Key points are not available for this paper at this time.
The paper deals with DNS tunneling detection by means of simple supervised learning schemes, applied to statistical features of DNS queries and answers. DNS traffic samples are used by exploiting the content of the entire DNS database, thus avoiding socket-by-socket inspection. Specific attention is devoted to the detection of small portions of malicious data, hidden by regular DNS communication. Second and third level DNS domains are analyzed. Despite the simplicity of the mechanism, good results are obtained by replicating individual detections over successive samples over time and by making a global decision through a majority voting scheme. In this perspective, an empirical trade-off is found between fast and reliable detections.
Aiello et al. (Mon,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: