DNS tunneling is a method used by malicious users who intend to bypass the frewall to send or receive commands and data. Tis has a signifcant impact on revealing or releasing classifed information. Several researchers have examined the use of machine learning in terms of detecting DNS tunneling. However, these studies have treated the problem of DNS tunneling as a binary classifcation where the class label is either legitimate or tunnel. In fact, there are diferent types of DNS tunneling such as FTP-DNS tunneling, HTTP-DNS tunneling, HTTPS-DNS tunneling, and POP3-DNS tunneling. Terefore, there is a vital demand to not only detect the DNS tunneling but rather classify such tunnel. Tis study aims to propose a multilabel support vector machine in order to detect and classify the DNS tunneling. Te proposed method has been evaluated using a benchmark dataset that contains numerous DNS queries and is compared with a multilabel Bayesian classifer based on the number of corrected classifed DNS tunneling instances. Experimental results demonstrate the efcacy of the proposed SVM classifcation method by obtaining an f-measure of 0.80.
CITATION STYLE
Almusawi, A., & Amintoosi, H. (2018). DNS tunneling detection method based on multilabel support vector machine. Security and Communication Networks, 2018. https://doi.org/10.1155/2018/6137098
Mendeley helps you to discover research relevant for your work.