基于日志的DNS隧道检测系统的设计与实现

NS tunnel is one of the main ways for hackers to attack network and steal data. In order to prevent DNS tunnel attack, this paper designs and implements a set of DNS tunnel detection system based on log. First of all, this paper analyzes the demand of DNS tunnel detection, and designs a log based DNS tunnel detection scheme; secondly, according to the demand analysis, the overall architecture of the system is given, and the detailed design and implementation of the DNS tunnel detection system is divided into modules; finally, in the actual network environment, the feature of each module of the system is tested. The results show that the system can effectively detect the DNS tunnel traffic in the network environment and reduce the operation and maintenance costs.