Multi-feature fusion DNS hidden tunnel detection method

A technology of multi-feature fusion and DNS server, which is applied in the information field to achieve the effects of reducing manpower and material costs, expanding training data, and improving detection efficiency and effectiveness

Pending Publication Date: 2022-05-31
BEIJING ACT TECH DEV CO LTD
View PDF1 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The core principles of different tools are similar, but there are certain differences in coding, implementation details and target application scenarios

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Multi-feature fusion DNS hidden tunnel detection method
  • Multi-feature fusion DNS hidden tunnel detection method
  • Multi-feature fusion DNS hidden tunnel detection method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0040] see figure 1 , the implementation steps of a multi-feature fusion DNS covert tunnel detection method provided by the present invention include:

[0041] S01 The black sample collector obtains DNS covert tunnel traffic packets through a self-built DNS covert tunnel

[0042] The black sample collector uses two servers and a DNS covert tunnel implementation tool to build a DNS covert tunnel. One of the servers is used as the DNS server to deploy the server end of the DNS covert tunnel implementation tool, and the other server is used as the access terminal of the DNS server to deploy DNS covert The client of the tunnel implementation tool; the DNS server is deployed as a DNS server to resolve a specific domain name, and the specific domain name is only set in the test environment between the two servers, which does not affect the external network environment and is not affected by the external network environment; edit data of any content As the transmission sample data, ...

Embodiment 2

[0065] Newly collected DNS network traffic classification

[0066] 1) Input the newly collected DNS network traffic into the white sample standardization module to obtain the white sample;

[0067] 2) Input the white samples into the fast pre-screening module to filter out the white samples with low probability of becoming black samples;

[0068] 3) Input the white samples with high probability of becoming black samples among the white samples into the neural network model module, and finally classify the input white samples.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a multi-feature fusion DNS hidden tunnel detection method, and relates to the technical field of information. The method comprises the steps that 1) a black sample collector obtains a DNS hidden tunnel flow packet through a self-built DNS hidden tunnel; 2) preprocessing the DNS hidden tunnel traffic packet data by a black sample standardization module, and extracting DNS hidden tunnel traffic packet data features; 3) acquiring a normal DNS request sample by a white sample standardization module; 4) constructing a neural network model module; 5) constructing a rapid pre-screening module by using a white sample; the fast pre-screening module can simply distinguish normal request domain names and tunnel request domain names, the normal request domain names occupying most of the domain names in actual work are efficiently and quickly eliminated, in the aspect of deep learning detection, general rule features and deep domain name text features are combined to be used for DNS hidden tunnel detection, and the detection efficiency is improved. The detection accuracy is improved, and the detection difficulty is reduced.

Description

technical field [0001] The present invention relates to the field of information technology. Background technique [0002] With the continuous development of the Internet, DNS has become an essential service, so general firewalls will not detect and filter DNS traffic. This gives criminals an opportunity to use DNS as a covert channel to realize remote control, file transfer and other operations, which poses a great threat to network security. Detecting and identifying whether there is a DNS covert tunnel can effectively reduce user losses and ensure the health and safety of the network environment. [0003] At present, there are related patents to detect DNS covert tunnels. For example, the patent [CN111786993A] manually designed and extracted DNS request-related features, such as request record type, domain name single label length, various character ratios, etc., and then set multiple thresholds to determine whether DNS tunneling exists. This method is designed with ri...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L41/142H04L41/16H04L61/4511G06K9/62G06N3/04G06N3/08
CPCH04L63/029H04L63/20H04L41/142H04L41/16G06N3/08G06N3/045G06F18/24G06F18/253G06F18/214
Inventor 林飞李鼎易永波古元毛华阳华仲峰
Owner BEIJING ACT TECH DEV CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap