see detect_dns_tunneling.c
Mainly I used following techniques:
- unigram and its frequency
- Normal Distribution
- run
./build-and-test.sh
to evaluate detection accuracy - run
python plot_roc_chart.py
to generate ROC chart
See build-and-test.sh
for detail.
Collected FQDNs from VirusTotal. Domains are in opendns/public-domain-lists.
To hide leaked information, these encode are uesed. DNS tunnneling FDQNs are genereted based on PDF and Text Files.
Not so bad. See C source code for more information.
- C92 - TomoriNao Vol.1 (Dojinshi), the Chapter I (@K_atc) wrote
- Written in Japanese and not free access. Sorry!