DNS-DoS Detection System using Hybrid Domain Features-Based Support Vector Machine

S. Veerapandi

doi:https://doi.org/10.59232/CYS-V1I1P102

Research Article | Open Access | Download Full Text

Volume 1 | Issue 1 | Year 2023 | Article Id: CYS-V1I1P102 DOI: https://doi.org/10.59232/CYS-V1I1P102

DNS-DoS Detection System using Hybrid Domain Features-Based Support Vector Machine

S. Veerapandi

Received	Revised	Accepted	Published
15 May 2023	25 May 2023	07 Jun 2023	05 Jul 2023

Citation

S. Veerapandi. “DNS-DoS Detection System using Hybrid Domain Features-Based Support Vector Machine.” DS Journal of Cyber Security, vol. 1, no. 1, pp. 19-27, 2023.

Abstract

The Domain Name System (DNS) Changes IP addresses into memorable domain names and the other way around in the Internet ecosystem. In order to attack DNS, the malicious user makes use of DNS issues. DNS amplification attacks based on Distributed Denial of Service (DDoS) and An attack vector focusing on DNS tunnelling are one of the most refined types of DNS attacks. It is a system that detects intrusions that analyses traffic for network intrusion, although it does not just monitor for DNS intrusion. In this research, a Support Vector Machine is utilised in conjunction with DNS-DoS detection to identify critical DNS-related attacks. Hybrid domain features-based Support vector machines with DNS-DoS detection systems are proposed to detect DNS attacks. The features of DNS-DoS detection systems are classified into two types, namely, payload tunneling features and domain host features. Using the Support vector machine (SVM) and a DNS attacker, determine if a DNS-DOS attack occurred or not. Sensitivity, accuracy, and specificity are the factors taken into account when evaluating the efficiency of the suggested model. In comparison to Decision Tree (DT), Support vector machine (SVM), Naive Bayes (NB) and Random Forest (RF), the technique enhances efficiency by 3.9%, 1.6%, and 0.41%, respectively.

Keywords

Domain Name System, Detection, DoS, Hybrid, Support Vector Machine, Decision Tree, Naïve Bayes, Random Forest.

References

[1] S. Cheung, and K.N. Levitt, "A Formal-Specification Based Approach for Protecting the Domain Name System," Proceeding International Conference on Dependable Systems and Networks, DSN 2000, pp. 641–651, 2000.

[CrossRef] [Google Scholar] [Publisher Link]

[2] Samaneh Rastegari, M. Iqbal Saripan, and Mohd Fadlee A. Rasid, "Detection of Denial-of-Service Attacks Against Domain Name System Using Neural Networks," International Journal of Computer Science Issues, vol. 6, 2009.

[Google Scholar] [Publisher Link]

[3] Filip Hock, and Peter Kortiš, "Design Implementation and Monitoring of the Firewall System for a DNS Server Protection," 2016 International Conference on Emerging Elearning Technologies and Applications, ICETA, pp. 91–96, 2016.

[CrossRef] [Google Scholar] [Publisher Link]

[4] Stanislav Špaček et al., "Current Issues of Malicious Domains Blocking," In: 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), pp. 551–556, 2019.

[Google Scholar] [Publisher Link]

[5] Tirthankar Ghosh, Eman El-Sheikh, and Wasseem Jammal, “A Multi-Stage Detection Technique for DNS-Tunneled Botnets,” Proceedings of 34^th International Conference on Computers and Their Applications, pp. 137–143, 2019.

[CrossRef] [Google Scholar] [Publisher Link]

[6] Yasir Faraj Mohammed, “Network-Based Detection and Prevention System against DNS-Based Attacks,” University of Arkansas, 2021.

[Google Scholar] [Publisher Link]

[7] Rikima Mitsuhashi et al., "Malicious DNS Tunnel Tool Recognition Using Persistent Doh Traffic Analysis," IEEE Transactions on Network and Service Management, 2022.

[CrossRef] [Google Scholar] [Publisher Link]