%0 Journal Article
%T 基于子域上下文关系的DNS隐蔽信道检测方法<br>Toward DNS-Based Covert Channel Detection Using Subdomain Context Relation
%A 王杉杉
%A 杜飞
%J Computer Science and Application
%P 1823-1833
%@ 2161-881X
%D 2021
%I Hans Publishing
%R 10.12677/CSA.2021.116187
%X <div style=\"text-align:justify;\">
	<span style=\"font-size:14px;\">目前，攻击者进行私密信息传输、信息泄露、恶意信息传播等活动的主要手段之一是使用DNS协议作为隐蔽信道，特别是在僵尸网络和匿名通信网络中。为此，提出一种基于子域上下文关系的DNS隐蔽信道检测方法，该方法不仅提取了请求应答时间间隔、请求/应答报文大小、子域熵值以及资源记录类型频率等基础异常流量统计特征，同时对子域内容本身及其上下文关系进行了特征学习和提取。实验结果表明，该方法获得了99%以上的精度和召回率，具有很好的检测性能。<br />
At present, one of the main means for attackers to conduct private information transmission, information leakage, malicious information dissemination and other activities is to use the DNS protocol as a covert channel, especially in botnets and anonymous communication networks. To this end, a DNS covert channel detection method based on sub-domain context is proposed. This method not only extracts the basic anomaly traffic statistics such as request response time interval, request/response message size, sub-domain entropy value and resource record type frequency. At the same time, the sub-domain content itself and its context relationship are characterized and extracted. The experimental results show that the method achieves more than 99% accuracy and recall rate, and has good detection performance.</span> 
</div>
%K DNS隐蔽信道，流量特征分析<br>DNS Covert Channel
%K Traffic Feature Analysis
%U http://www.hanspub.org/journal/PaperInformation.aspx?PaperID=43542