DNS tunneling detection method based on multilabel support vector machine

44Citations
Citations of this article
46Readers
Mendeley users who have this article in their library.

This article is free to access.

Abstract

DNS tunneling is a method used by malicious users who intend to bypass the frewall to send or receive commands and data. Tis has a signifcant impact on revealing or releasing classifed information. Several researchers have examined the use of machine learning in terms of detecting DNS tunneling. However, these studies have treated the problem of DNS tunneling as a binary classifcation where the class label is either legitimate or tunnel. In fact, there are diferent types of DNS tunneling such as FTP-DNS tunneling, HTTP-DNS tunneling, HTTPS-DNS tunneling, and POP3-DNS tunneling. Terefore, there is a vital demand to not only detect the DNS tunneling but rather classify such tunnel. Tis study aims to propose a multilabel support vector machine in order to detect and classify the DNS tunneling. Te proposed method has been evaluated using a benchmark dataset that contains numerous DNS queries and is compared with a multilabel Bayesian classifer based on the number of corrected classifed DNS tunneling instances. Experimental results demonstrate the efcacy of the proposed SVM classifcation method by obtaining an f-measure of 0.80.

Cite

CITATION STYLE

APA

Almusawi, A., & Amintoosi, H. (2018). DNS tunneling detection method based on multilabel support vector machine. Security and Communication Networks, 2018. https://doi.org/10.1155/2018/6137098

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free