Abstract
The paper deals with k‐means clustering and logic learning machine (LLM) for the detection of Domain Name Server (DNS) tunneling. As the LLM shows more versatility in rule generation and classification precision with respect to traditional decision trees, the approach reveals to be robust to a large set of system conditions. The detection algorithm is designed to be applied over streaming data, without accurate tuning of algorithms' parameters. An extensive performance evaluation is provided with respect to different tunneling tools and applications; silent intruders are considered. Results show robustness on a test set that exhibits a different behavior from training.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
