Abstract
This paper addresses a problem of detecting Domain Name System (DNS) tunneling in a computer network. Unauthorized data transfer exploits DNS tunneling technique to conceal network activity in a regular DNS traffic. Contemporary intrusion prevention equipment does not provide reasonable protection from sensitive information stealing. Given the DNS queries from both legitimate and adversary clients this paper proposes a machine-learning method of distinguishing tunneling strategies. More precisely, it describes a multi-label model of feedforward neural network that classifies some of well-known tunneling strategies counting legitimate traffic. The paper contains analysis of classification quality and accuracy of the developed model.
Publisher
European Open Access Publishing (Europa Publishing)
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献