[1] KAMINSKY D. Black Ops of DNS[EB/OL]. (2004-12-27)[2016-09-05]. https://events.ccc.de/congress/2004/fahrplan/event/121.de.html.
[2] RAMAN D, DE SUTTER B, COPPENS B, et al. DNS tunneling for network penetration[C]//Information Security and Cryptology:ICISC 2012. Berlin Heidelberg:Springer, 2012:65-77.
[3] GRUNZWEIG J, SCOTT M, LEE B, et al. New wekby attacks use DNS requests as command and control mechanism[EB/OL]. (2016-05-24)[2016-09-15]. http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism.
[4] SKOUDIS E. The six most dangerous new attack techniques and what's coming next[EB/OL]. (2012-08-29)[2016-09-05]. https://blogs.sans.org/pentesting/?les/2012/03/RSA-2012-EXP-108-Skoudis-Ullrich.pdf.
[5] FARNHAM G, ATLASIS A. Detecting DNS tunneling[J]. SANS Institute InfoSec Reading Room, 2013(9):1-32.
[6] BUTLER P, XU K, YAO D D. Quantitatively analyzing stealthy communication channels[C]//International Conference on Applied Cryptography and Network Security. Berlin Heidelberg:Springer, 2011:238-254.
[7] BORN K, GUSTAFSON D. Detecting dns tunnelsusing character frequencyanalysis[J]. Corr, 2010,4(358):2567-2573.
[8] BORN K, GUSTAFSON D. NgViz:detecting DNS tunnels through n-gram visualization and quantitativeanalysis[C]//Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research. Oak Ridge:ACM. 2010:1-4.
[9] QI C, CHEN X, XU C, et al. A bigram based real time DNS tunnel detection approach[J]. Procedia Computer Science, 2013, 17(110):852-860.
[10] ELLENS W, URANIEWSKI P, SPEROTTO A, et al. Flow-based detection of DNS tunnels[C]//IFIP International Conference on Autonomous Infrastructure, Management and Security. Barcelona:AIMS, 2013:124-135.
[11] ICHISE H, JIN Y, ⅡDA K. Analysis of via-resolver DNS TXT queries and detection possibility of botnet communications[C]//2015 IEEE Pacific Rim Conference on Communications, Computers and Signal Processing (PACRIM). Victoria:IEEE, 2015:216-221.
[12] 章思宇,邹福泰,王鲁华,等. 基于DNS的隐蔽通道流量检测[J]. 通信学报,2013,34(5):143-151. ZHANG Si-yu, ZOU Fu-tai, WANG Lu-hua, et al. Detecting DNS-based covert channel on live traffic[J]. Journal on Communications, 2013, 34(5):143-151.
[13] RON. DNScat2[EB/OL]. (2016-09-07)[2016-9-15]. https://github.com/iagox86/dnscat2
[14] 赵博,郭虹,刘勤让,等.基于加权累积和检验的加密流量盲识别算法[J].软件学报,2013, 24(6):1334-1345. ZHAO Bo, GUO Hong, LIU Qin-rang, et al. Protocol independent identification of encrypted traffic based on weighted cumulative sum test[J]. Journal of Software, 2013, 24(6):1334-1345.
[15] LI J J, subDomainBrute[EB/OL]. (2015-04-01)[2016-10-05]. https://github.com/lijiejie/subDomainsBrute.
[16] YANG Z R. Classification and regression trees, random forest algorithm[M]//Machine Learning Approaches to Bioinformatics. 2015:120-132.
[17] SVETNIK V, LIAW A, TONG C, et al. Random forest:a classification and regression tool for compound classification and QSAR modeling[J]. Journal of chemical information and computer sciences, 2003, 43(6):1947-1958.
[18] JOHNSON R W. An introduction to the bootstrap[J]. Teaching Statistics, 2001, 23(2):49-54.
[19] AHHH, DNShell v1.7[EB/OL]. (2015-10-11)[2016-10-02]. https://github.com/ahhh/Reverse_DNS_Shell.
[20] MUDGE R, Cobalt strike 3.4-operational details[EB/OL]. (2016-07-29)[2016-09-17]. http://blog.cobaltstrike.com/cate-gory/cobalt-strike-2. |