Normal görünüm MARC görünümü ISBD görünümü

DNS TUNNEL DETECTION WITH ARTIFICIAL INTELLIGENCE / GIDEON EBI EYABI; SUPERVISOR: ASST. PROF. DR. DEVRIM SERAL

Yazar:

Eyabi, Gideon Ebi

Dil: İngilizce 2023Tanım: viii, 50 sheets; 31 cm. Includes CDİçerik türü:

text

Ortam türü:

unmediated

Taşıyıcı türü:

volume

Konu(lar):

Tez notu: Thesis (MSc) - Cyprus International University. Institute of Graduate Studies and Research Computer Engineering Department Özet: ABSTRACT The network protocol that translates human-readable names like afraid.com into computational figures like IP addresses that the computer can understand is called DNS. Without DNS, it would be impossible to memorize all the IP addresses of various sites on the internet. In the OSI hierarchy of layers, the DNS appears in the application layer. The DNS uses the UDP and TCP to transmit data. In this paper, the effects of DNS tunneling on corporate networks will be investigated and a possible solution will be approached using artificial intelligence. Basically, this paper will focus on the use of models like K Nearest neighbors, Gaussian Naïve Bias, and the Decision tree Classifiers. These 3 models were chosen due to their individual capabilities. The Nearest K Neighbors is best for its ability to store trained data, and ease the process by letting the algorithm almost bypass the trained dataset phase directly to the testing phase. Thus, when using the K Nearest neighbor as the chosen algorithm and a new test data x is observed, it immediately searches new data in the trained data closest to the data x and gets a prediction. Thus, limiting the phase of training each time new data is presented. Also, Decision tree was used because it has the ability to group similar data in the trained phase as nodes, such that if new data is presented at the test data, it searches prediction based on the closeness of the data to defined node groups. Also, the Gaussian Naïve Bias uses some probability functions to predict future events. Thus, having the knowledge of the trained data B, the Naïve Bias will be able to predict the probability P(A/B). The above algorithms were chosen because they give predictions similar to what is expected in DNS tunnel detection. DNS tunneling various ways through which the tunnels are setup on target systems. One way is through email poisoning, another is through malicious messages and so on. These classifies best fit these scenarios as they are fully equipped for feature predictions based on stored trained data.

Materyal türü:

Thesis

Mevcut ( 2 )
Başlık notları ( 3 )

Mevcut
Materyal türü	Geçerli Kütüphane	Koleksiyon	Yer Numarası	Durum	Notlar	İade tarihi	Barkod	Materyal Ayırtmaları
Thesis	CIU LIBRARY Tez Koleksiyonu	Tez Koleksiyonu	YL 2893 E93 2023 (Rafa gözat(Aşağıda açılır))	Kullanılabilir	Computer Engineering Department		T3276
Suppl. CD	CIU LIBRARY Görsel İşitsel		YL 2893 E93 2023 (Rafa gözat(Aşağıda açılır))	Kullanılabilir	Computer Engineering Department		CDT3276

Toplam ayırtılanlar: 0

Thesis (MSc) - Cyprus International University. Institute of Graduate Studies and Research Computer Engineering Department

Includes bibliography (sheets 49-50)

ABSTRACT
The network protocol that translates human-readable names like afraid.com into
computational figures like IP addresses that the computer can understand is called
DNS. Without DNS, it would be impossible to memorize all the IP addresses of
various sites on the internet. In the OSI hierarchy of layers, the DNS appears in the
application layer. The DNS uses the UDP and TCP to transmit data.
In this paper, the effects of DNS tunneling on corporate networks will be investigated
and a possible solution will be approached using artificial intelligence. Basically, this
paper will focus on the use of models like K Nearest neighbors, Gaussian Naïve Bias,
and the Decision tree Classifiers. These 3 models were chosen due to their individual
capabilities. The Nearest K Neighbors is best for its ability to store trained data, and
ease the process by letting the algorithm almost bypass the trained dataset phase
directly to the testing phase. Thus, when using the K Nearest neighbor as the chosen
algorithm and a new test data x is observed, it immediately searches new data in the
trained data closest to the data x and gets a prediction. Thus, limiting the phase of
training each time new data is presented. Also, Decision tree was used because it has
the ability to group similar data in the trained phase as nodes, such that if new data is
presented at the test data, it searches prediction based on the closeness of the data to
defined node groups. Also, the Gaussian Naïve Bias uses some probability functions
to predict future events. Thus, having the knowledge of the trained data B, the Naïve
Bias will be able to predict the probability P(A/B). The above algorithms were chosen
because they give predictions similar to what is expected in DNS tunnel detection.
DNS tunneling various ways through which the tunnels are setup on target systems.
One way is through email poisoning, another is through malicious messages and so
on. These classifies best fit these scenarios as they are fully equipped for feature
predictions based on stored trained data.

Ayırt
Yazdır
Cihaza gönder
Künyeyi kaydet
BIBTEX Dublin Core ISBD MARCXML MODS (XML) RIS
Başka yerde arama

Bu eser adını şu dizinde arayın:
Other Libraries (WorldCat) Other Databases (Google Scholar) Online Stores (Bookfinder.com) Open Library (openlibrary.org)