Kui Jiang, Fei Wang
Dec 1, 2020
Citations
0
Influential Citations
1
Citations
Journal
2020 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE)
Abstract
DNS (Domain Name System) is an important basic application of the Internet. The network management strategy has less restrictions on DNS protocol, which makes DNS become one of the means for attackers to establish covert channel for malicious activities. Taking the DNS tunnel as research object, through multidimensional analysis, this paper mined the characteristics of DNS tunnel in domain name, packet and traffic dimension, and proposed a DNS tunnel identification method which combined machine learning classification and anomaly detection. The experiments proved that this method has high accuracy and low false rate and it can effectively detect DNS tunnels.