Research On The Construction And Detection Technology Of Covert Channel Based On DNS Protocol

Covert channel can be used to transfer information in a manner that breaks security policy. Recently,we have focused on covert channels in computer network protocols.Network covert channel use the packets as medium for covert communication.In general, network covert tunnel can pass through firewalls and intrusion detection systemsNetwork covert channels can be built based on the network protocols in OSI mode(lnetwork layer,transport layer,application layer),in which the application layer protocol has a natural advantage,cause the construction of covert channel based on application layer protocol has relatively limited requirement. So more and more covert channels are built based on protocol in this layer. For example, the Hypertext Transfer Protocol, Domain Name System.This paper describes the concepts related to covert channel, and then the research of covert channel will be extended to the network environment (The network covert channel).This paper study the traditional covert channel.Focus on the construction of covert channel, then build covert channel using ICMP.The DNS protocol underlies the conversion of hostnames into IP address on the internet,and as it is a bidirectional protocol required by most computer networks, which makes it possible to set up covert channel using DNS protocol. This paper firstly introduces the concept DNS tunnel, the core of the DNS tunnel system, Then perform the demonstration using DNS tunnel tool, At last the paper point out measures for improvement to make the DNS tunnel tool faster.The network covert channel based on DNS protocol has high data transfer rate,if hackers use it to transfer covert message,Network and host will face huge security threat.It is necessary to study the relevant network covert channel detection technology.This paper develops dns covert channel detection system that can efficiently and accurately detect potential network covert channel.In another point of view,network covert channel can be used to evaluate the firewalls and intrusion detection system.Therefore,it's necessary to study the network covert channel.In the last,this paper prospect the research on network covert channel in the future.