CS240

1.Doing

1.1 Training&&Optimize!

EE,1cSVM,isoForest: (time:sec)

For Test Set: err: 2149 right: 13853 rate 0.8657042869641295 Time: 36.188541412353516
For Test Set: err: 4626 right: 11376 rate 0.7109111361079865 Time: 62.57835841178894
For Test Set: err: 2581 right: 13421 rate 0.8387076615423072 Time: 428.6734094619751

1.2 real-time Detection System!

use Python API to parse DNS.qname

1.3 use Bloom-Filter? to "White List"

dataSource Cisco maybe more in https://hackertarget.com/top-million-site-list-download/

2.To Do

DataMining?

3.Finished

3.1.Feature Generation

Data:

from link

Reference:

from DNS_iFor

Total count of characters in FQDN
Count of characters in sub-domain
count of uppercase characters
count of numerical characters
Entropy
number of labels
maximum label length
average label length

3.2 Modeling

EE OCSVM IF

ultramar1ne/DNS-C2-Detection

CS240

1.Doing

1.1 Training&&Optimize!

1.2 real-time Detection System!

1.3 use Bloom-Filter? to "White List"

2.To Do

3.Finished

3.1.Feature Generation

Data:

Reference:

3.2 Modeling