As network technology continues to advance, network attacks against large-scale scientific facilities and science data centers have become increasingly sophisticated. The Domain Name System (DNS) protocol is a basic protocol used in the network environments of these facilities, which usually involves unencrypted data transmission to identify computers accessible through the Internet. Attackers exploit the vulnerabilities in the DNS protocol to establish covert channels, which enable them to evade traditional security detection and launch network attacks by encapsulating hidden information in DNS covert channels. These attacks can seriously compromise the network and information security of large-scale scientific facilities and science data centers. Therefore, it is imperative to detect and defend against DNS covert channels to safeguard the network of these facilities.
To address these challenges, this paper proposes a Transformer-based detection method for DNS covert channel. Our proposed method utilizes the Transformer architecture to extract global dependencies on inputs, significantly improving training speed and detection accuracy. The experimental results demonstrate that our method can provide a reliable and efficient solution for detecting DNS covert channels in large-scale scientific facilities and science data centers.