Table of Contents Author Guidelines Submit a Manuscript
Security and Communication Networks
Volume 2018, Article ID 6137098, 9 pages
https://doi.org/10.1155/2018/6137098
Research Article

DNS Tunneling Detection Method Based on Multilabel Support Vector Machine

Computer Engineering Department, Faculty of Engineering, Ferdowsi University of Mashhad, Mashhad, Iran

Correspondence should be addressed to Ahmed Almusawi; moc.liamg@87iwasumlademha

Received 3 September 2017; Revised 10 November 2017; Accepted 20 November 2017; Published 16 January 2018

Academic Editor: Roberto Di Pietro

Copyright © 2018 Ahmed Almusawi and Haleh Amintoosi. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. G. Farnham and A. Atlasis, Detecting DNS Tunneling, InfoSec Reading Room, 2013.
  2. R. Rasmussen, “Do you know what your dns resolver is doing right now,” 2012, http://www.securityweek.com/do-you-know-what-your-dns-resolver-doing-right-now.
  3. M. Aiello, M. Mongelli, and G. Papaleo, “Basic classifiers for DNS tunneling detection,” in Proceedings of the 18th IEEE Symposium on Computers and Communications, ISCC 2013, pp. 880–885, July 2013. View at Publisher · View at Google Scholar · View at Scopus
  4. C. Dietrich, Feederbot-a Bot Using DNS as Carrier for Its C&C, 2011.
  5. C. Mullaney, Morto Worm Sets a (DNS) Record, Symantec Official Blog, 2011.
  6. J. Liu and G.-y. Qiu, “The firewall penetrating techniques based on the inverse connection, http-tunnel and sharing dns,” Journal of Zhengzhou University of Light Industry (Natural Science), vol. 5, article 014, 2007. View at Google Scholar
  7. V. T. Do, P. Engelstad, B. Feng, and T. van Do, “Detection of DNS tunneling in mobile networks using machine learning,” in Proceedings of the Information Science and Applications: ICISA 2017, vol. 424, pp. 221–230, 2017. View at Publisher · View at Google Scholar · View at Scopus
  8. M. Aiello, M. Mongelli, and G. Papaleo, “DNS tunneling detection through statistical fingerprints of protocol messages and machine learning,” International Journal of Communication Systems, vol. 28, no. 14, pp. 1987–2002, 2015. View at Publisher · View at Google Scholar · View at Scopus
  9. F. Allard, R. Dubois, P. Gompel, and M. Morel, “Tunneling activities detection using machine learning techniques,” DTIC Document, 2010. View at Google Scholar
  10. C. Chang and C. Lin, “LIBSVM: a Library for support vector machines,” ACM Transactions on Intelligent Systems and Technology, vol. 2, no. 3, article 27, 2011. View at Publisher · View at Google Scholar · View at Scopus
  11. B. C. Kelly, “Some aspects of measurement error in linear regression of astronomical data,” The Astrophysical Journal , vol. 665, no. 2 I, pp. 1489–1506, 2007. View at Publisher · View at Google Scholar · View at Scopus
  12. R. P. Beausoleil, “Bounded Variables nonlinear Multiple Criteria Optimization using Scatter search,” Revista de Matemática: Teoría y Aplicaciones, vol. 11, no. 1, pp. 17–40, 2004. View at Publisher · View at Google Scholar
  13. J. Brank, M. Grobelnik, N. Milic-Frayling, and D. Mladenic, “Interaction of feature selection methods and linear classification models,” in Proceedings of the Workshop on Text Learning held at ICML, 2002.
  14. A. L. Buczak, P. A. Hanke, G. J. Cancro, M. K. Toma, L. A. Watkins, and J. S. Chavis, “Detection of tunnels in PCAP data by random forests,” in Proceedings of the 11th Annual Cyber and Information Security Research Conference, CISRC 2016, April 2016. View at Publisher · View at Google Scholar · View at Scopus
  15. M. Aiello, M. Mongelli, E. Cambiaso, and G. Papaleo, “Profiling {DNS} tunneling attacks with PCA and mutual information,” Logic Journal of the IGPL. Interest Group in Pure and Applied Logics, vol. 24, no. 6, pp. 957–970, 2016. View at Google Scholar · View at MathSciNet
  16. I. Homem, P. Papapetrou, and S. Dosis, Entropy-based Prediction of Network Protocols in the Forensic Analysis of DNS Tunnels, 2016.
  17. K. Born, Psudp: A Passive Approach to Network-Wide Covert Communication, Black Hat, 2010.
  18. I. Homem and P. Papapetrou, Harnessing Predictive Models for Assisting Network Forensic Investigations of DNS Tunnels, 2017.
  19. O. Dembour and N. Collignon, Dns2tcp Tool, 2014.
  20. P. Berkhin, “A survey of clustering data mining techniques,” in Grouping Multidimensional Data, J. Kogan, C. Nicholas, and M. Teboulle, Eds., pp. 25–71, Springer, Berlin, Germany, 2006. View at Publisher · View at Google Scholar
  21. S. Agarwal, S. Yadav, and K. Singh, “K-means versus k-means clustering technique,” in Proceedings of the 2012 Students Conference on Engineering and Systems, SCES 2012, pp. 1–6, March 2012. View at Publisher · View at Google Scholar · View at Scopus
  22. J. Huang, J. Lu, and C. X. Ling, “Comparing naive bayes, decision trees, and SVM with AUC and accuracy,” in Proceedings of the 3rd IEEE International Conference on Data Mining (ICDM '03), pp. 553–556, November 2003. View at Scopus
  23. A. Almusawi, DNS Tunneling Detection Method Based On Multi-Label Support Vector Machine, [M.S. thesis], Ferdowsi University of Mashhad, Mashhad, Iran, 2017.