Can We Detect Malicious Behaviours in Encrypted Dns Tunnels Using Network Flow Entropy?
| dc.contributor.author | Khodjaeva Y. | |
| dc.contributor.author | Zincir-Heywood N. | |
| dc.contributor.author | Zincir I. | |
| dc.date.accessioned | 2023-06-16T15:01:59Z | |
| dc.date.available | 2023-06-16T15:01:59Z | |
| dc.date.issued | 2022 | |
| dc.description.abstract | This paper explores the concept of entropy of a flow to augment flow statistical features for encrypted DNS tunnelling detection, specifically DNS over HTTPS traffic. To achieve this, the use of flow exporters, namely Argus, DoHlyzer and Tranalyzer2 are studied. Statistical flow features automatically generated by the aforementioned tools are then augmented with the flow entropy. In this work, flow entropy is calculated using three different techniques: (i) entropy over all packets of a flow, (ii) entropy over the first 96 bytes of a flow, and (iii) entropy over the first n-packets of a flow. These features are provided as input to ML classifiers to detect malicious behaviours over four publicly available datasets. This model is optimized using TPOT-AutoML system, where the Random Forest classifier provided the best performance achieving an average F-measure of 98% over all testing datasets employed. © 2022 River Publishers. | en_US |
| dc.description.sponsorship | Natural Sciences and Engineering Research Council of Canada, NSERC | en_US |
| dc.description.sponsorship | This research was in part enabled by the support of NSERC. The first author gratefully acknowledges the support by the Study in Canada Scholarship. The research is conducted as part of the Dalhousie NIMS Lab at: https://projects .cs.dal.ca/projectx/. | en_US |
| dc.description.sponsorship | This research was in part enabled by the support of NSERC. The first author gratefully acknowledges the support by the Study in Canada Scholarship. The research is conducted as part of the Dalhousie NIMS Lab at: https://projects.cs.dal.ca/projectx/. | en_US |
| dc.identifier.doi | 10.13052/jcsm2245-1439.1135 | |
| dc.identifier.issn | 2245-1439 | |
| dc.identifier.issn | 2245-4578 | |
| dc.identifier.scopus | 2-s2.0-85139182494 | |
| dc.identifier.uri | https://doi.org/10.13052/jcsm2245-1439.1135 | |
| dc.identifier.uri | https://hdl.handle.net/20.500.14365/3693 | |
| dc.language.iso | en | en_US |
| dc.publisher | River Publishers | en_US |
| dc.relation.ispartof | Journal of Cyber Security and Mobility | en_US |
| dc.rights | info:eu-repo/semantics/openAccess | en_US |
| dc.subject | Cybersecurity | en_US |
| dc.subject | DNS over HTTPS | en_US |
| dc.subject | Entropy | en_US |
| dc.subject | machine learning | en_US |
| dc.subject | tunneling attacks | en_US |
| dc.subject | Classification (of information) | en_US |
| dc.subject | Cryptography | en_US |
| dc.subject | Cybersecurity | en_US |
| dc.subject | Decision trees | en_US |
| dc.subject | Feature extraction | en_US |
| dc.subject | HTTP | en_US |
| dc.subject | Internet protocols | en_US |
| dc.subject | Automatically generated | en_US |
| dc.subject | Cyber security | en_US |
| dc.subject | DNS over HTTPS | en_US |
| dc.subject | Flow entropy | en_US |
| dc.subject | Flow features | en_US |
| dc.subject | Machine-learning | en_US |
| dc.subject | Malicious behavior | en_US |
| dc.subject | Networks flows | en_US |
| dc.subject | Statistical features | en_US |
| dc.subject | Tunnelling attacks | en_US |
| dc.subject | Entropy | en_US |
| dc.title | Can We Detect Malicious Behaviours in Encrypted Dns Tunnels Using Network Flow Entropy? | en_US |
| dc.type | Article | en_US |
| dspace.entity.type | Publication | |
| gdc.author.scopusid | 57226890554 | |
| gdc.author.scopusid | 55575855800 | |
| gdc.bip.impulseclass | C5 | |
| gdc.bip.influenceclass | C5 | |
| gdc.bip.popularityclass | C5 | |
| gdc.coar.access | open access | |
| gdc.coar.type | text::journal::journal article | |
| gdc.collaboration.industrial | false | |
| gdc.description.departmenttemp | Khodjaeva, Y., Faculty of Computer Science, Dalhousie University, Canada, Faculty of Engineering, Izmir University of Economics, Turkey; Zincir-Heywood, N., Faculty of Computer Science, Dalhousie University, Canada, Faculty of Engineering, Izmir University of Economics, Turkey; Zincir, I., Faculty of Computer Science, Dalhousie University, Canada, Faculty of Engineering, Izmir University of Economics, Turkey | en_US |
| gdc.description.endpage | 495 | en_US |
| gdc.description.issue | 3 | en_US |
| gdc.description.publicationcategory | Makale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanı | en_US |
| gdc.description.scopusquality | Q3 | |
| gdc.description.startpage | 461 | en_US |
| gdc.description.volume | 11 | en_US |
| gdc.description.wosquality | N/A | |
| gdc.identifier.openalex | W4293870309 | |
| gdc.index.type | Scopus | |
| gdc.oaire.accesstype | GOLD | |
| gdc.oaire.diamondjournal | false | |
| gdc.oaire.impulse | 1.0 | |
| gdc.oaire.influence | 2.5310884E-9 | |
| gdc.oaire.isgreen | false | |
| gdc.oaire.popularity | 2.53195E-9 | |
| gdc.oaire.publicfunded | false | |
| gdc.oaire.sciencefields | 0202 electrical engineering, electronic engineering, information engineering | |
| gdc.oaire.sciencefields | 02 engineering and technology | |
| gdc.openalex.collaboration | International | |
| gdc.openalex.fwci | 0.1379 | |
| gdc.openalex.normalizedpercentile | 0.54 | |
| gdc.opencitations.count | 0 | |
| gdc.plumx.facebookshareslikecount | 95 | |
| gdc.plumx.mendeley | 14 | |
| gdc.plumx.scopuscites | 1 | |
| gdc.scopus.citedcount | 1 | |
| gdc.virtual.author | Zincir, İbrahim | |
| relation.isAuthorOfPublication | c9b95903-1849-4188-abc5-ccd50809334e | |
| relation.isAuthorOfPublication.latestForDiscovery | c9b95903-1849-4188-abc5-ccd50809334e | |
| relation.isOrgUnitOfPublication | e9e77e3e-bc94-40a7-9b24-b807b2cd0319 | |
| relation.isOrgUnitOfPublication | 805c60d5-b806-4645-8214-dd40524c388f | |
| relation.isOrgUnitOfPublication | 26a7372c-1a5e-42d9-90b6-a3f7d14cad44 | |
| relation.isOrgUnitOfPublication.latestForDiscovery | e9e77e3e-bc94-40a7-9b24-b807b2cd0319 |
Files
Original bundle
1 - 1 of 1