摘要
为了全面有效地识别DNS隐蔽信道,对多种DNS隐蔽信道软件的实现方式进行了研究,提出了一种基于改进的卷积神经网络的DNS隐蔽信道识别方法。基于真实的校园网流量进行了实验,结果表明,所提方法可检测出全部22种数据交互模式的DNS隐蔽信道,并且具有识别未知的DNS隐蔽信道流量的能力。其识别性能的全面性和准确率相较于现有方法有显著提高。
In order to effectively identify the multiple types of DNS covert channels, the implementation of different sorts of DNS covert channel software was studied, and a detection based on the improved convolutional neural network was proposed. The experimental results, grounded upon the campus network traffic, show that the detection can identify twenty-two kinds of data interaction modes of DNS covert channels and is able to identify the unknown DNS covert channel traffic. The proposed method outperforms the existing methods.
作者
张猛
孙昊良
杨鹏
ZHANG Meng;SUN Haoliang;YANG Peng(Institute of Cyberspace,China Center for Information Industry Development,Beijing 100846,China;National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China)
出处
《通信学报》
EI
CSCD
北大核心
2020年第1期169-179,共11页
Journal on Communications
基金
国家自然科学基金资助项目(No.61672495)~~
关键词
隐蔽信道
域名系统
卷积神经网络
covert channel
domain name system
convolutional neural network
