Peng Yang, Xinxin Wan, Guangye Shi, Hao Qu, Juan Li, Lixin Yang
{"title":"Identification of DNS Covert Channel Based on Stacking Method","authors":"Peng Yang, Xinxin Wan, Guangye Shi, Hao Qu, Juan Li, Lixin Yang","doi":"10.17706/ijcce.2021.10.2.37-51","DOIUrl":null,"url":null,"abstract":"A covert channel is an information channel which is used by computer process to exfiltrate data through bypassing security policies. The domain name system (DNS) protocol is one of the important ways to implement a covert channel. DNS covert channels are easily used by attackers for malicious purposes. Therefore, an effective detection of the DNS covert channels is significant for computer system and network security. Aiming at the difficulty of the DNS covert channel identification, we propose a DNS covert channel detection method based on stacking model. The stacking model is evaluated in a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively. Besides, it can also identify unknown covert channel traffic. The area under the curve (AUC) of the proposed method, reaching 0.9901, outperforms the existed methods.","PeriodicalId":23787,"journal":{"name":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","volume":"55 6 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2021-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"World Academy of Science, Engineering and Technology, International Journal of Electrical, Computer, Energetic, Electronic and Communication Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.17706/ijcce.2021.10.2.37-51","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 4
Abstract
A covert channel is an information channel which is used by computer process to exfiltrate data through bypassing security policies. The domain name system (DNS) protocol is one of the important ways to implement a covert channel. DNS covert channels are easily used by attackers for malicious purposes. Therefore, an effective detection of the DNS covert channels is significant for computer system and network security. Aiming at the difficulty of the DNS covert channel identification, we propose a DNS covert channel detection method based on stacking model. The stacking model is evaluated in a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively. Besides, it can also identify unknown covert channel traffic. The area under the curve (AUC) of the proposed method, reaching 0.9901, outperforms the existed methods.