In order to find the best characteristics that may maximise the detection of DNS tunnelling, this research suggests a hybrid technique of genetic algorithm feature selection approach with the support vector machine classifier. Corporations are increasingly spending a lot of money developing web applications as online commerce expands. On the other hand, such dangers can leave companies open to future attacks. One of these dangers is DNS tunnelling, which sends dangerous information through the domain name protocol. As a result, confidential data would be exposed and violated. Machine learning has been the subject of several studies to develop a detecting technique. The strategies used by authors comprised a wide range of characteristics, such as domain length, Bytes, content, DNS traffic volume, hostnames per domain, location, and domain history are all factors. Evidently, there is a critical need for feature selection tasks to be supported in order to discover the finest features. A benchmark dataset for DNS tunnelling was used to assess the proposed method. The new method surpassed the classic SVM by receiving an F-measure of 0.946, proving that it was superior.
Author (s) Details:
Fuqdan A. Al-Ibraheemi,
College of Dentistry, University of Al-Ameed, Iraq.
Education Ministry, Iraq.
Faculty of Engineering, Ferdowsi University of Mashhad, Iran.
Please see the link here: https://stm.bookpi.org/NRAMCS-V5/article/view/7487
Keywords: DNS tunneling, feature selection, genetic algorithm, support vector machine.