Please use this identifier to cite or link to this item: https://hdl.handle.net/20.500.14365/3693
Title: Can We Detect Malicious Behaviours in Encrypted DNS Tunnels Using Network Flow Entropy?
Authors: Khodjaeva Y.
Zincir-Heywood N.
Zincir I.
Keywords: Cybersecurity
DNS over HTTPS
Entropy
machine learning
tunneling attacks
Classification (of information)
Cryptography
Cybersecurity
Decision trees
Feature extraction
HTTP
Internet protocols
Automatically generated
Cyber security
DNS over HTTPS
Flow entropy
Flow features
Machine-learning
Malicious behavior
Networks flows
Statistical features
Tunnelling attacks
Entropy
Publisher: River Publishers
Abstract: This paper explores the concept of entropy of a flow to augment flow statistical features for encrypted DNS tunnelling detection, specifically DNS over HTTPS traffic. To achieve this, the use of flow exporters, namely Argus, DoHlyzer and Tranalyzer2 are studied. Statistical flow features automatically generated by the aforementioned tools are then augmented with the flow entropy. In this work, flow entropy is calculated using three different techniques: (i) entropy over all packets of a flow, (ii) entropy over the first 96 bytes of a flow, and (iii) entropy over the first n-packets of a flow. These features are provided as input to ML classifiers to detect malicious behaviours over four publicly available datasets. This model is optimized using TPOT-AutoML system, where the Random Forest classifier provided the best performance achieving an average F-measure of 98% over all testing datasets employed. © 2022 River Publishers.
URI: https://doi.org/10.13052/jcsm2245-1439.1135
https://hdl.handle.net/20.500.14365/3693
ISSN: 2245-1439
Appears in Collections:Scopus İndeksli Yayınlar Koleksiyonu / Scopus Indexed Publications Collection

Files in This Item:
File SizeFormat 
2774.pdf1.38 MBAdobe PDFView/Open
Show full item record



CORE Recommender

Page view(s)

66
checked on Nov 25, 2024

Download(s)

48
checked on Nov 25, 2024

Google ScholarTM

Check




Altmetric


Items in GCRIS Repository are protected by copyright, with all rights reserved, unless otherwise indicated.