Genetic Algorithm and Support Vector Machine for DNS Tunneling Detection: A Hybrid Method Approach

Abstract

This paper proposes a hybrid method of genetic algorithm feature selection approach with the support vector machine classifier for the sake of identifying the best features that have the ability to optimize the detection of DNS tunneling. With the growth of business on the internet, corporations are now investing significant sums of money on web apps. Different risks, on the other hand, could make organizations vulnerable to future attacks. One of these risks is DNS tunneling, which uses the domain name protocol to convey harmful information. Confidential information would be disclosed and violated as a result. Several studies have looked into machine learning in order to come up with a detecting method. Authors included a variety of features in their techniques, including domain length, number of bytes, content, volume of DNS traffic, number of hostnames per domain, geographic location, and domain history. Apparently, there is a vital demand to accommodate feature selection task in order to identify the best features. A DNS tunneling benchmark dataset was utilized to evaluate the suggested approach. The proposed approach exceeded the conventional SVM by getting an F-measure of 0.946, indicating that it outperformed the traditional SVM.