Detecting DNS Threats: A Deep Learning Model to Rule Them All

Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Palau, Franco, Catania, Carlos, Guerra, Jorge, García, Sebastián José, Rigaki, María
Formato: Objeto de conferencia
Lenguaje:Inglés
Publicado: 2019
Materias:
Ciencias Informáticas
Network security
Botnet
Deep Neural Networks
Acceso en línea:http://sedici.unlp.edu.ar/handle/10915/87859
Aporte de:
SEDICI (UNLP) de Universidad Nacional de La Plata
id I19-R120-10915-87859
record_format dspace
institution Universidad Nacional de La Plata
institution_str I-19
repository_str R-120
collection SEDICI (UNLP)
language Inglés
topic Ciencias Informáticas
Network security
Botnet
Deep Neural Networks
spellingShingle Ciencias Informáticas
Network security
Botnet
Deep Neural Networks
Palau, Franco
Catania, Carlos
Guerra, Jorge
García, Sebastián José
Rigaki, María
Detecting DNS Threats: A Deep Learning Model to Rule Them All
topic_facet Ciencias Informáticas
Network security
Botnet
Deep Neural Networks
description Domain Name Service is a central part of Internet regular operation. Such importance has made it a common target of different malicious behaviors such as the application of Domain Generation Algorithms (DGA) for command and control a group of infected computers or Tunneling techniques for bypassing system administrator restrictions. A common detection approach is based on training different models detecting DGA and Tunneling capable of performing a lexicographic discrimination of the domain names. However, since both DGA and Tunneling showed domain names with observable lexicographical differences with normal domains, it is reasonable to apply the same detection approach to both threats. In the present work, we propose a multi-class convolutional network (MC-CNN) capable of detecting both DNS threats. The resulting MC-CNN is able to detect correctly 99% of normal domains, 97% of DGA and 92% of Tunneling, with a False Positive Rate of 2.8%, 0.7% and 0.0015% respectively and the advantage of having 44% fewer trainable parameters than similar models applied to DNS threats detection.
format Objeto de conferencia
Objeto de conferencia
author Palau, Franco
Catania, Carlos
Guerra, Jorge
García, Sebastián José
Rigaki, María
author_facet Palau, Franco
Catania, Carlos
Guerra, Jorge
García, Sebastián José
Rigaki, María
author_sort Palau, Franco
title Detecting DNS Threats: A Deep Learning Model to Rule Them All
title_short Detecting DNS Threats: A Deep Learning Model to Rule Them All
title_full Detecting DNS Threats: A Deep Learning Model to Rule Them All
title_fullStr Detecting DNS Threats: A Deep Learning Model to Rule Them All
title_full_unstemmed Detecting DNS Threats: A Deep Learning Model to Rule Them All
title_sort detecting dns threats: a deep learning model to rule them all
publishDate 2019
url http://sedici.unlp.edu.ar/handle/10915/87859
work_keys_str_mv AT palaufranco detectingdnsthreatsadeeplearningmodeltorulethemall
AT cataniacarlos detectingdnsthreatsadeeplearningmodeltorulethemall
AT guerrajorge detectingdnsthreatsadeeplearningmodeltorulethemall
AT garciasebastianjose detectingdnsthreatsadeeplearningmodeltorulethemall
AT rigakimaria detectingdnsthreatsadeeplearningmodeltorulethemall
bdutipo_str Repositorios
_version_ 1764820489448980481

Ejemplares similares