Ensemble-based Feature Selection and Classification Model for DNS Typo-squatting Detection

Moubayed, Abdallah; Aqeeli, Emad; Shami, Abdallah

doi:10.1109/ccece47787.2020.9255697

Cited by 23 publications

(14 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Lightweight Directory Access Protocol (LDAP) DDoS attack [8], the attacker sends an LDAP request to an LDAP server to produce large replies, with a spoofed sender IP address. Domain Name System (DNS) [9] amplification is a reflection-based DDoS attack, which manipulates domain name systems and makes them flood the target system with large quantities of UDP packets, which bring down the target servers.…”

Section: Reflection-based Ddos Attacksmentioning

confidence: 99%

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Dasari¹,

Devarakonda²

2021

ISI

View full text Add to dashboard Cite

Cyber attacks are one of the world's most serious challenges nowadays. A Distributed Denial of Service (DDoS) attack is one of the most common cyberattacks that has affected availability, which is one of the most important principles of information security. It leads to so many negative consequences in terms of business, production, reputation, data theft, etc. It shows the importance of effective DDoS detection mechanisms to reduce losses. In order to detect DDoS attacks, statistical and data mining methods have not been given good accuracy values. Researchers get good accuracy values while detecting DDoS attacks by using classification algorithms. But researchers, use individual classification algorithms on generalized DDoS attacks. This study used six machine learning classification algorithms to detect eleven different DDoS attacks on different DDoS attack datasets. We used the CICDDoS2019 dataset which is collected from the Canadian Institute of Cyber security in this study. It contains eleven different DDoS attack datasets in CSV file format. On each DDoS attack, we evaluated the effectiveness of the classification methods Logistic regression, Decision tree, Random Forest, Ada boost, KNN, and Naive Bayes, and determined the best classification algorithms for detection.

show abstract

Section: Reflection-based Ddos Attacksmentioning

confidence: 99%

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Dasari¹,

Devarakonda²

2021

ISI

View full text Add to dashboard Cite

show abstract

“…Within the context of DNS, multiple researchers have proposed the use of ML models for malicious DNS queries detection [23]- [28]. For example, Moubayed et al proposed the use of exploratory data analytics, ensemble feature selection models, and ensemble classification models to understand the characteristics of different DNS typo-squatting features and accurately detect malicious URLs respectively [23,24]. On the other hand, Sivakorn et al proposed using deep neural network models to detect malicious DNS queries [25].…”

Section: Related Workmentioning

confidence: 99%

Optimized Random Forest Model for Botnet Detection Based on DNS Queries

Moubayed

Injadat

Shami

2020

2020 32nd International Conference on Microelectronics (ICM)

Self Cite

View full text Add to dashboard Cite

The Domain Name System (DNS) protocol plays a major role in today's Internet as it translates between website names and corresponding IP addresses. However, due to the lack of processes for data integrity and origin authentication, the DNS protocol has several security vulnerabilities. This often leads to a variety of cyber-attacks, including botnet network attacks. One promising solution to detect DNS-based botnet attacks is adopting machine learning (ML) based solutions. To that end, this paper proposes a novel optimized ML-based framework to detect botnets based on their corresponding DNS queries. More specifically, the framework consists of using information gain as a feature selection method and genetic algorithm (GA) as a hyperparameter optimization model to tune the parameters of a random forest (RF) classifier. The proposed framework is evaluated using a state-of-the-art TI-2016 DNS dataset. Experimental results show that the proposed optimized framework reduced the feature set size by up to 60%. Moreover, it achieved a high detection accuracy, precision, recall, and F-score compared to the default classifier. This highlights the effectiveness and robustness of the proposed framework in detecting botnet attacks.

show abstract

“…Related Work ML classification techniques have been proposed as part of various network attack detection frameworks and other applications using different classification models such as Support Vector Machines (SVM) [15], Decision Trees [16], KNN [17], Artificial Neural Networks (ANN) [18], [19], and Naive Bayes [20] as illustrated in [1]. One such application is the DNS typo-squatting attack detection framework presented in [21], [22]. Also, ML techniques have been proposed to detect zero-day attacks as illustrated by the probabilistic Bayesian network model presented in [23].…”

Section: Related Work and Limitationsmentioning

confidence: 99%

Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection

Injadat,

Moubayed,

Nassif

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

Cyber-security garnered significant attention due to the increased dependency of individuals and organizations on the Internet and their concern about the security and privacy of their online activities. Several previous machine learning (ML)-based network intrusion detection systems (NIDSs) have been developed to protect against malicious online behavior. This paper proposes a novel multi-stage optimized ML-based NIDS framework that reduces computational complexity while maintaining its detection performance. This work studies the impact of oversampling techniques on the models' training sample size and determines the minimal suitable training sample size. Furthermore, it compares between two feature selection techniques, information gain and correlation-based, and explores their effect on detection performance and time complexity. Moreover, different ML hyperparameter optimization techniques are investigated to enhance the NIDS's performance. The performance of the proposed framework is evaluated using two recent intrusion detection datasets, the CICIDS 2017 and the UNSW-NB 2015 datasets. Experimental results show that the proposed model significantly reduces the required training sample size (up to 74%) and feature set size (up to 50%). Moreover, the model performance is enhanced with hyper-parameter optimization with detection accuracies over 99% for both datasets, outperforming recent literature works by 1-2% higher accuracy and 1-2% lower false alarm rate.

show abstract

Ensemble-based Feature Selection and Classification Model for DNS Typo-squatting Detection

Cited by 23 publications

References 25 publications

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Optimized Random Forest Model for Botnet Detection Based on DNS Queries

Multi-Stage Optimized Machine Learning Framework for Network Intrusion Detection

Contact Info

Product

Resources

About