| As an indispensable network infrastructure of computer network,DNS is easy to be used by attackers to build DNS covert channels for covert communication,which is causing serious information security threats and huge economic losses to enterprises and individuals.At present,DNS convert channel detection tool is still in the laboratory stage.It's mostly used in LAN,and its installation and deployment are complex.This paper aims to design a DNS convert channel detection system which can be used by ordinary users to protect personal computers from the threat of DNS convert channel.Based on MVC design pattern,DNS convert channel detection system includes four main module.The first one is the data collection module,which runs independently,monitoring and collecting DNS traffic from the user's computer.The second one is the real-time detection module,it includes two sub-modules: real-time detection based on domain name and traffic.Their collaboration reduces detection's error rate significantly.The third module is offline detection module,it includes offline detection based on domain name and traffic.Using this module,analysts can reproduce and analyze the working process of the real-time detection module,adjust parameters for the real-time detection,and provide support in the subsequent research.the mid-system module is the last,it provides users with the accesses to real-time and offline detection module and various data management services,which greatly facilitates management and expansion of the system.Simply accessing to our system's web interfaces and running the data collection program,users can start detection without complex installation and deployment.After testing,our system can detect the existence of three known DNS convert channel tools and an unknown DNS convert channel.In Addition,tests showed that it could quickly detect the presence of all four DNS convert channel within three seconds when the client and server is just making a connection,and the error rate is as low as 0.699%. |
PDF Full Text Request