Back to Search Start Over

Refined identification of hybrid traffic in DNS tunnels based on regression analysis

Authors :
Huiwen Bai
Guangjie Liu
Jiangtao Zhai
Weiwei Liu
Xiaopeng Ji
Luhui Yang
Yuewei Dai
Source :
ETRI Journal, Vol 43, Iss 1, Pp 40-52 (2020)
Publication Year :
2020
Publisher :
Electronics and Telecommunications Research Institute (ETRI), 2020.

Abstract

DNS (Domain Name System) tunnels almost obscure the true network activities of users, which makes it challenging for the gateway or censorship equipment to identify malicious or unpermitted network behaviors. An efficient way to address this problem is to conduct a temporal‐spatial analysis on the tunnel traffic. Nevertheless, current studies on this topic limit the DNS tunnel to those with a single protocol, whereas more than one protocol may be used simultaneously. In this paper, we concentrate on the refined identification of two protocols mixed in a DNS tunnel. A feature set is first derived from DNS query and response flows, which is incorporated with deep neural networks to construct a regression model. We benchmark the proposed method with captured DNS tunnel traffic, the experimental results show that the proposed scheme can achieve identification accuracy of more than 90%. To the best of our knowledge, the proposed scheme is the first to estimate the ratios of two mixed protocols in DNS tunnels.

Details

Language :
English
ISSN :
12256463
Volume :
43
Issue :
1
Database :
Directory of Open Access Journals
Journal :
ETRI Journal
Publication Type :
Academic Journal
Accession number :
edsdoj.36959f9be9d43af9003a29fa5a88cd6
Document Type :
article
Full Text :
https://doi.org/10.4218/etrij.2019-0299