Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification

Mitsuhashi, Rikima; Satoh, Akihiro; Jin, Yong; Iida, Katsuyoshi; Shinagawa, Takahiro; Takai, Yoshiaki

doi:10.1007/978-3-030-91356-4_13


Hokkaido University \| Library \| HUSCAP	Advanced Search		言語

	Home
	About HUSCAP
	Open Access Policy

	Browse by Author

Browse
	Communities & Collections

	Scholarly Journals
	Theses
	Doctoral Dissertations Listed by Graduate Schools
	Conference Procs.
	Events

	HUSCAP Senior (in Japanese)

	Societies

	Downloads (country)

For university staff
	How to post your papers to HUSCAP
	Publication of theses
	Helpline about theses publication

Open Archives Compliant

You can search our collection also at:
	Google
	Google Scholar
	CiNii
	IRDB
	OAIster
	NDLTD

Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >

Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification

Files in This Item:

paper_ISC2021_mitsuhashi_20210913_final.pdf

2.77 MB

PDF

View/Open

Please use this identifier to cite or link to this item:http://hdl.handle.net/2115/87410

Title:	Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification
Authors:	Mitsuhashi, Rikima Browse this author
	Satoh, Akihiro Browse this author →KAKEN DB
	Jin, Yong Browse this author →KAKEN DB
	Iida, Katsuyoshi Browse this author →KAKEN DB
	Shinagawa, Takahiro Browse this author →KAKEN DB
	Takai, Yoshiaki Browse this author →KAKEN DB
Keywords:	DNS over HTTPS (DoH)
	Network traffic classification
	Suspicious DoH traffic
	DNS tunnel
	Malicious DNS tunnel tool identification
Issue Date:	27-Nov-2021
Publisher:	Springer
Citation:	Information Security. ISC 2021
Citation:	Lecture Notes in Computer Science, vol. 13118
Start Page:	238
End Page:	256
Publisher DOI:	10.1007/978-3-030-91356-4_13
Abstract:	Although the DNS over HTTPS (DoH) protocol has desirable properties for Internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining network security, in this paper, we propose a novel system that identifies malicious DNS tunnel tools through a hierarchical classification method that uses machine-learning technology on DoH traffic. We implemented a prototype of the proposed system and evaluated its performance on the CIRA-CIC-DoHBrw-2020 dataset, obtaining 99.81% accuracy in DoH traffic filtering, 99.99% accuracy in suspicious DoH traffic detection, and 97.22% accuracy in identification of malicious DNS tunnel tools.
Description:	24th International Conference on Information Security, ISC 2021, Virtual Event, November 10–12, 2021
Conference Name:	ISC : International Conference on Information Security
Conference Sequence:	24
Type:	proceedings (author version)
URI:	http://hdl.handle.net/2115/87410
Appears in Collections:	情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)

Submitter: 飯田勝吉

OAI-PMH ( junii2 , jpcoar_1.0 )

- Hokkaido University