DNS covert channel detection method based on neural network

A neural network and covert channel technology, applied in the field of covert channel detection, can solve problems such as lack of basis, unsatisfactory effect, and too simple method, and achieve the effects of reducing training time, improving accuracy, and reducing false alarm rate

Pending Publication Date: 2019-02-05
信联科技(南京)有限公司
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The method is too simple, lacks mor

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS covert channel detection method based on neural network
  • DNS covert channel detection method based on neural network
  • DNS covert channel detection method based on neural network

Examples

Experimental program
Comparison scheme
Effect test

Example Embodiment

[0029] The present invention will be further explained below in conjunction with the drawings:

[0030] Such as figure 1 Shown: The present invention includes the following steps:

[0031] S1: Process the collected domain name samples, including classifying, extracting second-level domain names and generating word vectors, etc., to obtain training samples that can be used to train neural networks;

[0032] S2: Use the trained neural network model to identify the domain name to be detected. If the probability that the domain name given by the neural network has a DNS covert channel exceeds the preset threshold, it will be marked as a suspicious domain name;

[0033] S3: For a suspicious domain name, use the whois query module to query the first-level domain name, and judge whether it is legal based on the registration time and other information;

[0034] S4: After the suspicious domain name is output from the whois query module, a correct label is obtained. If the label is different from...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a DNS covert channel detection method based on a neural network. The deep learning is applied to the technical field of DNS covert channel detection, the accuracy of the existing DNS covert channel detection method is improved, the false alarm rate of the existing DNS covert channel detection method is reduced, numeric features are combined with character features for use toshorten the model training time and to improve the accuracy rate, a suspicious domain name is queried by whois, whether the domain name is legal is automatically judged according to rules, and the domain name that does not conform to a neural network prediction result is used for retraining the neural network to form a loop so as to continuously improve the neural network.

Description

technical field [0001] The invention relates to the technical field of covert channel detection methods, in particular to a neural network-based DNS covert channel detection method. Background technique [0002] The DNS domain name system plays a vital role in the operation of the Internet today. It provides a two-way mapping service between domain names and IP addresses. You need to remember a relatively meaningful domain name. Because DNS is essential in network communication, few firewalls and intrusion detection systems will filter DNS traffic, which provides conditions for hackers to use DNS to attack. [0003] DNS Tunneling is a kind of covert channel, which establishes communication by encapsulating other protocols in the DNS protocol for transmission. Hackers can use it to achieve operations such as remote control and file transfer. Now more and more research proves that DNS covert channels also often play an important role in botnet and APT attacks. DNS covert c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12G06N3/04
CPCH04L63/1425G06N3/04H04L61/4511
Inventor 林冠洲吴博
Owner 信联科技(南京)有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap