TDAE: Autoencoder-based Automatic Feature Learning Method for the Detection of DNS tunnel

The DNS protocol is one of the most important network infrastructure protocols. The encrypted information based on this protocol will not be intercepted by the firewall, so the attacker uses this vulnerability to pass private data through the establishment of DNS tunnels and avoids the security inspection. In order to detect the DNS tunnel conveniently and effectively, we present a novel method that uses Autoencoder to learn latent representation of different datasets. Because the feature is not extracted manually, we show how Autoencoder(AE) can automatically learn the concept of semantic similarity among features of normal traffic. We propose a novel method named TDAE which can detect DNS tunnel traffics using Autoencoder algorithms. To verify the validity of our method, we select a labeled dataset and a public and unlabeled dataset as our training set. The experimental results show that the recall rate can exceed 0.9834 on the labeled dataset and 0.9313 on the SINGH-data [1].