Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification
نویسندگان
چکیده
Although the DNS over HTTPS (DoH) protocol has desirable properties for Internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious traffic generated by malware malicious tools. To support their efforts maintaining this paper, we propose novel system identifies tunnel tools through hierarchical classification method uses machine-learning technology on DoH traffic. We implemented prototype of proposed evaluated its performance CIRA-CIC-DoHBrw-2020 dataset, obtaining 99.81% accuracy filtering, 99.99% detection, 97.22% identification
منابع مشابه
Machine Learning Classification of Malicious Network Traffic
1.1. Intrusion Detection Systems. In our society, information systems are everywhere. They are used by corporations to store proprietary and other sensitive data, by families to store financial and personal information, by universities to keep research data and ideas, and by governments to store defense and security information. It is very important that the information systems that house this ...
متن کاملCombating Malicious DNS Tunnel
The Domain Name System (DNS) is a fundamental Internet infrastructure, which resolves billions of queries per day in support of global communications and commerce. The most common use of DNS is to map human-friendly domain names to machine-readable IP addresses.The DNS is designed based on the client-server model where stub resolver at the client side originates DNS query for some query name an...
متن کاملHierarchical Text Classification using Methods from Machine Learning
Due to the permantently growing amount of textual data, automatic methods for organizing the data are needed. Automatic text classification is one of this methods. It automatically assigns documents to a set of classes based on the textual content of the document. Normally, the set of classes is hierarchically structured but today’s classification approaches ignore hierarchical structures, ther...
متن کاملIdentifying Patterns in DNS Traffic
In this research, a visual analytics approach is used on a large set of DNS packet captures to gain insight into ways that authoritative name servers are abused for denial of service attacks. Several tools were developed to identify patterns in DNS queries and responses. These patterns revealed that source port selection by recursive name servers is not uniformly distributed and that attackers ...
متن کاملMalicious JavaScript detection using machine learning
JavaScript has become a ubiquitous Web technology that enables interactive and dynamic Web sites. The widespread adoption, along with some of its properties allowing authors to easily obfuscate their code, make JavaScript an interesting venue for malware authors. In this survey paper, we discuss some of the difficulties in dealing with malicious JavaScript code, and go through some recent appro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Lecture Notes in Computer Science
سال: 2021
ISSN: ['1611-3349', '0302-9743']
DOI: https://doi.org/10.1007/978-3-030-91356-4_13