Time series deinterleaving of DNS traffic

Amir Asiaee T, Hardik Goel, Shalini Ghosh, Vinod Yegneswaran, Arindam Banerjee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Stream deinterleaving is an important problem with various applications in the cybersecurity domain. In this paper, we consider the specific problem of deinterleaving DNS data streams using machine-learning techniques, with the objective of automating the extraction of malware domain sequences. We first develop a generative model for user request generation and DNS stream interleaving. Based on these we evaluate various inference strategies for deinterleaving including augmented HMMs and LSTMs on synthetic datasets. Our results demonstrate that state-of-the-art LSTMs outperform more traditional augmented HMMs in this application domain.

Original languageEnglish (US)
Title of host publicationProceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages103-108
Number of pages6
ISBN (Print)9780769563497
DOIs
StatePublished - Aug 2 2018
Event2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018 - San Francisco, United States
Duration: May 24 2018 → …

Publication series

NameProceedings - 2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018

Other

Other2018 IEEE Symposium on Security and Privacy Workshops, SPW 2018
CountryUnited States
CitySan Francisco
Period5/24/18 → …

Bibliographical note

Funding Information:
The work was supported in part by NSF grants CNS- 1314560, IIS-1447566, IIS-1447574, IIS-1422557, CCF- 1451986, and IIS-1563950. SG and VY acknowledge partial support from NSF Grant CNS-1314956 and CNS-1514503.

Keywords

  • DNS
  • Deinterleaving
  • LSTM
  • Malicious domain detection

Fingerprint Dive into the research topics of 'Time series deinterleaving of DNS traffic'. Together they form a unique fingerprint.

Cite this