Volume 10 Number 2 (Apr. 2021)
Home > Archive > 2021 > Volume 10 Number 2 (Apr. 2021) >
IJCCE 2021 Vol.10(2): 37-51 ISSN: 2010-3743 DOI: 10.17706/IJCCE.2021.10.2.37-51

Identification of DNS Covert Channel Based on Stacking Method

Peng Yang, Xinxin Wan, Guang Shi, Hao Qu, Juan Li, Lixin Yang
Abstract—A covert channel is an information channel which is used by computer process to exfiltrate data through bypassing security policies. The domain name system (DNS) protocol is one of the important ways to implement a covert channel. DNS covert channels are easily used by attackers for malicious purposes. Therefore, an effective detection of the DNS covert channels is significant for computer system and network security. Aiming at the difficulty of the DNS covert channel identification, we propose a DNS covert channel detection method based on stacking model. The stacking model is evaluated in a campus network and the experimental results show that the detection based on the stacking model can detect the DNS covert channels effectively. Besides, it can also identify unknown covert channel traffic. The area under the curve (AUC) of the proposed method, reaching 0.9901, outperforms the existed methods.

Index Terms—Covert channel, DNS, stacking model.

Peng Yang, Xinxin Wan, Guang Shi are with National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China. Hao Qu is with Heilongjiang Branch of National Computer Network Emergency Response Technical Team/Coordination Center of China Harbin, China. Juan Li is with Institute of Information Engineering, Chinese Academy of Sciences, Beijing 150000, China. Lixin Yang is with Heilongjiang Preschool Education College Mudanjiang 157000, China.

Cite:Peng Yang, Xinxin Wan, Guang Shi, Hao Qu, Juan Li, Lixin Yang, "Identification of DNS Covert Channel Based on Stacking Method," International Journal of Computer and Communication Engineering vol. 10, no. 2, pp. 37-51, 2021.

Copyright © 2021 by the authors. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).

General Information

ISSN: 2010-3743 (Online)
Abbreviated Title: Int. J. Comput. Commun. Eng.
Frequency: Quarterly
Editor-in-Chief: Dr. Maode Ma
Abstracting/ Indexing: INSPEC, Google Scholar, Crossref, EBSCO, ProQuest, and Electronic Journals Library
E-mail: ijcce@iap.org
  • Jun 20, 2019 News!

    IJCCE Vol. 6, No. 3 - Vol. 7, No. 3 have been indexed by EI (Inspec) Inspec, created by the Institution of Engineering and Tech.!   [Click]

  • Jun 10, 2021 News!

    IJCCE Vol.10, No.3 is published with online version!   [Click]

  • Mar 12, 2021 News!

    IJCCE Vol.10, No.2 is published with online version!   [Click]

  • Dec 09, 2020 News!

    IJCCE Vol.10, No.1 is published with online version!   [Click]

  • Sep 23, 2020 News!

    IJCCE Vol.9, No.4 is published with online version!   [Click]

  • Read more>>