Domain Name System(DNS)tunnel,as a channel for attackers to transmit sensitive information using plaintext DNS protocol,has attracted significant attention in recent years.To address the security concerns associated with DNS,the Internet Engineering Task Force(IETF)introduced the DNS-over-HTTPS(DoH)protocol in 2018.This protocol encrypts DNS data trans-mission,effectively safeguarding user privacy.However,attackers cleverly exploit the DoH protocol to conceal DNS tunnels within HTTPS,rendering traditional detection methods ineffective and leading to attacks across various domains.This paper comprehensively reviews the detection of DoH covert tunnels,covering aspects such as the state of DNS encryption,detailed summaries of DoH covert tunnel detection features(flow features,TLS handshake features,statistical features),dataset construction,and the categorization of existing research.It summarizes the current issues such as low throughput,small sample size,and new protocols,future research will focus on improving the comprehensiveness and robustness of DoH covert tunnel detection.
国家科技期刊平台
NSTL
万方数据
