A Machine Learning Approach to Identifying Malicious DNS Requests through Server Log Analysis
Authors
Kolla, Teja
Issue Date
2023-08
Degree
MSc in Data Analytics
Publisher
Dublin Business School
Rights holder
Rights
Items in eSource are protected by copyright. Previously published items are made available in accordance with the copyright policy of the publisher/copyright holder.
Abstract
In the dynamic landscape of digital connectivity, the Domain Name System (DNS) plays a significant role
in internet infrastructure, enabling the translation of human readable domain names into machine
understandable IP addresses. Unfortunately, this critical service also presents a vulnerable entry point for
cyber attackers to execute a range of malicious activities including phishing, malware distribution, and
domain hijacking. Traditional manual analysis of DNS traffic struggles to cope with the volume and
complexity of modern cyber threats. To address this challenge, a comprehensive approach is proposed
that harnesses the capabilities of machine learning for the identification of malicious DNS requests
through server log analysis. The primary objective of this research is to design, implement, and evaluate
a robust machine learning framework capable of distinguishing between benign and malicious DNS
requests. Using a diverse dataset of server logs, appropriate preprocessing techniques are employed to
cleanse and transform the raw data into a suitable format for analysis. The approach focuses on the
identification of relevant features and the engineering of domain-specific attributes that capture the
behavior of both legitimate and malicious requests. Through a comprehensive evaluation process, a range
of machine learning algorithms suitable for classification tasks are explored. The chosen models undergo
critical assessment using established evaluation metrics to quantify their performance in differentiating
between malicious and benign DNS requests.