/DAC.2432
M. Mongelli, M. Aiello, E. Cambiaso, G. Papaleo, Detection of DoS attacks through Fourier transform and mutual information 2015 IEEE International Conference on Communications (ICC). pp. 7204- 7209 ,(2015) , 10.1109/ICC.2015.7249476
Marcel Spruit, Henk Sips, Pieter Burghouwt, Detection of botnet collusion by degree distribution of domains international conference for internet technology and secured transactions. pp. 1- 8 ,(2010)
M. Aiello, M. Mongelli, G. Papaleo, DNS tunneling detection through statistical fingerprints of protocol messages and machine learning International Journal of Communication Systems. ,vol. 28, pp. 1987- 2002 ,(2015) , 10.1002/DAC.2836
Riyad Alshammari, A. Nur Zincir-Heywood, Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Computer Networks. ,vol. 55, pp. 1326- 1350 ,(2011) , 10.1016/J.COMNET.2010.12.002
Cheng Qi, Xiaojun Chen, Cui Xu, Jinqiao Shi, Peipeng Liu, A Bigram based Real Time DNS Tunnel Detection Approach Procedia Computer Science. ,vol. 17, pp. 852- 860 ,(2013) , 10.1016/J.PROCS.2013.05.109
Dan Tang, Kai Chen, XiaoSu Chen, HuiYu Liu, XinHua Li, A New Collaborative Detection Method for LDoS Attacks Journal of Networks. ,vol. 9, pp. 2674- 2681 ,(2014) , 10.4304/JNW.9.10.2674-2681
Anestis Karasaridis, Kathleen Meier-Hellstern, David Hoeflin, NIS04-2: Detection of DNS Anomalies using Flow Data Analysis global communications conference. pp. 1- 6 ,(2006) , 10.1109/GLOCOM.2006.280
Z. Berkay Celik, Sema Oktug, Detection of Fast-Flux Networks using various DNS feature sets international symposium on computers and communications. pp. 000868- 000873 ,(2013) , 10.1109/ISCC.2013.6755058
Intrusion detection and tolerance: A global scheme International Journal of Communication Systems. ,vol. 21, pp. 211- 230 ,(2008) , 10.1002/DAC.V21:2