Identification of DNS Covert Channel Based on Stacking Method

World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering Pub Date : 2021-01-01 DOI:10.17706/ijcce.2021.10.2.37-51

Peng Yang, Xinxin Wan, Guangye Shi, Hao Qu, Juan Li, Lixin Yang

{"title":"Identification of DNS Covert Channel Based on Stacking Method","authors":"Peng Yang, Xinxin Wan, Guangye Shi, Hao Qu, Juan Li, Lixin Yang","doi":"10.17706/ijcce.2021.10.2.37-51","DOIUrl":null,"url":null,"abstract":"A covert channel is an information channel which is used by computer process to exfiltrate data through bypassing security policies. The domain name system (DNS) protocol is one of the important ways to implement a covert channel. DNS covert channels are easily used by attackers for malicious purposes. Therefore, an effective detection of the DNS covert channels is significant for computer system and network security. Aiming at the difficulty of the DNS covert channel identification, we propose a DNS covert channel detection method based on stacking model. The stacking model is evaluated in a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively. Besides, it can also identify unknown covert channel traffic. The area under the curve (AUC) of the proposed method, reaching 0.9901, outperforms the existed methods.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/ijcce.2021.10.2.37-51","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

A covert channel is an information channel which is used by computer process to exfiltrate data through bypassing security policies. The domain name system (DNS) protocol is one of the important ways to implement a covert channel. DNS covert channels are easily used by attackers for malicious purposes. Therefore, an effective detection of the DNS covert channels is significant for computer system and network security. Aiming at the difficulty of the DNS covert channel identification, we propose a DNS covert channel detection method based on stacking model. The stacking model is evaluated in a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively. Besides, it can also identify unknown covert channel traffic. The area under the curve (AUC) of the proposed method, reaching 0.9901, outperforms the existed methods.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

基于叠加法的DNS隐蔽通道识别

隐蔽通道是计算机进程用来绕过安全策略泄露数据的一种信息通道。域名系统(DNS)协议是实现隐蔽通道的重要途径之一。DNS隐蔽通道很容易被攻击者用于恶意目的。因此，有效检测DNS隐蔽通道对计算机系统和网络安全具有重要意义。针对DNS隐蔽通道识别的难点，提出了一种基于叠加模型的DNS隐蔽通道检测方法。在一个校园网中对堆叠模型进行了评估，实验结果表明，基于堆叠模型的检测可以有效地检测到DNS隐蔽通道。此外，它还可以识别未知的隐蔽信道业务。该方法的曲线下面积(AUC)达到0.9901，优于现有方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering

自引率

0.00%

发文量