Time Series Deinterleaving of DNS Traffic
This work addresses a cybersecurity problem for malware detection, but it is incremental as it applies existing methods to a specific domain.
The paper tackled the problem of deinterleaving DNS traffic to extract malware domain sequences, and found that state-of-the-art LSTMs outperform augmented HMMs in this application.
Stream deinterleaving is an important problem with various applications in the cybersecurity domain. In this paper, we consider the specific problem of deinterleaving DNS data streams using machine-learning techniques, with the objective of automating the extraction of malware domain sequences. We first develop a generative model for user request generation and DNS stream interleaving. Based on these we evaluate various inference strategies for deinterleaving including augmented HMMs and LSTMs on synthetic datasets. Our results demonstrate that state-of-the-art LSTMs outperform more traditional augmented HMMs in this application domain.