%A Luz, Júlio F.
%A Araujo-Filho, Paulo Freitas de
%A Arcoverde, Henrique F.
%A Campelo, Divanilson R.
%D 2023
%T Unsupervised SOM-Based Intrusion Detection System for DNS Tunneling Attacks
%K
%X Although the Domain Name System (DNS) is an essential protocol for Internet operation, it may also be used for malicious activities, such as data exfiltration, through the establishment of malicious DNS tunnels. In this paper, we propose an unsupervised intrusion detection system (IDS) for detecting malicious DNS tunneling activities by leveraging self-organizing maps (SOM). Our experimental results show that our proposed solution achieved an F1-score of 0.9460, outperforming similar existing techniques in publicly available datasets, and successfully detected attacks conducted in a corporate network.
%U https://sol.sbc.org.br/index.php/sbseg/article/view/27232
%J Anais do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg)
%0 Journal Article
%R 10.5753/sbseg.2023.233583
%P 516-521%@ 0000-0000
%8 2023-09-18