COMPARISON OF MACHINE LEARNING ALGORITHMS FOR DETECTION OF DATA EXFILTRATION OVER DNS

Abstract

Nowadays, computers are indispensable for business processes and home users. The widespread use of the Internet provides convenience in many areas from education to research. However, most of the users are unaware of technical security measures and use the Internet unconsciously. This situation leads to inadequate security measures against cyber-attacks. Various trainings are organised for conscious and safe internet use, but these efforts are not enough. Therefore, artificial intelligence-based solutions that can detect cyber incidents and close security gaps are becoming necessary. DNS tunnelling is a method used by malware to leak data over the internet. Vulnerable computers can put users in difficult situations by learning IP addresses from the wrong DNS servers. Innovative methods have been developed to detect this tunnelling. Some methods can detect low and slow data leakage through DNS in real time. There are also hybrid DNS tunnelling detection systems that achieve high accuracy and F-score using packet length and specific features. Feature-based methods sensitive to cache characteristics effectively characterise DNS tunnelling traffic with low false detection rates. These methods offer effective strategies for internet security. In this study, the detection of DNS tunnelling attacks by machine learning algorithms on the CIC-Bell-DNS-EXF-2021 dataset was investigated.