Detecting DNS-based covert channel on live traffic
To propose an effective detection method for DNS-based covert channel,traffic characteristics were thor-oughly studied.12 features were extracted from DNS packets to distinguish covert channels from legitimate DNS queries.Statistical characteristics of these features are used as input of the machine...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2013-05-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.05.017/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841539822600060928 |
|---|---|
| author | Si-yu ZHANG Fu-tai1 ZOU Lu-hua WANG Ming CHEN |
| author_facet | Si-yu ZHANG Fu-tai1 ZOU Lu-hua WANG Ming CHEN |
| author_sort | Si-yu ZHANG |
| collection | DOAJ |
| description | To propose an effective detection method for DNS-based covert channel,traffic characteristics were thor-oughly studied.12 features were extracted from DNS packets to distinguish covert channels from legitimate DNS queries.Statistical characteristics of these features are used as input of the machine learning classifier.Experimental results show that the decision tree model detects all 22 covert channels used in training,and is capable of detecting untrained covert channels.Several DNS tunnels were detected during the evaluation on campus network's live DNS traffic. |
| format | Article |
| id | doaj-art-8f0fd48c64a94b0f90f21defa751c83a |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2013-05-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-8f0fd48c64a94b0f90f21defa751c83a2025-01-14T06:35:21ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2013-05-013414315159672290Detecting DNS-based covert channel on live trafficSi-yu ZHANGFu-tai1 ZOULu-hua WANGMing CHENTo propose an effective detection method for DNS-based covert channel,traffic characteristics were thor-oughly studied.12 features were extracted from DNS packets to distinguish covert channels from legitimate DNS queries.Statistical characteristics of these features are used as input of the machine learning classifier.Experimental results show that the decision tree model detects all 22 covert channels used in training,and is capable of detecting untrained covert channels.Several DNS tunnels were detected during the evaluation on campus network's live DNS traffic.http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.05.017/domain name systemcovert channelintrusion detectionmachine learningnetwork security |
| spellingShingle | Si-yu ZHANG Fu-tai1 ZOU Lu-hua WANG Ming CHEN Detecting DNS-based covert channel on live traffic Tongxin xuebao domain name system covert channel intrusion detection machine learning network security |
| title | Detecting DNS-based covert channel on live traffic |
| title_full | Detecting DNS-based covert channel on live traffic |
| title_fullStr | Detecting DNS-based covert channel on live traffic |
| title_full_unstemmed | Detecting DNS-based covert channel on live traffic |
| title_short | Detecting DNS-based covert channel on live traffic |
| title_sort | detecting dns based covert channel on live traffic |
| topic | domain name system covert channel intrusion detection machine learning network security |
| url | http://www.joconline.com.cn/zh/article/doi/10.3969/j.issn.1000-436x.2013.05.017/ |
| work_keys_str_mv | AT siyuzhang detectingdnsbasedcovertchannelonlivetraffic AT futai1zou detectingdnsbasedcovertchannelonlivetraffic AT luhuawang detectingdnsbasedcovertchannelonlivetraffic AT mingchen detectingdnsbasedcovertchannelonlivetraffic |