DNS protocol covert channel detection method based on random forest

A random forest, covert channel technology, applied in the field of network security analysis, can solve problems such as data leakage

Inactive Publication Date: 2019-12-24
成都蓝盾网信科技有限公司
View PDF7 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Malicious software bypasses network security policies between the client and server, and ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • DNS protocol covert channel detection method based on random forest
  • DNS protocol covert channel detection method based on random forest
  • DNS protocol covert channel detection method based on random forest

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0020] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some of the embodiments of the present invention, not all of them. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0021] Step 1: In a normal network environment, use the traffic collection device to obtain the full amount of DNS packet traffic within a time period, mark it as a normal sample, and store it in hdfs;

[0022] Step 2: Use the tunneling tool to communicate, and obtain the DNS message traffic within the time period through the traffic collection device, mark it as an abnormal sample, and store it in hdfs;

[0023] Step 3: Integrate the data obtained in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a DNS protocol covert channel detection method based on a random forest. According to the method, a random forest algorithm in machine learning is used to learn features; according to the method, malicious traffic of a DNS hidden channel can be quickly identified, the DNS hidden channel can be effectively detected, DNS requests and response traffic are analyzed by analyzingthe DNS traffic, feature extraction is performed on common fields for transmitting hidden information, and statistics of normal threshold ranges is performed on features; and then learning normal andabnormal DNS traffic characteristics by using a random forest model, establishing a model, and identifying whether the traffic is abnormal traffic, thereby realizing detection of a hidden channel.

Description

technical field [0001] The invention relates to the field of network security analysis, in particular to a random forest-based DNS protocol covert channel detection method. Background technique [0002] Covert channel is a way to bypass mandatory security mechanism checks and transmit information in violation of system security policies. Covert channels can be divided into two categories: operating system covert channels and network transmission covert channels. The covert channel for data transmission between different hosts in the network environment is called network covert channel. Malicious software bypasses network security policies between the client and server, and uses covert channels to transmit data secretly through legitimate messages, resulting in data leakage. In the field of information security, detecting covert channels is of great significance to improving network security. "Trusted Computer System Evaluation Criteria" (TCSEC) incorporates the restrictio...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/12
CPCH04L63/1416H04L61/4511
Inventor 杨育斌唐乐柯宗贵
Owner 成都蓝盾网信科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap