{"title":"一种不需要特征工程的高精度DNS隧道检测方法","authors":"Yang Chen, Xiaoyong Li","doi":"10.1109/CIS52066.2020.00086","DOIUrl":null,"url":null,"abstract":"Domain Name System (DNS) is a key protocol and service used on the Internet. It is responsible for converting domain names into IP addresses. DNS tunnel is a method of encoding data of other programs or protocols in DNS query and response. Previous studies usually need to extract a large number of features manually and train the classifier of DNS tunnel detection by feature engineering. In this paper, a new framework for DNS tunnel detection is proposed, which can automatically extract features, including long short-term memory (LSTM) language model with attention mechanism and gated recurrent unit (GRU) language model with attention mechanism. Finally, a single-level classifier based on a character-level convolutional neural network (Char-CNN) is proposed. The results show that the LSTM and GRU language models based on attention mechanism and the algorithm of character-level convolution neural network achieve high accuracy and near-zero false positives.","PeriodicalId":106959,"journal":{"name":"2020 16th International Conference on Computational Intelligence and Security (CIS)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2020-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"A High Accuracy DNS Tunnel Detection Method Without Feature Engineering\",\"authors\":\"Yang Chen, Xiaoyong Li\",\"doi\":\"10.1109/CIS52066.2020.00086\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Domain Name System (DNS) is a key protocol and service used on the Internet. It is responsible for converting domain names into IP addresses. DNS tunnel is a method of encoding data of other programs or protocols in DNS query and response. Previous studies usually need to extract a large number of features manually and train the classifier of DNS tunnel detection by feature engineering. In this paper, a new framework for DNS tunnel detection is proposed, which can automatically extract features, including long short-term memory (LSTM) language model with attention mechanism and gated recurrent unit (GRU) language model with attention mechanism. Finally, a single-level classifier based on a character-level convolutional neural network (Char-CNN) is proposed. The results show that the LSTM and GRU language models based on attention mechanism and the algorithm of character-level convolution neural network achieve high accuracy and near-zero false positives.\",\"PeriodicalId\":106959,\"journal\":{\"name\":\"2020 16th International Conference on Computational Intelligence and Security (CIS)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2020 16th International Conference on Computational Intelligence and Security (CIS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CIS52066.2020.00086\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 16th International Conference on Computational Intelligence and Security (CIS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CIS52066.2020.00086","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A High Accuracy DNS Tunnel Detection Method Without Feature Engineering
Domain Name System (DNS) is a key protocol and service used on the Internet. It is responsible for converting domain names into IP addresses. DNS tunnel is a method of encoding data of other programs or protocols in DNS query and response. Previous studies usually need to extract a large number of features manually and train the classifier of DNS tunnel detection by feature engineering. In this paper, a new framework for DNS tunnel detection is proposed, which can automatically extract features, including long short-term memory (LSTM) language model with attention mechanism and gated recurrent unit (GRU) language model with attention mechanism. Finally, a single-level classifier based on a character-level convolutional neural network (Char-CNN) is proposed. The results show that the LSTM and GRU language models based on attention mechanism and the algorithm of character-level convolution neural network achieve high accuracy and near-zero false positives.