Não informado.
Não informado.
DNS tunneling uses DNS protocol features to establish command and control channels, thus being possibly exploited as a malicious tool for data exfiltration. Nowadays, security threats using DNS tunneling affect cross-platform systems within local and cloud computing resources. Many DNS tunnel detection studies combine feature extraction techniques and machine learning (ML) algorithms to achieve high levels of accuracy. However, training ML models on a large scale and in real-time, remains an operational challenge and high computational cost for many institutions. This article proposes a methodology for DNS tunneling detection through hybrid resource collections using unsupervised anomaly detection algorithms. The proposed model has an operational approach and can be adapted to compose security control systems in organizations.