通信学报
• 技术报告 • 上一篇 下一篇
章思宇1,邹福泰1,王鲁华2,陈铭3
出版日期:
发布日期:
基金资助:
Online:
Published:
摘要: 为提出一种有效检测各类型DNS隐蔽通道的方法,研究了DNS隐蔽通信流量特性,提取可区分合法查询与隐蔽通信的12个数据分组特征,利用机器学习的分类器对其会话统计特性进行判别。实验表明,决策树模型可检测训练中全部22种DNS隐蔽通道,并可识别未经训练的新型隐蔽通道。系统在校园网流量实际部署中成功检出多个DNS隧道的存在。
Abstract: To propose an effective detection method for DNS-based covert channel, traffic characteristics are thoroughly studied. 12 features are extracted from DNS packets to distinguish covert channels from legitimate DNS queries. Statistical characteristics of these features are used as input of the machine learning classifier. Experimental results show that the decision tree model detects all 22 covert channels used in training, and is capable of detecting untrained covert channels. Several DNS tunnels were detected during the evaluation on campus network’s live DNS traffic.
章思宇1,邹福泰1,王鲁华2,陈铭3. 基于DNS的隐蔽通道流量检测[J]. 通信学报.
0 / / 推荐
导出引用管理器 EndNote|Reference Manager|ProCite|BibTeX|RefWorks
链接本文: https://www.infocomm-journal.com/txxb/CN/
https://www.infocomm-journal.com/txxb/CN/Y2013/V34/I5/17