Feature transformation and Mutual Information for DNS tunneling analysis

Conference Paper

Publication Date:

2016

abstract:

Tunneling attacks are executed to bypass security policies or leak sensitive data outside of a network. In this paper, we propose an innovative algorithm to profile DNS tunnels. Our approach combines Principal Component Analysis and Mutual Information. The proposed algorithm is validated on a live network. Results show that, under specific conditions, anomalies are correctly characterized through the proposed method. Other cases require instead further investigation.

Iris type:

04.01 Contributo in Atti di convegno

Keywords:

List of contributors:

Cambiaso, Enrico; Aiello, Maurizio; Mongelli, Maurizio; Papaleo, Gianluca

Authors of the University:

AIELLO MAURIZIO

CAMBIASO ENRICO

MONGELLI MAURIZIO

Handle:

https://iris.cnr.it/handle/20.500.14243/314007

Overview

URL

http://www.scopus.com/inward/record.url?eid=2-s2.0-84983292935&partnerID=q2rCbXpz

Feature transformation and Mutual Information for DNS tunneling analysis

Cambiaso, Enrico; Aiello, Maurizio; Mongelli, Maurizio; Papaleo, Gianluca

Overview

URL