DNS Attack Detection Based on Multi-Dimensional Fusion Model

2022 International Conference on Networking and Network Applications (NaNA) Pub Date : 2022-12-01 DOI:10.1109/NaNA56854.2022.00021

Yasheng Zhou, Li Yang, Zhixin Wang, G. Li, Xuemei Ning

{"title":"DNS Attack Detection Based on Multi-Dimensional Fusion Model","authors":"Yasheng Zhou, Li Yang, Zhixin Wang, G. Li, Xuemei Ning","doi":"10.1109/NaNA56854.2022.00021","DOIUrl":null,"url":null,"abstract":"The domain name system (DNS) is one of the most critical infrastructures of the Internet. The lack of security consideration at the beginning of its design phase leads to an endless stream of attacks related to it, such as malware, APT, spam and botnet. Currently, most of the DNS detection methods are performed by extracting DNS package features and get the classification result by rule-based or machine learning technology. However, these methods have the problem of insufficient features extraction in large time span and limitation of single dimension detection model. In this paper. We propose a long term DNS data processing method, which extract features from DNS domain name, DNS request and DNS resolution dimension. And present WD-DNS, a DNS attack detection method based on multi-dimensional fusion model, which integrates the deep learning attack detection models of each dimension. At last, the evaluation results of our fusion model approach against independent detection model in each dimension indicates that WD-DNS model can detect DNS attack with high accuracy.","PeriodicalId":113743,"journal":{"name":"2022 International Conference on Networking and Network Applications (NaNA)","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Conference on Networking and Network Applications (NaNA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NaNA56854.2022.00021","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

The domain name system (DNS) is one of the most critical infrastructures of the Internet. The lack of security consideration at the beginning of its design phase leads to an endless stream of attacks related to it, such as malware, APT, spam and botnet. Currently, most of the DNS detection methods are performed by extracting DNS package features and get the classification result by rule-based or machine learning technology. However, these methods have the problem of insufficient features extraction in large time span and limitation of single dimension detection model. In this paper. We propose a long term DNS data processing method, which extract features from DNS domain name, DNS request and DNS resolution dimension. And present WD-DNS, a DNS attack detection method based on multi-dimensional fusion model, which integrates the deep learning attack detection models of each dimension. At last, the evaluation results of our fusion model approach against independent detection model in each dimension indicates that WD-DNS model can detect DNS attack with high accuracy.

查看原文本刊更多论文

基于多维融合模型的DNS攻击检测

域名系统(DNS)是互联网最关键的基础设施之一。由于在设计之初就缺乏对安全性的考虑，导致与之相关的攻击层出不穷，如恶意软件、APT、垃圾邮件和僵尸网络。目前，大多数DNS检测方法都是通过提取DNS包的特征，并通过基于规则或机器学习的技术得到分类结果。然而，这些方法存在大时间跨度特征提取不足和单维检测模型的局限性等问题。在本文中。提出了一种从DNS域名、DNS请求和DNS解析维度提取特征的长期DNS数据处理方法。提出了一种基于多维融合模型的DNS攻击检测方法WD-DNS，该方法集成了各个维度的深度学习攻击检测模型。最后，将我们的融合模型方法与独立检测模型在各个维度上的评估结果表明，WD-DNS模型能够以较高的准确率检测出DNS攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2022 International Conference on Networking and Network Applications (NaNA)

自引率

0.00%

发文量