| Title: | Detection of Application-Layer Tunnels with Rules and Machine Learning |
| Author(s): | Lin, Huaqing ; Liu, Gao ; Yan, Zheng |
| Date: | 2019-01-01 |
| Language: | en |
| Pages: | 15 441-455 |
| Department: | Xidian University Department of Communications and Networking Department of Communications and Networking |
| ISBN: | 9783030249069 |
| Series: | Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Volume 11611 LNCS |
| ISSN: | 0302-9743 1611-3349 |
| DOI-number: | 10.1007/978-3-030-24907-6_33 |
| Subject: | Theoretical Computer Science, Computer Science(all), 113 Computer and information sciences, 213 Electronic, automation and communications engineering, electronics |
| Keywords: | Application-layer tunnels detection, DGA domain name, Feature extraction, Machine learning, Theoretical Computer Science, Computer Science(all), 113 Computer and information sciences, 213 Electronic, automation and communications engineering, electronics |
|
|
|
|
This publication is imported from Aalto University Research information portal: https://research.aalto.fi
> View this publication in Research information portal > Other link related to publication (Research information portal) |
|
|
Lin , H , Liu , G & Yan , Z 2019 , Detection of Application-Layer Tunnels with Rules and Machine Learning . in R Lu , J Feng , G Wang & M Z A Bhuiyan (eds) , Security, Privacy, and Anonymity in Computation, Communication, and Storage - 12th International Conference, SpaCCS 2019, Proceedings . Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , vol. 11611 LNCS , SPRINGER , pp. 441-455 , International Conference on Security, Privacy, and Anonymity in Computation, Communication, and Storage , Atlanta , United States , 14/07/2019 . https://doi.org/10.1007/978-3-030-24907-6_33 |
|
Abstract:Application-layer tunnels are often used to construct covert channels in order to transmit secret data, which is often applied to raise network threats in recent years. Detection of application-layer tunnels can assist identifying a variety of network threats, thus has high research significance. In this paper, we explore application-layer tunnel detection and propose a generic detection method by applying both rules and machine learning. Our detection method mainly consists of two parts: rule-based domain name filtering for Domain Generation Algorithm (DGA) based on a trigram model and a machine learning model based on our proposed generic feature extraction framework for tunnel detection. The rule-based DGA domain name filtering can eliminate some obvious tunnels in order to reduce the amount of data processed by machine learning-based detection, thereby, the detection efficiency can be improved. The generic feature extraction framework comprehensively integrates previous research results by combining multiple detection methods, supporting multiple layers and performing multiple feature extraction. We take the three most common application-layer tunnels, i.e., DNS tunnel, HTTP tunnel and HTTPS tunnel as examples to analyze and test our detection method. The experimental results show that the proposed method is generic and efficient, compared with other existing approaches.
|
|
|
|
|
|
|
|
Files in this item
| Files | Size | Format | View |
|---|---|---|---|
|
There are no files associated with this item. |
|||
This item appears in the following Collection(s)
Submit a publication
Browse
My Account
Page content by: Aalto University Learning Centre | Privacy policy of the service | About this site