TY - GEN
T1 - DNS flooding attack detection scheme through Machine Learning
AU - El Attar, Ali
AU - Khatoun, Rida
AU - Chbib, Fadlallah
AU - Fadlallah, Ahmad
AU - Serhrouchni, Ahmed
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/1/1
Y1 - 2024/1/1
N2 - Domain Name System (DNS) servers are considered registers that enable internet devices to quickly look up specific web servers and access web pages. DNS flooding is a type of distributed denial of service (DDoS) attack in which an attacker overwhelms DNS servers with a huge number of resolution requests. Such an attack can prevent DNS servers from responding to legitimate traffic. In this paper, we propose a new approach that relies on monitoring and analyzing incoming DNS requests to identify flooding attacks against DNS servers. The detection is carried out using a Machine Learning-based Intrusion Detection System at the entry point of networks. We analyze the performance of different machine learning methods (decision tree, random forest, XGBoost, SVM, K-nearest neighbors, logistic regression, and Multi-Layer Perceptron) for detecting DNS flooding attacks. The evaluation was conducted in the context of emulated attacks. The obtained results reveal that all six methods exhibit the capability to effectively detect DNS attacks, even when dealing with low attack rates. This highlights the robustness of these methods and their potential to maintain high accuracy levels in identifying DNS attack patterns.
AB - Domain Name System (DNS) servers are considered registers that enable internet devices to quickly look up specific web servers and access web pages. DNS flooding is a type of distributed denial of service (DDoS) attack in which an attacker overwhelms DNS servers with a huge number of resolution requests. Such an attack can prevent DNS servers from responding to legitimate traffic. In this paper, we propose a new approach that relies on monitoring and analyzing incoming DNS requests to identify flooding attacks against DNS servers. The detection is carried out using a Machine Learning-based Intrusion Detection System at the entry point of networks. We analyze the performance of different machine learning methods (decision tree, random forest, XGBoost, SVM, K-nearest neighbors, logistic regression, and Multi-Layer Perceptron) for detecting DNS flooding attacks. The evaluation was conducted in the context of emulated attacks. The obtained results reveal that all six methods exhibit the capability to effectively detect DNS attacks, even when dealing with low attack rates. This highlights the robustness of these methods and their potential to maintain high accuracy levels in identifying DNS attack patterns.
KW - Cybersecurity
KW - DDoS attack
KW - Deep Learning
KW - Machine Learning
UR - https://www.scopus.com/pages/publications/85199990027
U2 - 10.1109/IWCMC61514.2024.10592588
DO - 10.1109/IWCMC61514.2024.10592588
M3 - Conference contribution
AN - SCOPUS:85199990027
T3 - 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024
SP - 132
EP - 137
BT - 20th International Wireless Communications and Mobile Computing Conference, IWCMC 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 20th IEEE International Wireless Communications and Mobile Computing Conference, IWCMC 2024
Y2 - 27 May 2024 through 31 May 2024
ER -