A hybrid method of genetic algorithm and support vector machine for DNS tunneling detection

Fuqdan A. Al-Ibraheemi, Sattar AL-Ibraheemi, Haleh Amintoosi

Abstract


With the expansion of the business over the internet, corporations nowadays are investing numerous amounts of money in the web applications not only for making profit but also for storing their information, communicating with their clients and accommodating transactions. However, there are different threats could make the corporations vulnerable for potential attacks. One of the significant threats is taking the advantage of the domain name protocol for passing harmful information, this kind of threats is known as DNS tunneling. As a result, confidential information would be exposed and violated. In the last decade, wide range of studies have investigated the machine learning in order to propose a detection approach. In their approaches, the authors have used different and numerous types of features such as domain length, number of bytes, content, volume of DNS traffic, number of hostnames per domain, geographic location and domain history. Apparently, there is a vital demand to accommodate feature selection task in order to identify the best features. This paper aims to propose a hybrid method of Genetic Algorithm feature selection approach with the Support Vector Machine classifier for the sake of identifying the best features that have the ability to optimize the detection of DNS tunneling. To evaluate the proposed method, a benchmark dataset of DNS tunneling has been used. Results showed that the proposed method has outperformed the conventional SVM by achieving 0.946 of f-measure.

Keywords


DNS tunneling; feature selection; genetic algorithm; support vector machine;



DOI: http://doi.org/10.11591/ijece.v11i2.pp%25p
Total views : 0 times


Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

ISSN 2088-8708, e-ISSN 2722-2578