| Presentation | 2020-03-10 Research on DNS tunnel detection by machine learning using appearance characters Tetsuya Asakura, Takeo Tatsumi, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | In this study, we considered an implementation a detection technique of DNS tunnel. This detection techniqe is likely to can detect abnormal DNS query string by machine learning (unsupervised learning) character string of normal domain name. Therefore we tested and experimented an implementation evaluation program for real environment. Using machine learning algorithm (One-Class SVM) of Python 3 and scikit-learn, we made a program for evaluation, and tested in real environment. In implementation test, we deployed an evaluation program in PC of real environment, and confirmed to normal it. While to runed evaluation program, we got DNS query for DNS packets. We discussed the implementation test, experiment, and results. In this study, we confirmed that the machine learning model in evaluation program, enable normal detection greater than 97 percent. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | DNS Tunnel / DNS Tunneling / Machine learning / Unsupervised learning / One-Class SVM / Domain Name / Internationalized Domain Name |
| Paper # | IT2019-103,ISEC2019-99,WBS2019-52 |
| Date of Issue | 2020-03-03 (IT, ISEC, WBS) |
| Conference Information | |
| Committee | ISEC / IT / WBS |
|---|---|
| Conference Date | 2020/3/10(2days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | University of Hyogo |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | joint meeting of IT, ISEC, and WBS |
| Chair | Shiho Moriai(NICT) / Jun Muramatsu(NTT) / Minoru Okada(NAIST) |
| Vice Chair | Shoichi Hirose(Univ. of Fukui) / Tetsuya Izu(Fujitsu Labs.) / Tadashi Wadayama(Nagoya Inst. of Tech.) / Koji Ohuchi(Shizuoka Univ.) / Kenichi Takizawa(NICT) |
| Secretary | Shoichi Hirose(NICT) / Tetsuya Izu(Tsukuba Univ.) / Tadashi Wadayama(Saga Univ.) / Koji Ohuchi(Nagano Pref Inst. of Tech.) / Kenichi Takizawa(Kanagawa Univ.) |
| Assistant | Dai Yamamoto(Fujitsu Labs.) / Yuuji Suga(IIJ) / Hideki Yagi(UEC) / Duong Quang Thang(NAIST) / Masafumi Moriyama(NICT) |
| Paper Information | |
| Registration To | Technical Committee on Information Security / Technical Committee on Information Theory / Technical Committee on Wideband System |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Research on DNS tunnel detection by machine learning using appearance characters |
| Sub Title (in English) | Consideration of implementation of evaluation program |
| Keyword(1) | DNS Tunnel |
| Keyword(2) | DNS Tunneling |
| Keyword(3) | Machine learning |
| Keyword(4) | Unsupervised learning |
| Keyword(5) | One-Class SVM |
| Keyword(6) | Domain Name |
| Keyword(7) | Internationalized Domain Name |
| 1st Author's Name | Tetsuya Asakura |
| 1st Author's Affiliation | The Open University of Japan(OUJ) |
| 2nd Author's Name | Takeo Tatsumi |
| 2nd Author's Affiliation | The Open University of Japan(OUJ) |
| Date | 2020-03-10 |
| Paper # | IT2019-103,ISEC2019-99,WBS2019-52 |
| Volume (vol) | vol.119 |
| Number (no) | IT-473,ISEC-474,WBS-475 |
| Page | pp.pp.87-94(IT), pp.87-94(ISEC), pp.87-94(WBS), |
| #Pages | 8 |
| Date of Issue | 2020-03-03 (IT, ISEC, WBS) |