DNS flooding attack detection scheme through Machine Learning

Ali El Attar; Rida Khatoun; Fadlallah Chbib; Ahmad Fadlallah; Ahmed Serhrouchni

doi:10.1109/IWCMC61514.2024.10592588

DNS flooding attack detection scheme through Machine Learning

Ali El Attar, Rida Khatoun, Fadlallah Chbib, Ahmad Fadlallah, Ahmed Serhrouchni

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Domain Name System (DNS) servers are considered registers that enable internet devices to quickly look up specific web servers and access web pages. DNS flooding is a type of distributed denial of service (DDoS) attack in which an attacker overwhelms DNS servers with a huge number of resolution requests. Such an attack can prevent DNS servers from responding to legitimate traffic. In this paper, we propose a new approach that relies on monitoring and analyzing incoming DNS requests to identify flooding attacks against DNS servers. The detection is carried out using a Machine Learning-based Intrusion Detection System at the entry point of networks. We analyze the performance of different machine learning methods (decision tree, random forest, XGBoost, SVM, K-nearest neighbors, logistic regression, and Multi-Layer Perceptron) for detecting DNS flooding attacks. The evaluation was conducted in the context of emulated attacks. The obtained results reveal that all six methods exhibit the capability to effectively detect DNS attacks, even when dealing with low attack rates. This highlights the robustness of these methods and their potential to maintain high accuracy levels in identifying DNS attack patterns.

Original language	English
Title of host publication	20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	132-137
Number of pages	6
ISBN (Electronic)	9798350361261
DOIs	https://doi.org/10.1109/IWCMC61514.2024.10592588
Publication status	Published - 1 Jan 2024
Event	20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024 - Hybrid, Ayia Napa, Cyprus Duration: 27 May 2024 → 31 May 2024

Publication series

Name	20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024

Conference

Conference	20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024
Country/Territory	Cyprus
City	Hybrid, Ayia Napa
Period	27/05/24 → 31/05/24

Keywords

Cybersecurity
DDoS attack
Deep Learning
Machine Learning

Access to Document

10.1109/IWCMC61514.2024.10592588

Cite this

El Attar, A., Khatoun, R., Chbib, F., Fadlallah, A., & Serhrouchni, A. (2024). DNS flooding attack detection scheme through Machine Learning. In 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024 (pp. 132-137). (20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/IWCMC61514.2024.10592588

El Attar, Ali ; Khatoun, Rida ; Chbib, Fadlallah et al. / DNS flooding attack detection scheme through Machine Learning. 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 132-137 (20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024).

@inproceedings{25d0ce7d68464a2b91d6175bc20e268d,

title = "DNS flooding attack detection scheme through Machine Learning",

abstract = "Domain Name System (DNS) servers are considered registers that enable internet devices to quickly look up specific web servers and access web pages. DNS flooding is a type of distributed denial of service (DDoS) attack in which an attacker overwhelms DNS servers with a huge number of resolution requests. Such an attack can prevent DNS servers from responding to legitimate traffic. In this paper, we propose a new approach that relies on monitoring and analyzing incoming DNS requests to identify flooding attacks against DNS servers. The detection is carried out using a Machine Learning-based Intrusion Detection System at the entry point of networks. We analyze the performance of different machine learning methods (decision tree, random forest, XGBoost, SVM, K-nearest neighbors, logistic regression, and Multi-Layer Perceptron) for detecting DNS flooding attacks. The evaluation was conducted in the context of emulated attacks. The obtained results reveal that all six methods exhibit the capability to effectively detect DNS attacks, even when dealing with low attack rates. This highlights the robustness of these methods and their potential to maintain high accuracy levels in identifying DNS attack patterns.",

keywords = "Cybersecurity, DDoS attack, Deep Learning, Machine Learning",

author = "\{El Attar\}, Ali and Rida Khatoun and Fadlallah Chbib and Ahmad Fadlallah and Ahmed Serhrouchni",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024 ; Conference date: 27-05-2024 Through 31-05-2024",

year = "2024",

month = jan,

day = "1",

doi = "10.1109/IWCMC61514.2024.10592588",

language = "English",

series = "20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "132--137",

booktitle = "20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024",

}

El Attar, A, Khatoun, R , Chbib, F, Fadlallah, A & Serhrouchni, A 2024, DNS flooding attack detection scheme through Machine Learning. in 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024. 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024, Institute of Electrical and Electronics Engineers Inc., pp. 132-137, 20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024, Hybrid, Ayia Napa, Cyprus, 27/05/24. https://doi.org/10.1109/IWCMC61514.2024.10592588

DNS flooding attack detection scheme through Machine Learning. / El Attar, Ali; Khatoun, Rida ; Chbib, Fadlallah et al.
20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024. Institute of Electrical and Electronics Engineers Inc., 2024. p. 132-137 (20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - DNS flooding attack detection scheme through Machine Learning

AU - El Attar, Ali

AU - Khatoun, Rida

AU - Chbib, Fadlallah

AU - Fadlallah, Ahmad

AU - Serhrouchni, Ahmed

PY - 2024/1/1

Y1 - 2024/1/1

N2 - Domain Name System (DNS) servers are considered registers that enable internet devices to quickly look up specific web servers and access web pages. DNS flooding is a type of distributed denial of service (DDoS) attack in which an attacker overwhelms DNS servers with a huge number of resolution requests. Such an attack can prevent DNS servers from responding to legitimate traffic. In this paper, we propose a new approach that relies on monitoring and analyzing incoming DNS requests to identify flooding attacks against DNS servers. The detection is carried out using a Machine Learning-based Intrusion Detection System at the entry point of networks. We analyze the performance of different machine learning methods (decision tree, random forest, XGBoost, SVM, K-nearest neighbors, logistic regression, and Multi-Layer Perceptron) for detecting DNS flooding attacks. The evaluation was conducted in the context of emulated attacks. The obtained results reveal that all six methods exhibit the capability to effectively detect DNS attacks, even when dealing with low attack rates. This highlights the robustness of these methods and their potential to maintain high accuracy levels in identifying DNS attack patterns.

AB - Domain Name System (DNS) servers are considered registers that enable internet devices to quickly look up specific web servers and access web pages. DNS flooding is a type of distributed denial of service (DDoS) attack in which an attacker overwhelms DNS servers with a huge number of resolution requests. Such an attack can prevent DNS servers from responding to legitimate traffic. In this paper, we propose a new approach that relies on monitoring and analyzing incoming DNS requests to identify flooding attacks against DNS servers. The detection is carried out using a Machine Learning-based Intrusion Detection System at the entry point of networks. We analyze the performance of different machine learning methods (decision tree, random forest, XGBoost, SVM, K-nearest neighbors, logistic regression, and Multi-Layer Perceptron) for detecting DNS flooding attacks. The evaluation was conducted in the context of emulated attacks. The obtained results reveal that all six methods exhibit the capability to effectively detect DNS attacks, even when dealing with low attack rates. This highlights the robustness of these methods and their potential to maintain high accuracy levels in identifying DNS attack patterns.

KW - Cybersecurity

KW - DDoS attack

KW - Deep Learning

KW - Machine Learning

U2 - 10.1109/IWCMC61514.2024.10592588

DO - 10.1109/IWCMC61514.2024.10592588

M3 - Conference contribution

AN - SCOPUS:85199990027

T3 - 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024

SP - 132

EP - 137

BT - 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024

Y2 - 27 May 2024 through 31 May 2024

ER -

El Attar A, Khatoun R , Chbib F, Fadlallah A, Serhrouchni A. DNS flooding attack detection scheme through Machine Learning. In 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 132-137. (20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024). doi: 10.1109/IWCMC61514.2024.10592588

DNS flooding attack detection scheme through Machine Learning

Abstract

Publication series

Conference

Keywords

Access to Document

Fingerprint

Cite this