中圖分類號： TP393.08
文獻標識碼： A
DOI： 10.19358/j.issn.2096-5133.2022.04.009
引用格式： 陳解元. 基于LSTM的DNS隱蔽信道檢測方法[J].信息技術與網絡安全，2022，41(4)：60-64，89.

DNS covert channel detection method based on LSTM

Abstract： DNS abuse has become one of the most challenging threats in cyberspace security governance.As the existing detection methods mostly focus on DNS request traffic but ignore the characteristics of response traffic,this paper proposed a DNS covert channel detection method based on Long Short Term Memory(LSTM). The characteristics of request and response traffic were comprehensively analyzed and the feature points such as timestamp, TTL and response packet length from response traffic were extracted，then the LSTM model was constructed for training.The experimental results show that the proposed method achieves good results in accuracy, F1 score and other indicators, which are significantly improved compared with existing methods.

Key words : DNS covert channel；machine learning；Long-Short Term Memory(LSTM)