A hybrid method of genetic algorithm and support vector machine for DNS tunneling detection

Fuqdan A. Al-Ibraheemi, Sattar AL-Ibraheemi, Haleh Amintoosi

Abstract


With the expansion of the business over the internet, corporations nowadays are investing numerous amounts of money in the web applications. However, there are different threats could make the corporations vulnerable for potential attacks. One of these threats is harnessing the domain name protocol for passing harmful information, this kind of threats is known as DNS tunneling. As a result, confidential information would be exposed and violated. Several studies have investigated the machine learning in order to propose a detection approach. In their approaches, authors have used different and numerous types of features such as domain length, number of bytes, content, volume of DNS traffic, number of hostnames per domain, geographic location and domain history. Apparently, there is a vital demand to accommodate feature selection task in order to identify the best features. This paper proposes a hybrid method of genetic algorithm feature selection approach with the support vector machine classifier for the sake of identifying the best features that have the ability to optimize the detection of DNS tunneling. To evaluate the proposed method, a benchmark dataset of DNS tunneling has been used. Results showed that the proposed method has outperformed the conventional SVM by achieving 0.946 of f-measure

Keywords


DNS tunneling; feature selection; genetic algorithm; support vector machine

Full Text:

PDF


DOI: http://doi.org/10.11591/ijece.v11i2.pp1666-1674

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

International Journal of Electrical and Computer Engineering (IJECE)
p-ISSN 2088-8708, e-ISSN 2722-2578