Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.14365/3693
Full metadata record
DC FieldValueLanguage
dc.contributor.authorKhodjaeva Y.-
dc.contributor.authorZincir-Heywood N.-
dc.contributor.authorZincir I.-
dc.date.accessioned2023-06-16T15:01:59Z-
dc.date.available2023-06-16T15:01:59Z-
dc.date.issued2022-
dc.identifier.issn2245-1439-
dc.identifier.urihttps://doi.org/10.13052/jcsm2245-1439.1135-
dc.identifier.urihttps://hdl.handle.net/20.500.14365/3693-
dc.description.abstractThis paper explores the concept of entropy of a flow to augment flow statistical features for encrypted DNS tunnelling detection, specifically DNS over HTTPS traffic. To achieve this, the use of flow exporters, namely Argus, DoHlyzer and Tranalyzer2 are studied. Statistical flow features automatically generated by the aforementioned tools are then augmented with the flow entropy. In this work, flow entropy is calculated using three different techniques: (i) entropy over all packets of a flow, (ii) entropy over the first 96 bytes of a flow, and (iii) entropy over the first n-packets of a flow. These features are provided as input to ML classifiers to detect malicious behaviours over four publicly available datasets. This model is optimized using TPOT-AutoML system, where the Random Forest classifier provided the best performance achieving an average F-measure of 98% over all testing datasets employed. © 2022 River Publishers.en_US
dc.description.sponsorshipNatural Sciences and Engineering Research Council of Canada, NSERCen_US
dc.description.sponsorshipThis research was in part enabled by the support of NSERC. The first author gratefully acknowledges the support by the Study in Canada Scholarship. The research is conducted as part of the Dalhousie NIMS Lab at: https://projects .cs.dal.ca/projectx/.en_US
dc.description.sponsorshipThis research was in part enabled by the support of NSERC. The first author gratefully acknowledges the support by the Study in Canada Scholarship. The research is conducted as part of the Dalhousie NIMS Lab at: https://projects.cs.dal.ca/projectx/.en_US
dc.language.isoenen_US
dc.publisherRiver Publishersen_US
dc.relation.ispartofJournal of Cyber Security and Mobilityen_US
dc.rightsinfo:eu-repo/semantics/openAccessen_US
dc.subjectCybersecurityen_US
dc.subjectDNS over HTTPSen_US
dc.subjectEntropyen_US
dc.subjectmachine learningen_US
dc.subjecttunneling attacksen_US
dc.subjectClassification (of information)en_US
dc.subjectCryptographyen_US
dc.subjectCybersecurityen_US
dc.subjectDecision treesen_US
dc.subjectFeature extractionen_US
dc.subjectHTTPen_US
dc.subjectInternet protocolsen_US
dc.subjectAutomatically generateden_US
dc.subjectCyber securityen_US
dc.subjectDNS over HTTPSen_US
dc.subjectFlow entropyen_US
dc.subjectFlow featuresen_US
dc.subjectMachine-learningen_US
dc.subjectMalicious behavioren_US
dc.subjectNetworks flowsen_US
dc.subjectStatistical featuresen_US
dc.subjectTunnelling attacksen_US
dc.subjectEntropyen_US
dc.titleCan We Detect Malicious Behaviours in Encrypted DNS Tunnels Using Network Flow Entropy?en_US
dc.typeArticleen_US
dc.identifier.doi10.13052/jcsm2245-1439.1135-
dc.identifier.scopus2-s2.0-85139182494en_US
dc.authorscopusid57226890554-
dc.authorscopusid55575855800-
dc.identifier.volume11en_US
dc.identifier.issue3en_US
dc.identifier.startpage461en_US
dc.identifier.endpage495en_US
dc.relation.publicationcategoryMakale - Uluslararası Hakemli Dergi - Kurum Öğretim Elemanıen_US
dc.identifier.scopusqualityQ3-
dc.identifier.wosqualityN/A-
item.openairetypeArticle-
item.cerifentitytypePublications-
item.grantfulltextopen-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.fulltextWith Fulltext-
item.languageiso639-1en-
Appears in Collections:Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection
Files in This Item:
File SizeFormat 
2774.pdf1.38 MBAdobe PDFView/Open
Show simple item record



CORE Recommender

Page view(s)

66
checked on Nov 25, 2024

Download(s)

48
checked on Nov 25, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.