<p>The increasing complexity and volume of modern network traffic, specifically within the context of encrypted Domain Name System (DNS) protocols, particularly DNS over HTTPS (DoH), pose significant challenges to traditional traffic analysis methods, making it difficult to discern legitimate activity from covert or malicious communications. This paper explores the intrinsic self-similarity and long-term memory properties of encrypted DNS traffic, employing multiple statistical methods for Hurst parameter estimation. By comparing benign and malicious traffic, we uncover distinct temporal structures, revealing the heightened predictability and persistence of malicious traffic. Furthermore, our entropy analysis quantifies packet inter-arrival randomness, providing additional discriminatory insights. Based on these findings, we propose an anomaly detector founded exclusively on these statistical features, demonstrating that they are sufficient to robustly differentiate malicious from benign traffic. These findings significantly enhance the understanding of how long-range dependencies and variations in unpredictability can be leveraged to enhance network security protocols and improve the detection of hidden threats within encrypted channels.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Unveiling Hidden Patterns: Self-Similarity and Entropy for Robust Encrypted DNS Traffic Security

  • Marta Moure-Garrido,
  • Carlos Garcia-Rubio,
  • Celeste Campo

摘要

The increasing complexity and volume of modern network traffic, specifically within the context of encrypted Domain Name System (DNS) protocols, particularly DNS over HTTPS (DoH), pose significant challenges to traditional traffic analysis methods, making it difficult to discern legitimate activity from covert or malicious communications. This paper explores the intrinsic self-similarity and long-term memory properties of encrypted DNS traffic, employing multiple statistical methods for Hurst parameter estimation. By comparing benign and malicious traffic, we uncover distinct temporal structures, revealing the heightened predictability and persistence of malicious traffic. Furthermore, our entropy analysis quantifies packet inter-arrival randomness, providing additional discriminatory insights. Based on these findings, we propose an anomaly detector founded exclusively on these statistical features, demonstrating that they are sufficient to robustly differentiate malicious from benign traffic. These findings significantly enhance the understanding of how long-range dependencies and variations in unpredictability can be leveraged to enhance network security protocols and improve the detection of hidden threats within encrypted channels.