DNS Tunneling Detection Using Methods of Machine Learning

Abstract

The relevance of the study is due to the growing number of cyber-attacks using Domain Name System tunneling to bypass security systems. Adversarial attacks that modify data and reduce the accuracy of classical Domain Name System tunneling detection methods are particularly dangerous. The article develops a method for detecting Domain Name System tunneling using machine learning models: logistic regression, decision tree, probabilistic neural network, multilayer perceptron, naive Bayes, k-nearest neighbors’ method, simple regression tree, gradient boosted trees, tree ensemble and random forest. The influence of the fast sign gradient method attack on data, which allows deceiving the classical methods of Domain Name System tunneling detection. The proposed Domain Name System tunneling detection method based on the use of logistic regression makes it possible to detect an attack with an accuracy of 98.033%, which is 9.733% better than in the work of Savich et al., 2024.