Research Article
DNS Tunneling Detection Method Based on Multilabel Support Vector Machine
Table 2
Sample of utilized features.
| | Connections | DNS request length | IP request length | IP response length | Encoded DNS request name | Request application layer entropy | IP packet entropy | Query name entropy | Class label |
| | 1 | 134 | 162 | 253 | 3832ca326862beee59d6776a6fe9d7beee5745edc | 5.389038 | 5.13366 | 4.02192 | FTP | | 2 | 132 | 160 | 176 | 3832be74be6470fd61616261637561614167d4c | 4.915386 | 4.79327 | 3.64144 | HTTP | | 3 | 139 | 167 | 278 | 3832be74ee6464fd6161626163756161e746b314 | 4.992512 | 4.53417 | 3.54144 | HTTPS | | 4 | 57 | 374 | 85 | 3832ca326862beee59d6676a6fe9d3beee574 | 1.584963 | 1.58496 | 1.58496 | POP3 | | 5 | 130 | 158 | 164 | 3832ca326862beee59d6676a6fe9d3beee574 | 5.508819 | 5.09366 | 4.02192 | HTTP | | 6 | 130 | 158 | 237 | 3832ca326862beee59d6676a6fe9cbbeee5745ed | 5.60542 | 5.22875 | 4.02192 | FTP | | 7 | 57 | 261 | 85 | 7a6461 | 1.584963 | 1.58496 | 1.58496 | FTP | | 8 | 130 | 158 | 99 | login.wildraiderz.com | 5.590495 | 5.17366 | 3.82192 | Normal |
|
|
