TDAE: Autoencoder-based Automatic Feature Learning Method for the Detection of DNS tunnel

The DNS protocol is one of the most important network infrastructure protocols. The encrypted information based on this protocol will not be intercepted by the firewall, so the attacker uses this vulnerability to pass private data through the establishment of DNS tunnels and avoids the security insp...

Full description

Saved in:
Bibliographic Details
Main Authors: Wu, Kemeng, Zhang, Yongzheng, Yin, Tao
Format: Conference Proceeding
Language:English
Subjects:
Covert channel
Deep learning
Detection
Domain name system
Feature extraction
IP networks
Machine learning
Network security
Neural networks
Protocols
Semi-supervised learning
Training
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The DNS protocol is one of the most important network infrastructure protocols. The encrypted information based on this protocol will not be intercepted by the firewall, so the attacker uses this vulnerability to pass private data through the establishment of DNS tunnels and avoids the security inspection. In order to detect the DNS tunnel conveniently and effectively, we present a novel method that uses Autoencoder to learn latent representation of different datasets. Because the feature is not extracted manually, we show how Autoencoder(AE) can automatically learn the concept of semantic similarity among features of normal traffic. We propose a novel method named TDAE which can detect DNS tunnel traffics using Autoencoder algorithms. To verify the validity of our method, we select a labeled dataset and a public and unlabeled dataset as our training set. The experimental results show that the recall rate can exceed 0.9834 on the labeled dataset and 0.9313 on the SINGH-data [1].
ISSN:1938-1883
DOI:10.1109/ICC40277.2020.9149162