HUSCAP logo Hokkaido Univ. logo
Hokkaido University | Library | HUSCAP
Advanced Search
Home
About HUSCAP
Open Access Policy
 
Browse by Author
 
Browse
Communities
& Collections
 
Scholarly Journals
Theses
Doctoral Dissertations
Listed by Graduate Schools
Conference Procs.
Events
 
HUSCAP Senior
(in Japanese)
 
Societies
 
Downloads (country)
 
For university staff
How to post your
papers to HUSCAP
Publication of theses
Helpline about
theses publication
 
Open Archives Compliant
 
You can search
our collection
also at:
Google
Google Scholar
CiNii
IRDB
OAIster
NDLTD
 

Hokkaido University Collection of Scholarly and Academic Papers >
Information Initiative Center >
Peer-reviewed Journal Articles, etc >

Malicious DNS Tunnel Tool Recognition using Persistent DoH Traffic Analysis

Files in This Item:
paper_IEEE_TNSM_20221016.pdf4.95 MBPDFView/Open
Please use this identifier to cite or link to this item:http://hdl.handle.net/2115/87440
Related Items in HUSCAP:

Title: Malicious DNS Tunnel Tool Recognition using Persistent DoH Traffic Analysis
Authors: Mitsuhashi, Rikima Browse this author
Jin, Yong Browse this author →KAKEN DB
Iida, Katsuyoshi Browse this author →KAKEN DB
Shinagawa, Takahiro Browse this author →KAKEN DB
Takai, Yoshiaki Browse this author →KAKEN DB
Keywords: DNS over HTTPS (DoH)
Network traffic classification
Machine learning methods
Gradient boosting decision tree algorithm
GBDT algorithm
Suspicious DoH traffic
Emerging malicious DNS tunnel tool recognition
CIRA-CICDoHBrw-2020
DoH-Tunnel-Traffic-HKD
Issue Date: 19-Oct-2022
Publisher: IEEE
Journal Title: IEEE Transactions on Network and Service Management
Volume: 20
Issue: 2
Start Page: 2086
End Page: 2095
Publisher DOI: 10.1109/TNSM.2022.3215681
Abstract: DNS over HTTPS (DoH) protocol can mitigate the risk of privacy breaches but makes it difficult to control network security services due to the DNS traffic encryption. However, since malicious DNS tunnel tools for the DoH protocol pose network security threats, network administrators need to recognize malicious communications even after the DNS traffic encryption has become widespread. In this paper, we propose a malicious DNS tunnel tool recognition system using persistent DoH traffic analysis based on machine learning. The proposed system can accomplish continuous knowledge updates for emerging malicious DNS tunnel tools on the machine learning model. The system is based on hierarchical machine learning classification and focuses on DoH traffic analysis. The evaluation results confirm that the proposed system is able to recognize the six malicious DNS tunnel tools in total, not only well-known ones, including dns2tcp, dnscat2, and iodine, but also the emerging ones such as dnstt, tcp-over-dns, and tuns with 98.02% classification accuracy.
Description: Published in: IEEE Transactions on Network and Service Management (Volume:20, Issue:2, June 2023)
Rights: © 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Type: article (author version)
URI: http://hdl.handle.net/2115/87440
Appears in Collections:情報基盤センター (Information Initiative Center) > 雑誌発表論文等 (Peer-reviewed Journal Articles, etc)

Submitter: 飯田 勝吉

Export metadata:

OAI-PMH ( junii2 , jpcoar_1.0 )

MathJax is now OFF:


 
 - Hokkaido University