DNS tunneling detection through statistical fingerprints of protocol messages and machine learning

Autor: Gianluca Papaleo, Maurizio Aiello, Maurizio Mongelli
Rok vydání: 2014
Předmět:
Zdroj: International Journal of Communication Systems. 28:1987-2002
ISSN: 1074-5351
DOI: 10.1002/dac.2836
Popis: The use of covert-channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like peer-to-peer, chat or http proxy into other allowed protocols like Domain Name Server DNS or HTTP. This paper illustrates a machine learning approach to detect one particular covert-channel technique: DNS tunneling.
Databáze: OpenAIRE