The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Tunneling attacks are executed to bypass security policies or leak sensitive data outside of a network. In this paper, we propose an innovative algorithm to profile DNS tunnels. Our approach combines Principal Component Analysis and Mutual Information. The proposed algorithm is validated on a live network. Results show that, under specific conditions, anomalies are correctly characterized through...
The use of covert‐channel methods to bypass security policies has increased considerably in the recent years. Malicious users neutralize security restriction by encapsulating protocols like peer‐to‐peer, chat or http proxy into other allowed protocols like Domain Name Server (DNS) or HTTP. This paper illustrates a machine learning approach to detect one particular covert‐channel technique: DNS tunneling...
Due to their recent appearance and the reduced requirements in terms of network bandwidth, Slow Denial of Service Attacks detection represents a particularly challenging problem. This paper presents a novel detection method, analyzing spectral features of the network traffic over small time horizons. The proposed method has been validated by extrpolating data referred to real traffic traces, elaborated...
This paper addresses the problem of detection of “Slow” Denial of Service attacks. The problem is particularly challenging in virtue of the reduced amount of bandwidth generated by the attacks. A novel detection method is presented, which analyzes specific spectral features of traffic over small time horizons. No packet inspection is required. Extrapolated data refer to real traffic traces, elaborated...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.