期刊名称:Karbala International Journal of Modern Science
印刷版ISSN:2405-609X
电子版ISSN:2405-609X
出版年度:2021
卷号:7
期号:4
页码:268-280
DOI:10.33640/2405-609X.3155
语种:English
出版社:Elsevier
摘要:The exponential rise in the number of malicious threats targeting computer networks and digital services puts network infrastructure in jeopardy. Domain name protocol attacks are one of the most pervasive network attacks posing a threat to networks, whereby attackers send harmful information to the network; this type of threat is identified as DNS tunneling. The DNS protocol has recently gained increased attention from cyber-attackers, targeting organizations with a web presence or reliance on e-commerce businesses. Cyber-attackers can subtly exploit the contents of encrypted DNS packets that are sent across covert network tunnels, which are difficult for firewalls and blacklist detection methods to detect. Therefore, efficient methods for detecting DNS intrusions in the network are required. Machine learning (ML), deep learning (DL), and computational intelligence models have proved to be increasingly effective in dealing with these cyber-attacks, especially when using an appropriate dataset. This paper proposes an intrusion detection model to detect malicious DNS over HTTPS (DoH) queries among network covert tunnels, using statistical analysis and Bi-directional Recurrent Neural Network (BRNN) techniques, based on the flow level of the network traffic. The proposed approach was tested and evaluated based on a realistic dataset called CIRA-CIC-DoHBrw-2020, provided by the Canadian Institute for Cybersecurity. Experiments have shown that the robustness of the model is strong, with a detection rate of 100%. Furthermore, the proposed model achieved high performance in terms of the accuracy rate in detecting malicious DoH queries, with low false-negative and false-positive rates. Furthermore, the number of features used is fewer than other approaches, making it perform faster in the training and testing phases.
