Title: | Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification |
Authors: | Mitsuhashi, Rikima Browse this author |
Satoh, Akihiro Browse this author →KAKEN DB |
Jin, Yong Browse this author →KAKEN DB |
Iida, Katsuyoshi Browse this author →KAKEN DB |
Shinagawa, Takahiro Browse this author →KAKEN DB |
Takai, Yoshiaki Browse this author →KAKEN DB |
Keywords: | DNS over HTTPS (DoH) |
Network traffic classification |
Suspicious DoH traffic |
DNS tunnel |
Malicious DNS tunnel tool identification |
Issue Date: | 27-Nov-2021 |
Publisher: | Springer |
Citation: | Information Security. ISC 2021 |
Lecture Notes in Computer Science, vol. 13118 |
Start Page: | 238 |
End Page: | 256 |
Publisher DOI: | 10.1007/978-3-030-91356-4_13 |
Abstract: | Although the DNS over HTTPS (DoH) protocol has desirable properties for Internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining network security, in this paper, we propose a novel system that identifies malicious DNS tunnel tools through a hierarchical classification method that uses machine-learning technology on DoH traffic. We implemented a prototype of the proposed system and evaluated its performance on the CIRA-CIC-DoHBrw-2020 dataset, obtaining 99.81% accuracy in DoH traffic filtering, 99.99% accuracy in suspicious DoH traffic detection, and 97.22% accuracy in identification of malicious DNS tunnel tools. |
Description: | 24th International Conference on Information Security, ISC 2021, Virtual Event, November 10–12, 2021 |
Conference Name: | ISC : International Conference on Information Security |
Conference Sequence: | 24 |
Type: | proceedings (author version) |
URI: | http://hdl.handle.net/2115/87410 |
Appears in Collections: | 情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)
|