摘要
A covert channel is an information channel that is used by the computer process to exfiltrate data through bypassing security policies.The DNS protocol is one of the important ways to implement a covert channel.DNS covert channels are easily used by attackers for malicious purposes.Therefore,an effective detection approach of the DNS covert channels is significant for computer systems and network securities.Aiming at the difficulty of the DNS covert channel identification,we propose a DNS covert channel detection method based on a stacking model.The stacking model is evaluated on a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively.Besides,it can identify unknown covert channel traffic.The area under the curve(AUC)of the proposed method reaches 0.9901,which outperforms existing detection methods.
基金
National Key Research and Development Project(2016QY04W0901)and(2016QY04W0903).