Classification of DNS Queries for Anomaly Detection
暂无分享,去创建一个
We propose a new method that uses a neural network, the Growing Hierarchical Self-Organizing Map (GHSOM), to analyze the DNS query log files. Due to the structure of the DNS query frequency, infected computers are easy to detect. Our experiment shows the different DNS query structure between healthy and infected computers.
[1] Gilles Berger-Sabbatel,et al. Classification of Malware Network Activity , 2012, MCSS.
[2] Andreas Rauber,et al. The growing hierarchical self-organizing map: exploratory analysis of high-dimensional data , 2002, IEEE Trans. Neural Networks.
[3] Vincent Nicomette,et al. A Clustering Approach for Web Vulnerabilities Detection , 2011, 2011 IEEE 17th Pacific Rim International Symposium on Dependable Computing.