A Machine Learning Approach to Identifying Malicious DNS Requests through Server Log Analysis

Authors

Kolla, Teja

Issue Date

2023-08

Degree

MSc in Data Analytics

Publisher

Dublin Business School

Rights

Items in eSource are protected by copyright. Previously published items are made available in accordance with the copyright policy of the publisher/copyright holder.

Abstract

In the dynamic landscape of digital connectivity, the Domain Name System (DNS) plays a significant role in internet infrastructure, enabling the translation of human readable domain names into machine understandable IP addresses. Unfortunately, this critical service also presents a vulnerable entry point for cyber attackers to execute a range of malicious activities including phishing, malware distribution, and domain hijacking. Traditional manual analysis of DNS traffic struggles to cope with the volume and complexity of modern cyber threats. To address this challenge, a comprehensive approach is proposed that harnesses the capabilities of machine learning for the identification of malicious DNS requests through server log analysis. The primary objective of this research is to design, implement, and evaluate a robust machine learning framework capable of distinguishing between benign and malicious DNS requests. Using a diverse dataset of server logs, appropriate preprocessing techniques are employed to cleanse and transform the raw data into a suitable format for analysis. The approach focuses on the identification of relevant features and the engineering of domain-specific attributes that capture the behavior of both legitimate and malicious requests. Through a comprehensive evaluation process, a range of machine learning algorithms suitable for classification tasks are explored. The chosen models undergo critical assessment using established evaluation metrics to quantify their performance in differentiating between malicious and benign DNS requests.