Light

coldwave96 / dohtunnelanalyzer Goto Github PK

View Code? Open in Web Editor NEW

0.0 2.0 0.0 61.89 MB

Detect DNS tunnels from DoH traffic.

Python 100.00%

dohtunnelanalyzer's Introduction

DoHTunnelAnalyzer

Domain Name System (DNS) is one of the early and vulnerable network protocols which has several security loopholes that have been exploited repeatedly over the years. To overcome some of the DNS vulnerabilities related to privacy and data manipulation, IETF introduced DNS over HTTPS (DoH) in RFC8484, a protocol that enhances privacy and combats eavesdropping and man-in-the-middle attacks by encrypting DNS queries and sending them in a covert channel/tunnel so that data is not hampered on the way.

This repo contructs an easy way to detect malicious DoH tunnels, which created by some DNS tunneling tools such as dns2tcp, DNSCat2, and iodine.

Datasets Details

The dataset used for this research is the CIRA-CIC-DoHBrw-2020 dataset developed by the Canadian Institute of Cybersecurity. This dataset can be found here.

Model Design

Layer 1

Random Forest Classifier (RF)
Decision Tree Classifier (DT)

Layer 2

MLP (Multilayer Perceptron)

Evaluation

	precision	recall	f1-score	support
benign	0.99	1.00	1.00	3905
dns2tcp	1.00	0.99	0.99	33577
DNSCat2	0.97	0.99	0.98	7106
iodine	0.98	0.99	0.98	9263

accuracy			0.99	53851
macro avg	0.98	0.99	0.99	53851
weighted avg	0.99	0.99	0.99	53851

dohtunnelanalyzer's People

Contributors

Watchers

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.