DNS covert tunnel detection method based on deep learning

A deep learning and covert channel technology, applied in the field of network security, can solve the problems of inability to automatically learn abstract features and low efficiency, and achieve the effects of reducing labor costs, high application value, and improving efficiency

Inactive Publication Date: 2019-08-20
STATE GRID INFORMATION & TELECOMM GRP +2
View PDF5 Cites 15 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0002] DNS covert tunnel is one of many covert channels. Since most firewalls, intrusion detection systems, and intrusion prevention systems rarely detect DNS traffic, this provides conditions for DNS to be used as a covert channel. Currently, DNS covert channels Detection tools such as iodine, dnscat2, and dns2tcp need to manually sort out rules and update the rule base. Some DNS covert tunnel detection models that use traditional machine learning such as clustering and classification can reduce labor costs but cannot automatically learn abstract features. The efficiency is low, and some data still needs to be processed manually

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS covert tunnel detection method based on deep learning

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be described in further detail below in conjunction with specific embodiments and with reference to the accompanying drawings.

[0025] The DNS channel is a type of covert channel, and data transmission is performed by encapsulating other protocols in the DNS protocol. Since most firewalls and intrusion detection devices seldom filter DNS traffic, this provides conditions for DNS to be used as a covert channel, so that it can be used to achieve operations such as remote control and file transfer. DNS covert channels are also often used in botnets and APTs. play an important role in the attack.

[0026] DNS covert channels can be divided into two modes: direct connection and relay. Direct connection means that the Client directly connects to the designated target DNS Server (authorized NS server), and communicates by encapsulating data encoding in ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DNS covert tunnel detection method based on deep learning, and the method is characterized in that the method comprises the steps: employing a tcpdump to capture DNS messagestransmitted and received by a DNS covert channel tool iodine, and obtaining a black sample; capturing the internal DNS flow by using tcpdump to obtain a white sample; converting the black sample andthe white sample into files which can be identified by a deep learning detection algorithm; performing random sampling on the recognizable file to obtain sampling data; training a convolutional neuralnetwork by using 80% of the sampling data, and carrying out model verification on the convolutional neural network by using the remaining 20% of the sampling data to generate a preliminary model; testing the preliminary model by using a DNS sample with a hidden channel attack, and generating a stable detection model after an expected effect is achieved; and detecting the DNS covert tunnel by using the detection model.

Description

technical field [0001] The invention relates to the field of network security, in particular to a deep learning-based DNS covert tunnel detection method. Background technique [0002] DNS covert tunnel is one of many covert channels. Since most firewalls, intrusion detection systems, and intrusion prevention systems rarely detect DNS traffic, this provides conditions for DNS to be used as a covert tunnel. Currently, DNS covert channels Detection tools such as iodine, dnscat2, and dns2tcp need to manually sort out rules and update the rule base. Some DNS covert tunnel detection models that use traditional machine learning such as clustering and classification can reduce labor costs but cannot automatically learn abstract features. The efficiency is low, and some data still needs to be processed manually. Contents of the invention [0003] In view of this, the object of the present invention is to propose a method for detecting DNS covert tunnels that saves labor costs and ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/12H04L29/06H04L12/24G06N3/04
CPCH04L63/1408H04L41/145H04L63/1416H04L61/4511G06N3/045
Inventor 陈春霖许勇刚李祉岐王利斌刘晓蕾宋洁焦腾王杨霍钰冯磊
Owner STATE GRID INFORMATION & TELECOMM GRP
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap