{"title":"L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling","authors":"Emmanuel Oluwatobi Asani , Mojiire Oluwaseun Ayoola , Emmanuel Tunbosun Aderemi , Victoria Oluwaseyi Adedayo-Ajayi , Joyce A. Ayoola , Oluwatobi Noah Akande , Jide Kehinde Adeniyi , Oluwambo Tolulope Olowe","doi":"10.1016/j.dsm.2024.10.005","DOIUrl":null,"url":null,"abstract":"<div><div>Domain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose a Lebesgue-2 regularized multilayer perceptron (L2R-MLP) algorithm for detecting DNS tunneling attacks. The DNS dataset was carefully curated from a publicly available repository, and relevant features, such as packet size and count, were selected using the recusive feature elimination technique. L2 regularization in the MLP classifier's hidden layers enhances pattern recognition during training, effectively countering the risk of overfitting. When evaluated against a benchmark MLP model, L2R-MLP demonstrated superior performance with 99.46% accuracy, 97.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 89.00%. In comparison, the benchmark MLP achieved 92.53% accuracy, 96.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 87.00%. This highlights the effectiveness of L2 regularization in improving predictive capabilities and model generalization for unseen instances.</div></div>","PeriodicalId":100353,"journal":{"name":"Data Science and Management","volume":"8 3","pages":"Pages 323-331"},"PeriodicalIF":0.0000,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Data Science and Management","FirstCategoryId":"1085","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2666764924000560","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Domain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose a Lebesgue-2 regularized multilayer perceptron (L2R-MLP) algorithm for detecting DNS tunneling attacks. The DNS dataset was carefully curated from a publicly available repository, and relevant features, such as packet size and count, were selected using the recusive feature elimination technique. L2 regularization in the MLP classifier's hidden layers enhances pattern recognition during training, effectively countering the risk of overfitting. When evaluated against a benchmark MLP model, L2R-MLP demonstrated superior performance with 99.46% accuracy, 97.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 89.00%. In comparison, the benchmark MLP achieved 92.53% accuracy, 96.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 87.00%. This highlights the effectiveness of L2 regularization in improving predictive capabilities and model generalization for unseen instances.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
