http://www.cnr.it/ontology/cnr/individuo/prodotto/ID283073

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning (Articolo in rivista)

Type

Prodotto della ricerca (Classe)
Articolo in rivista (Classe)

Label

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning (Articolo in rivista) (literal)

Anno

2014-01-01T00:00:00+01:00 (literal)

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#doi

10.1002/dac.2836 (literal)

Alternative label

Aiello M.; Mongelli M.; Papaleo G. (2014)
DNS tunneling detection through statistical fingerprints of protocol messages and machine learning
in International journal of communication systems (Print)
(literal)

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#autori

Aiello M.; Mongelli M.; Papaleo G. (literal)

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#url

http://www.scopus.com/inward/record.url?eid=2-s2.0-84904776994&partnerID=q2rCbXpz (literal)

Rivista

International journal of communication systems (Rivista)

Note

Scopu (literal)

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#affiliazioni

Institute of Electronics, Computer and Telecommunication Engineering National Research Council of Italy Via De Marini 6 Genoa 16149 Italy (literal)

Titolo

DNS tunneling detection through statistical fingerprints of protocol messages and machine learning (literal)

Abstract

The use of covert-channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like peer-to-peer, chat or http proxy into other allowed protocols like Domain Name Server (DNS) or HTTP. This paper illustrates a machine learning approach to detect one particular covert-channel technique: DNS tunneling.Despite packet inspection may guarantee reliable intrusion detection in this context, it may suffer of scalability performance when a large set of sockets should be monitored in real time. Detecting the presence of DNS intruders by an aggregation-based monitoring is of main interest as it avoids packet inspection, thus preserving privacy and scalability. The proposed monitoring mechanism looks at simple statistical properties of protocol messages, such as statistics of packets inter-arrival times and of packets sizes. The analysis is complicated by two drawbacks: silent intruders (generating small statistical variations of legitimate traffic) and quick statistical fingerprints generation (to obtain a detection tool really applicable in the field).Results from experiments conducted on a live network are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. The technique overcomes traditional classifier limitations. An insightful analysis of the performance leads to discover a unique intrusion detection tool, applicable in the presence of different tunneled applications. © 2014 John Wiley & Sons, Ltd. (literal)

Prodotto di

Autore CNR

GIANLUCA PAPALEO (Persona)
MAURIZIO AIELLO (Unità di personale interno)
MAURIZIO MONGELLI (Persona)

Insieme di parole chiave

Parole chiave di "DNS tunneling detection through statistical fingerprints of protocol messages and machine learning" (Insieme di parole chiave)

Incoming links:

Prodotto

Autore CNR di

MAURIZIO AIELLO (Unità di personale interno)
GIANLUCA PAPALEO (Persona)
MAURIZIO MONGELLI (Persona)

Http://www.cnr.it/ontology/cnr/pubblicazioni.owl#rivistaDi

International journal of communication systems (Rivista)

Insieme di parole chiave di

Parole chiave di "DNS tunneling detection through statistical fingerprints of protocol messages and machine learning" (Insieme di parole chiave)

data.CNR.it