摘要
分析了目前对域名系统(Domain Name System,DNS)隐蔽信道的各种检测方法和DNS隐蔽信道报文与DNS常规报文之间的区别,针对目前的检测方法需要手动设定大量特征和需要区分查询与应答报文的不足,提出了基于卷积神经网络和基于长短期记忆神经网络的两种检测方法。通过对真实校园网DNS流量与黑客工具产生的DNS隐蔽信道流量进行实验,结果表明,两种神经网络方法都能自动对DNS隐蔽信道数据进行提取特征并判别,且检测性能的全面性和准确率相比传统方法有所提升。
Various detection methods for DNS(Domain Name System) covert channels and differences between DNS covert channel messages and DNS regular messages are analyzed. In view of the shortcomings of the the current detection methods that need to manually set a large number of features and need to distinguish between query and response packets, two detection methods based on convolutional neural network and long short-term memory neural network are proposed. Experiments are carried out on the real campus network DNS traffic and the DNS covert channel traffic generated by hacker tools. The results indicate that the two neural network methods can automatically extract features and distinguish DNS covert channel data, and the comprehensiveness and accuracy of detection performance are improved compared with traditional methods.
作者
姜雄
黄文培
JIANG Xiong;HUANG Wenpei(College of Information Science and Technology,Southwest Jiaotong University,Chengdu Sichuan 611756,China)
出处
《通信技术》
2022年第4期506-512,共7页
Communications Technology
关键词
隐蔽信道
域名系统
卷积神经网络
长短期记忆神经网络
covert channel
DNS(Domain Name System)
convolutional neural network
long short-term memory
