透過您的圖書館登入 IP:18.188.146.77
透過您的圖書館登入
IP:18.188.146.77
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

使用機器學習模型偵測加密型網域名稱系統中的隧道攻擊

Detection of DNS Tunneling from Encrypted Traffic Using Machine Learning Method

梁淯程(Yu-Cheng Liang)
指導教授 : 雷欽隆
國立臺灣大學/電機資訊學院/電機工程學研究所/碩士(2022年)
https://doi.org/10.6342/NTU202202161
若您是本文的作者,可授權文章由華藝線上圖書館中協助推廣。
未授權

摘要

隨著近年來網際網路犯罪猖獗,人們開始逐漸重視在網際網路上的隱私安全,原以明文進行傳輸的網域名稱系統(DNS)面臨到了是否需要轉型成以密文進行傳輸的問題。雖然使用密文進行傳輸有助於提升DNS的安全性,使得DNS封包免於被竊聽的風險,降低了被攻擊的可能性,同時卻產生了新的問題,攻擊者能夠透過加密型的DNS將惡意的網路行為隱藏於其中,例如DNS隧道攻擊。 在加密型DNS中,以DNS-over-HTTPS(DoH)最具有發展性,本研究旨在探討如何偵測藏匿於DoH中的DNS隧道攻擊。在以明文進行傳輸的DNS中,已經存在許多成熟的方法用於偵測DNS隧道攻擊,然而這些方法大多不適用於在DoH中偵測DNS隧道攻擊。我們在研究中使用了機器學習的技術,透過分析封包的大小以及傳輸的頻率,能夠在短時間內準確地偵測到存在於DoH中的DNS隧道攻擊。

關鍵字

DNS-over-HTTPS DNS隧道攻擊 流量分析 機器學習

並列摘要

With the rampant Internet crime in recent years, people have begun to pay more attention to privacy and security on the Internet. DNS transmitted in plaintext faces the problem of whether it needs to be converted into ciphertext transmission. Although the ciphertext for transmission helps to improve the security of DNS, making DNS packets free from the risk of eavesdropping attacks, it creates new problems. Malicious traffic can be hidden in it, such as DNS tunneling attacks. Among encrypted DNS traffic, DNS-over-HTTPS (DoH) is the most developed. Thus, this research explores how to detect DNS tunneling attacks hidden in DoH. There are many mature methods for detecting DNS tunneling attacks transmitted in plaintext, but most of these methods are not suitable for detecting DNS tunneling attacks in DoH. In this research, we adopt machine learning technology to detect DNS tunneling attacks in DoH. By extracting the packet size and transmission frequency as features and adopting two-staged prediction model, our method detects malicious DoH accurately in a short period of time.

並列關鍵字

DNS-over-HTTPS DNS tunneling traffic analysis machine learning

參考文獻

[1] Giuseppe Ateniese and Stefan Mangard. A new approach to dns security (dnssec). In Proceedings of the 8th ACM conference on Computer and Communications Security, pages 86–95, 2001.
[2] Introduction to dnscurve. https://dnscurve.org/. Accessed on 06.01.2022.
[3] Dnscrypt version 2 - official project home page. https://dnscrypt.info/. Accessed on 06.01.2022.
[4] Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and Paul Hoffman. Specification for dns over transport layer security (tls). Technical report, 2016.
[5] Paul Hoffman and Patrick McManus. Dns queries over https (doh). Technical report, 2018.

延伸閱讀

未授權