使用機器學習模型偵測加密型網域名稱系統中的隧道攻擊

Yu-Cheng Liang; 梁淯程

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/83694

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	雷欽隆(Chin-Laung Lei)
dc.contributor.author	Yu-Cheng Liang	en
dc.contributor.author	梁淯程	zh_TW
dc.date.accessioned	2023-03-19T21:14:31Z	-
dc.date.copyright	2022-08-24
dc.date.issued	2022
dc.date.submitted	2022-08-12
dc.identifier.citation	[1] Giuseppe Ateniese and Stefan Mangard. A new approach to dns security (dnssec). In Proceedings of the 8th ACM conference on Computer and Communications Security, pages 86–95, 2001. [2] Introduction to dnscurve. https://dnscurve.org/. Accessed on 06.01.2022. [3] Dnscrypt version 2 - official project home page. https://dnscrypt.info/. Accessed on 06.01.2022. [4] Zi Hu, Liang Zhu, John Heidemann, Allison Mankin, Duane Wessels, and Paul Hoffman. Specification for dns over transport layer security (tls). Technical report, 2016. [5] Paul Hoffman and Patrick McManus. Dns queries over https (doh). Technical report, 2018. [6] Mohammadreza MontazeriShatoori, Logan Davidson, Gurdip Kaur, and Arash Habibi Lashkari. Detection of doh tunnels using time-series classification of encrypted traffic. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pages 63–70. IEEE, 2020 [7] Jerome H Friedman. Stochastic gradient boosting. Computational statistics & data analysis, 38(4):367–378, 2002. [8] Anthony J Myles, Robert N Feudale, Yang Liu, Nathaniel A Woody, and Steven D Brown. An introduction to decision tree modeling. Journal of Chemometrics: A Journal of the Chemometrics Society, 18(6):275–285, 2004. [9] Vladimir Svetnik, Andy Liaw, Christopher Tong, J Christopher Culberson, Robert P Sheridan, and Bradley P Feuston. Random forest: a classification and regression tool for compound classification and qsar modeling. Journal of chemical information and computer sciences, 43(6):1947–1958, 2003. [10] Pierre Geurts, Damien Ernst, and Louis Wehenkel. Extremely randomized trees. Machine learning, 63(1):3–42, 2006. [11] Tianqi Chen, Tong He, Michael Benesty, Vadim Khotilovich, Yuan Tang, Hyunsu Cho, Kailong Chen, et al. Xgboost: extreme gradient boosting. R package version 0.4-2, 1(4):1–4, 2015. [12] Guolin Ke, Qi Meng, Thomas Finley, Taifeng Wang, Wei Chen, Weidong Ma, Qiwei Ye, and Tie-Yan Liu. Lightgbm: A highly efficient gradient boosting decision tree. Advances in neural information processing systems, 30, 2017. [13] Anna Veronika Dorogush, Vasily Ershov, and Andrey Gulin. Catboost: gradient boosting with categorical features support. arXiv preprint arXiv:1810.11363, 2018
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/83694	-
dc.description.abstract	隨著近年來網際網路犯罪猖獗，人們開始逐漸重視在網際網路上的隱私安全，原以明文進行傳輸的網域名稱系統(DNS)面臨到了是否需要轉型成以密文進行傳輸的問題。雖然使用密文進行傳輸有助於提升DNS的安全性，使得DNS封包免於被竊聽的風險，降低了被攻擊的可能性，同時卻產生了新的問題，攻擊者能夠透過加密型的DNS將惡意的網路行為隱藏於其中，例如DNS隧道攻擊。在加密型DNS中，以DNS-over-HTTPS(DoH)最具有發展性，本研究旨在探討如何偵測藏匿於DoH中的DNS隧道攻擊。在以明文進行傳輸的DNS中，已經存在許多成熟的方法用於偵測DNS隧道攻擊，然而這些方法大多不適用於在DoH中偵測DNS隧道攻擊。我們在研究中使用了機器學習的技術，透過分析封包的大小以及傳輸的頻率，能夠在短時間內準確地偵測到存在於DoH中的DNS隧道攻擊。	zh_TW
dc.description.abstract	With the rampant Internet crime in recent years, people have begun to pay more attention to privacy and security on the Internet. DNS transmitted in plaintext faces the problem of whether it needs to be converted into ciphertext transmission. Although the ciphertext for transmission helps to improve the security of DNS, making DNS packets free from the risk of eavesdropping attacks, it creates new problems. Malicious traffic can be hidden in it, such as DNS tunneling attacks. Among encrypted DNS traffic, DNS-over-HTTPS (DoH) is the most developed. Thus, this research explores how to detect DNS tunneling attacks hidden in DoH. There are many mature methods for detecting DNS tunneling attacks transmitted in plaintext, but most of these methods are not suitable for detecting DNS tunneling attacks in DoH. In this research, we adopt machine learning technology to detect DNS tunneling attacks in DoH. By extracting the packet size and transmission frequency as features and adopting two-staged prediction model, our method detects malicious DoH accurately in a short period of time.	en
dc.description.provenance	Made available in DSpace on 2023-03-19T21:14:31Z (GMT). No. of bitstreams: 1 U0001-0808202218140800.pdf: 2354337 bytes, checksum: 7b51c630663598d12c767140b144bf0f (MD5) Previous issue date: 2022	en
dc.description.tableofcontents	Acknowledgements i 摘要 ii Abstract iii Contents v List of Figures vii List of Tables viii Chapter 1 緒論 1 1.1 研究背景 1 1.2 研究動機與貢獻 2 Chapter 2 相關研究 3 2.1 DNS-over-HTTPS 3 2.2 DNS 隧道攻擊 4 Chapter 3 方法 6 3.1 問題公式化 7 3.2 特徵 8 3.3 模型選擇 10 3.3.1 Gradient Boosting 10 3.3.2 Decision Tree 10 3.3.3 Random Forest 11 3.3.4 Extra Tree 11 3.3.5 XGBoost 11 3.3.6 LightGBM 12 3.3.7 CatBoost 12 Chapter 4 實驗與結果 13 4.1 資料集 13 4.2 資料集設置 15 4.3 辨識 DoH 流量與非 DoH 流量 15 4.4 辨識惡性 DoH 流量與良性 DoH 流量 18 4.5 二階段模型之有效性 21 4.6 二階段模型之效能比較 23 Chapter 5 結論與未來研究 27 5.1 結論 27 5.2 未來研究 28 Appendix A — 定義 29 A.1 量測指標 29 References 30
dc.language.iso	zh-TW
dc.subject	機器學習	zh_TW
dc.subject	DNS-over-HTTPS	zh_TW
dc.subject	DNS隧道攻擊	zh_TW
dc.subject	流量分析	zh_TW
dc.subject	DNS tunneling	en
dc.subject	DNS-over-HTTPS	en
dc.subject	traffic analysis	en
dc.subject	machine learning	en
dc.title	使用機器學習模型偵測加密型網域名稱系統中的隧道攻擊	zh_TW
dc.title	Detection of DNS Tunneling from Encrypted Traffic Using Machine Learning Method	en
dc.type	Thesis
dc.date.schoolyear	110-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	郭斯彥(Sy-Yen Kuo),顏嗣鈞(Hsu-chun Yen)
dc.subject.keyword	DNS-over-HTTPS,DNS隧道攻擊,流量分析,機器學習,	zh_TW
dc.subject.keyword	DNS-over-HTTPS,DNS tunneling,traffic analysis,machine learning,	en
dc.relation.page	31
dc.identifier.doi	10.6342/NTU202202161
dc.rights.note	未授權
dc.date.accepted	2022-08-15
dc.contributor.author-college	電機資訊學院	zh_TW
dc.contributor.author-dept	電機工程學研究所	zh_TW
顯示於系所單位：	電機工程學系

文件中的檔案：

檔案	大小	格式
U0001-0808202218140800.pdf 未授權公開取用	2.3 MB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。