DNS Tunneling Queries for Binary Classification

Description

Binary dataset provides labeled domain names divided into two categories: 0 - regular domain names, 1 - domain names with tunnels. Multilabel dataset provides domain names divided into five categories: 0 - regular domain names, 1 - dns2tcp, 2 - dnscapy, 3 - iodine, 4 - tuns.

Steps to reproduce

These DNS names are collected through passing a 2MiB file through SSH connection established over DNS tunnel. Regular DNS names where retrieved from OpenDNS respository, Google hosted domains and domains of Content Delivery Networks. The file was created using random generator that uniformly produces letters from English alphabet. The following tools where used to establish DNS tunnels: dns2tcp, dnscapy, iodine, tuns.

Institutions

Categories

Licence