Data di Pubblicazione:
2014
Abstract:
The use of covert-channel methods to bypass security policies has increasing in the last years. Malicious users neutralize security restriction encapsulating protocols like peer-to-peer, chat or http proxy into other allowed protocols like DNS or HTTP. This paper illustrates different approaches to detect one particular covert channel technique: DNS tunneling.
Results from experiments conducted on a live network are obtained by replicating individual detections over successive samples over time and making a global decision through a majority voting scheme. The technique overcomes traditional classifier limitations. A performance evaluation shows the best approach to reach good results by resorting to a unique classification scheme, applicable in the presence of different tunnelled applications.
Results from experiments conducted on a live network are obtained by replicating individual detections over successive samples over time and making a global decision through a majority voting scheme. The technique overcomes traditional classifier limitations. A performance evaluation shows the best approach to reach good results by resorting to a unique classification scheme, applicable in the presence of different tunnelled applications.
Tipologia CRIS:
01.01 Articolo in rivista
Elenco autori:
Papaleo, Gianluca; Aiello, Maurizio; Mongelli, Maurizio
Link alla scheda completa:
Pubblicato in: