Identification of DNS covert channel based on improved convolutional neural network

Meng ZHANG; Haoliang SUN; Peng YANG

doi:10.11959/j.issn.1000-436x.2020017

您当前的位置：

首页 >

文章列表页 >

Identification of DNS covert channel based on improved convolutional neural network

Correspondences | 更新时间：2024-06-05

- Identification of DNS covert channel based on improved convolutional neural network
- Journal on Communications Vol. 41, Issue 1, Pages: 169-179(2020)
- 作者机构：
  
  1. 中国电子信息产业发展研究院网络安全研究所，北京 100846
  2. 国家计算机网络与信息安全管理中心，北京 100029
- 作者简介：
- 基金信息：
  
  The National Natural Science Foundation of China(61672495)
- DOI：10.11959/j.issn.1000-436x.2020017
  CLC： TP393
- Online First：2020-01，
  
  Published：25 January 2020
- 稿件说明：
移动端阅览
Meng ZHANG, Haoliang SUN, Peng YANG. Identification of DNS covert channel based on improved convolutional neural network[J]. Journal on Communications, 2020, 41(1): 169-179.
DOI：

Meng ZHANG, Haoliang SUN, Peng YANG. Identification of DNS covert channel based on improved convolutional neural network[J]. Journal on Communications, 2020, 41(1): 169-179. DOI： 10.11959/j.issn.1000-436x.2020017.

摘要

为了全面有效地识别DNS隐蔽信道，对多种DNS隐蔽信道软件的实现方式进行了研究，提出了一种基于改进的卷积神经网络的 DNS 隐蔽信道识别方法。基于真实的校园网流量进行了实验，结果表明，所提方法可检测出全部22种数据交互模式的DNS隐蔽信道，并且具有识别未知的DNS隐蔽信道流量的能力。其识别性能的全面性和准确率相较于现有方法有显著提高。

Abstract

In order to effectively identify the multiple types of DNS covert channels

the implementation of different sorts of DNS covert channel software was studied

and a detection based on the improved convolutional neural network was proposed.The experimental results

grounded upon the campus network traffic

show that the detection can identify twenty-two kinds of data interaction modes of DNS covert channels and is able to identify the unknown DNS covert channel traffic.The proposed method outperforms the existing methods.

关键词

Keywords

references

CROTTI M , DUSI M , GRINGOLI F , et al . Detecting HTTP tunnels with statistical mechanisms [C ] // IEEE International Conference on Communications . IEEE , 2007 : 6162 - 6168 .

DUSI M , CROTTI M , GRINGOLI F , et al . Tunnel hunter:detecting application-layer tunnels with statistical fingerprinting [J ] . Computer Networks , 2009 , 53 ( 1 ): 81 - 97 .

CASAS P , MAZEL J , OWEZARSKI P . MINETRAC:mining flows for unsupervised analysis ＆ semi-supervised classification [C ] // The 23rd International Teletraffic Congress . 2011 : 87 - 94 .

MARCHAL S , FRANCIS J , WAGNER C , et al . DNSSM:a large scale passive DNS security monitering framework [J ] . Network Operations＆ Management Symposium IEEE , 2012 , 131 ( 5 ): 988 - 993 .

KARASARIDIS A , MEIER-HELLSTEM K , HOEFLIN D . NIS04-2:detection of DNS anomalies using flow data analysis [C ] // Global Telecommunications Conference . IEEE , 2006 : 1 - 6 .

SHERIDAN S , KEANE A . Detection of DNS based covert channels [C ] // The 14th European Conference on Cyber Warfare and Security (ECCWS) . 2015 : 66 - 77 .

SHAFIEIAN S , SMITH D , ZULKERNINE M . Detecting DNS tunneling using ensemble learning [C ] // International Conference on Network and System Security . 2017 : 112 - 127 .

NUSSBAUM L , NEYRON P , RICHARD O . On robust covert chan-nels inside DNS [J ] . IFIP Advances in Information＆Communication Technology , 2009 , 297 ( 7 ): 51 - 62 .

AIELLO M , MERLO A , PAPALEO G . Performance assessment and analysis of DNS tunneling tools [J ] . Logic Journal of IGPL , 2013 , 21 ( 4 ): 592 - 602 .

NADLER A , AMINOV A , SHABTAI A . Detection of malicious and low throughput data exfiltration over the DNS protocol [J ] . Computer＆ Security , 2019 , 80 ( 10 ): 36 - 53 .

FARNHAM G , ATLASIS A . Detecting DNS tunneling [C ] // SANS Institute InfoSec Reading Room . 2013 : 1 - 32 .

BILGE L , KIRDA E , KRUEGEL C , et al . EXPOSURE:finding malicious domains using passive DNS analysis [C ] // The Network and Distributed System Security Symposium . 2011 : 68 - 82 .

LENCUN Y , BOTTOU L , BENGIO Y . Gradient-based learning applied to document recognition [J ] . Proceedings of the IEEE , 1998 , 862 ( 10 ): 2278 - 2324 .

Views

1613

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

Trajectory reconstruction attacks on differential privacy based on a CNN-BiLSTM-Attention hybrid model

Modulation recognition method based on multiscale convolutional fusion coding networks

Measurement study on the DNS centrality in China

Malicious DNS traffic detection based neural networks

Measurement study on abnormal changes in authoritative resource records of government and educational domains

Related Author

XIE Lixia

ZHAO Erkang

YANG Hongyu

LIU Zheli

ZHAO Yongxin

LI Guojun

ZHU Siyuan

ZHENG Jianzhong

Related Institution

School of Computer Science and Technology, Civil Aviation University of China

School of Safety Science and Engineering, Civil Aviation University of China

College of Cyber Science, Nankai University

School of Computer Science and Engineering, Tianjin University of Technology

School of Optoelectronic Engineering, Chongqing University of Posts and Telecommunications

AI问答

⁰