Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

DNS covert channel detection method based on neural network

A neural network and covert channel technology, applied in the field of covert channel detection, can solve problems such as lack of basis, unsatisfactory effect, and too simple method, and achieve the effects of reducing training time, improving accuracy, and reducing false alarm rate

Pending Publication Date: 2019-02-05
信联科技(南京)有限公司
View PDF0 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The method is too simple, lacks more basis, and the effect is not ideal

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS covert channel detection method based on neural network
  • DNS covert channel detection method based on neural network
  • DNS covert channel detection method based on neural network

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention will be further described below in conjunction with accompanying drawing:

[0030] Such as figure 1 Shown: the present invention comprises the following steps:

[0031] S1: Process the collected domain name samples, including classification, extraction of secondary domain names and generation of word vectors, etc., to obtain training samples that can be used to train neural networks;

[0032] S2: Use the trained neural network model to identify the domain name to be detected. If the probability of the domain name having a DNS covert channel given by the neural network exceeds a preset threshold, mark it as a suspicious domain name;

[0033] S3: For the suspicious domain name, use the whois query module to query its first-level domain name, and judge whether it is legal according to the registration time and other information;

[0034] S4: After the suspicious domain name is output from the whois query module, a correct label is obtained. If the l...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a DNS covert channel detection method based on a neural network. The deep learning is applied to the technical field of DNS covert channel detection, the accuracy of the existing DNS covert channel detection method is improved, the false alarm rate of the existing DNS covert channel detection method is reduced, numeric features are combined with character features for use toshorten the model training time and to improve the accuracy rate, a suspicious domain name is queried by whois, whether the domain name is legal is automatically judged according to rules, and the domain name that does not conform to a neural network prediction result is used for retraining the neural network to form a loop so as to continuously improve the neural network.

Description

technical field [0001] The invention relates to the technical field of covert channel detection methods, in particular to a neural network-based DNS covert channel detection method. Background technique [0002] The DNS domain name system plays a vital role in the operation of the Internet today. It provides a two-way mapping service between domain names and IP addresses. You need to remember a relatively meaningful domain name. Because DNS is essential in network communication, few firewalls and intrusion detection systems will filter DNS traffic, which provides conditions for hackers to use DNS to attack. [0003] DNS Tunneling is a kind of covert channel, which establishes communication by encapsulating other protocols in the DNS protocol for transmission. Hackers can use it to achieve operations such as remote control and file transfer. Now more and more research proves that DNS covert channels also often play an important role in botnet and APT attacks. DNS covert c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/12G06N3/04
CPCH04L63/1425G06N3/04H04L61/4511
Inventor 林冠洲吴博
Owner 信联科技(南京)有限公司
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com