| Presentation | 2019-11-02 Research on DNS tunnel detection by machine learning using appearance characters Tetsuya Asakura, Takeo Tatsumi, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In this study, as a detection technique of DNS tunnel, it was tried to detect abnormal DNS query string by machine learning (unsupervised learning) character string of normal domain name. Using machine learning algorithm (One-Class SVM) of Python 3 and scikit-learn, we made a program for learning and evaluation, and confirmed it. In the confirmation, the change of each evaluation value was compared on each machine learning model in increasing the learning number. And, the time for learning and evaluation of the machine learning model was measured. We discussed the experiment contents and results. In our study, we confirmed that the machine learning model, which was confirmed by increasing the number of learning, has almost constant accuracy 0.977, precision 0.999, recall 0.958, and f1 score 0.978. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DNS Tunnel / DNS Tunneling / Machine learning / Unsupervised learning / One-Class SVM / Domain Name |
| Paper # | ISEC2019-84,SITE2019-78,LOIS2019-43 |
| Date of Issue | 2019-10-25 (ISEC, SITE, LOIS) |
| Conference Information | |
| Committee | ISEC / SITE / LOIS |
|---|---|
| Conference Date | 2019/11/1(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | Osaka Univ. |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | Shiho Moriai(NICT) / Tetsuya Morizumi(Kanagawa Univ.) / Tomohiro Yamada(NEL) |
| Vice Chair | Shoichi Hirose(Univ. of Fukui) / Tetsuya Izu(Fujitsu Labs.) / Masaru Ogawa(Kobe Gakuin Univ.) / Takushi Otani(Kibi International Univ.) / Toru Kobayashi(Nagasaki Univ.) |
| Secretary | Shoichi Hirose(NICT) / Tetsuya Izu(Tsukuba Univ.) / Masaru Ogawa(Toyo Eiwa Univ.) / Takushi Otani(KDDI Research) / Toru Kobayashi(Research Organization of Information and Systems) |
| Assistant | Dai Yamamoto(Fujitsu Labs.) / Yuuji Suga(IIJ) / Nobuyuki Yoshinaga(Yamaguchi Pref Univ.) / Daisuke Suzuki(Hokuriku Univ.) / Kenichi Arai(Nagasaki Univ.) |
| Paper Information | |
| Registration To | Technical Committee on Information Security / Technical Committee on Social Implications of Technology and Information Ethics / Technical Committee on Life Intelligence and Office Information Systems |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Research on DNS tunnel detection by machine learning using appearance characters |
| Sub Title (in English) | |
| Keyword(1) | DNS Tunnel |
| Keyword(2) | DNS Tunneling |
| Keyword(3) | Machine learning |
| Keyword(4) | Unsupervised learning |
| Keyword(5) | One-Class SVM |
| Keyword(6) | Domain Name |
| 1st Author's Name | Tetsuya Asakura |
| 1st Author's Affiliation | The Open University of Japan(OUJ) |
| 2nd Author's Name | Takeo Tatsumi |
| 2nd Author's Affiliation | The Open University of Japan(OUJ) |
| Date | 2019-11-02 |
| Paper # | ISEC2019-84,SITE2019-78,LOIS2019-43 |
| Volume (vol) | vol.119 |
| Number (no) | ISEC-257,SITE-258,LOIS-259 |
| Page | pp.pp.141-148(ISEC), pp.141-148(SITE), pp.141-148(LOIS), |
| #Pages | 8 |
| Date of Issue | 2019-10-25 (ISEC, SITE, LOIS) |