Method and device for identifying type of DNS tunnel upper layer protocol

A technology of DNS tunneling and identification method, which is applied in the field of type identification, and can solve problems such as the inability to accurately identify the type of DNS tunnel upper layer protocol

Inactive Publication Date: 2020-10-09
BEIJING TOPSEC NETWORK SECURITY TECH +2
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The purpose of the embodiment of the present application is to provide a method for identifying the type of the upper layer protocol of the DNS tunnel, which is used to solve the problem that the type of the upper layer protocol used in the DNS tunnel cannot be accurately identified in the prior art. The completed identification model detects DNS tunnel traffic, and can easily and accurately identify the type of upper-layer protocol used in it

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for identifying type of DNS tunnel upper layer protocol
  • Method and device for identifying type of DNS tunnel upper layer protocol
  • Method and device for identifying type of DNS tunnel upper layer protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0044] Various aspects and features of the present application are described herein with reference to the accompanying drawings.

[0045] It should be understood that various modifications may be made to the embodiments claimed herein. Therefore, the above description should not be regarded as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of this application.

[0046] The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the present application and, together with the general description of the application given above and the detailed description of the embodiments given below, serve to explain the advantages of the present application. principle.

[0047] These and other features of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiti...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method and a device for identifying a type of a DNS tunnel upper layer protocol. The method comprises the steps of: acquiring first feature information of a to-be-detected DNS tunnel based on the traffic of the to-be-detected DNS tunnel; and inputting the first feature information into a trained identification model used for detecting the type of an upper layer protocol of the DNS tunnel, so as to determine the type of the upper layer protocol used in DNS tunnel traffic to be detected. According to the method and the device, the identification model for detecting thetype of the upper layer protocol used in the DNS tunnel traffic is obtained through model training, the identification model is used for detecting the DNS tunnel traffic, so that the type of the upperlayer protocol used in the DNS tunnel traffic can be conveniently and accurately determined, and malicious behaviors in the DNS tunnel can be further subjected to evidence collection and analysis.

Description

technical field [0001] The present application relates to the technical field of network security, and in particular, to a method and device for identifying the type of the upper-layer protocol of a DNS tunnel. Background technique [0002] In the network environment, the DNS protocol (Domain Name Server, Domain Name Service Protocol, or Domain Name System, Domain Name Service System Protocol) is one of the essential network communication protocols. In order to access Internet and intranet resources, DNS can provide domain name resolution services. , convert the domain name and IP address. In general, network equipment and border protection equipment rarely filter, analyze or shield DNS data, so hiding data or instructions in DNS protocol for transmission is a hidden and effective network operation behavior. Some illegal attackers may use the above technical principles to avoid firewall detection through DNS tunneling technology. For example, network traffic is disguised as...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/12H04L29/06H04L12/851
CPCH04L47/2483H04L69/22H04L63/1416H04L63/1425H04L61/4511
Inventor 张新
Owner BEIJING TOPSEC NETWORK SECURITY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap