Detection method and device of DNS tunnel

A technology of DNS tunneling and detection methods, applied in the Internet field, can solve the problems of low cost performance and achieve the effect of fast detection speed and high accuracy of detection results

Active Publication Date: 2019-03-15
BEIJING QIANXIN TECH
View PDF13 Cites 17 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method can only detect and block the domain names that have been discovered, and there is nothing that can be done for unknown ne

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detection method and device of DNS tunnel
  • Detection method and device of DNS tunnel
  • Detection method and device of DNS tunnel

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0059] The specific embodiments of the present invention will be further described below in conjunction with the accompanying drawings. The following examples are only used to illustrate the technical solution of the present invention more clearly, but not to limit the protection scope of the present invention.

[0060] figure 1 It shows a schematic flowchart of a method for detecting a DNS tunnel provided by an embodiment of the present invention, as shown in figure 1 As shown, the detection method of the DNS tunnel of the present embodiment includes:

[0061] S1. Obtaining domain name system DNS request data, the fields of each DNS request data include: request time, client IP, domain name, primary domain name, request packet size.

[0062] It can be understood that, after obtaining the domain name system DNS request data, the obtained DNS request data may be stored in a local database.

[0063] S2. Using the whitelist, blacklist, graylist and the threat intelligence info...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The embodiment of the invention discloses a detection method and device of a DNS tunnel. The method includes: obtaining domain name system (DNS) request data, wherein fields of each piece of DNS request data include request time, client IP, a domain name, a primary domain name and a request packet size; using a white-list, a black-list, a gray-list and threat intelligence information of the primary domain name in the DNS request data to detect the DNS request data, generating black-list alarming information when the DNS request data are determined as of the DNS tunnel, and generating gray-listalarming information when the DNS request data are determined as of a suspected DNS tunnel; and receiving a confirmation instruction of a user on whether the generated gray-list alarming informationis of misjudgment, and adding the generated gray-list alarming information to the black-list if according to the confirmation instruction, it is determined that the generated gray-list alarming information is not of misjudgment. The embodiment of the invention can realize detection of the DNS tunnel, detection speed is high, and detection result accuracy is high.

Description

technical field [0001] The embodiment of the present invention relates to the technical field of the Internet, and in particular to a DNS tunnel detection method and device. Background technique [0002] In an enterprise intranet environment, the DNS (Domain Name System, Domain Name System) protocol is one of the essential network communication protocols. In order to access Internet and intranet resources, DNS provides domain name resolution services, which link domain names and IP Even protocol) address conversion. Most firewalls and intrusion detection devices basically do not filter, analyze or shield DNS, so hiding data or instructions in the DNS protocol for transmission is a concealed and effective means. In actual scenarios, when an attacker takes over the authority of a certain server, or the server is infected by malware, worms, Trojan horses, etc., through the establishment of DNS tunnels, sensitive information theft, file transfer, return control commands, and re...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12H04L12/24
CPCH04L41/0631H04L63/0236H04L63/0272H04L63/14H04L63/306H04L61/4511
Inventor 陈华立余毅
Owner BEIJING QIANXIN TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap