DNS firewall based on machine learning
| Autor(a) principal: | |
|---|---|
| Data de Publicação: | 2021 |
| Tipo de documento: | Dissertação |
| Idioma: | eng |
| Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| Texto Completo: | http://hdl.handle.net/20.500.11960/2677 |
Resumo: | Nowadays there are many Domain Name Service (DNS) firewall solutions to prevent users to access malicious domains. These can provide real-time protection and block illegitimate communications. Most of these solutions are based on known malicious domain lists that are being constantly updated. However, in this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. This work intends to provide a DNS firewall solution based on Machine Learning (ML) to improve the detection of malicious DNS requests on the fly. For this purpose, a dataset with thirty-four features and 90000 records was created based on real DNS logs. The data will be enriched using Open Source Intelligence (OSINT) sources. The exploratory analysis and data preparations steps were carried and the final dataset submitted to different Supervised ML algorithms to accurately and timely classify if a domain request is malicious or not. The results show that the ML algorithms were able to classify the benign and malicious domains with accuracy rates between 89% and 96% and the time to test between 0.01 and 3.37 seconds which provides a valuable register to the scientific community which can be applied in firewall systems in order to increase the security analysis and performance. |
| id |
RCAP_1ce8417bfd24a5317fc6f2c574b878b0 |
|---|---|
| oai_identifier_str |
oai:repositorio.ipvc.pt:20.500.11960/2677 |
| network_acronym_str |
RCAP |
| network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository_id_str |
7160 |
| spelling |
DNS firewall based on machine learningCybersecurityDNSFirewallMachine learningCibersegurançaNowadays there are many Domain Name Service (DNS) firewall solutions to prevent users to access malicious domains. These can provide real-time protection and block illegitimate communications. Most of these solutions are based on known malicious domain lists that are being constantly updated. However, in this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. This work intends to provide a DNS firewall solution based on Machine Learning (ML) to improve the detection of malicious DNS requests on the fly. For this purpose, a dataset with thirty-four features and 90000 records was created based on real DNS logs. The data will be enriched using Open Source Intelligence (OSINT) sources. The exploratory analysis and data preparations steps were carried and the final dataset submitted to different Supervised ML algorithms to accurately and timely classify if a domain request is malicious or not. The results show that the ML algorithms were able to classify the benign and malicious domains with accuracy rates between 89% and 96% and the time to test between 0.01 and 3.37 seconds which provides a valuable register to the scientific community which can be applied in firewall systems in order to increase the security analysis and performance.Hoje em dia existem muitas soluções de firewall DNS (Sistema de Nomes de Domínio) para prevenir os utilizadores de acederem a domínios maliciosos. Estas podem fornecer proteção em tempo real e bloquear comunicações ilegítimas. A maioria destas soluções são baseadas em listas de domínios maliciosos já conhecidos que estão em constante atualização. No entanto, desta forma, só é possível bloquear comunicações maliciosas para domínios maliciosos já conhecidos, deixando de fora muitos outros que são maliciosos mas ainda não foram atualizados nas listas de bloqueio. Este trabalho pretende fornecer uma solução de firewall DNS baseada em Machine Learning (ML) para melhorar a deteção de pedidos maliciosos ao DNS em tempo real. Para isso, um conjunto de dados com trinta e quatro características e 90000 registos foi criado com base em logs de DNS reais. Os dados foram enriquecidos usando fontes abertas (OSINT). As fases de análise exploratória e preparação de dados foram realizadas e o conjunto de dados final foi submetido a diferentes algoritmos de ML supervisionados para classificar de forma precisa e oportuna se um domínio pedido ao serviço de DNS é malicioso ou não. Os resultados mostram que os algoritmos de ML foram capazes de classificar os domínios benignos e maliciosos com taxas de precisão entre 89% e 96% e o tempo de teste entre 0,01 e 3,37 segundos, o que fornece um registo valioso para a comunidade científica que pode ser aplicado em sistemas de firewall para melhorar o desempenho e a análise de segurança.2022-03-08T15:45:28Z2021-11-18T00:00:00Z2021-11-18info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/2677TID:202928136engMarques, Cláudio Roberto Cunhainfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2023-03-21T14:44:36Zoai:repositorio.ipvc.pt:20.500.11960/2677Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-19T17:44:46.411434Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
| dc.title.none.fl_str_mv |
DNS firewall based on machine learning |
| title |
DNS firewall based on machine learning |
| spellingShingle |
DNS firewall based on machine learning Marques, Cláudio Roberto Cunha Cybersecurity DNS Firewall Machine learning Cibersegurança |
| title_short |
DNS firewall based on machine learning |
| title_full |
DNS firewall based on machine learning |
| title_fullStr |
DNS firewall based on machine learning |
| title_full_unstemmed |
DNS firewall based on machine learning |
| title_sort |
DNS firewall based on machine learning |
| author |
Marques, Cláudio Roberto Cunha |
| author_facet |
Marques, Cláudio Roberto Cunha |
| author_role |
author |
| dc.contributor.author.fl_str_mv |
Marques, Cláudio Roberto Cunha |
| dc.subject.por.fl_str_mv |
Cybersecurity DNS Firewall Machine learning Cibersegurança |
| topic |
Cybersecurity DNS Firewall Machine learning Cibersegurança |
| description |
Nowadays there are many Domain Name Service (DNS) firewall solutions to prevent users to access malicious domains. These can provide real-time protection and block illegitimate communications. Most of these solutions are based on known malicious domain lists that are being constantly updated. However, in this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. This work intends to provide a DNS firewall solution based on Machine Learning (ML) to improve the detection of malicious DNS requests on the fly. For this purpose, a dataset with thirty-four features and 90000 records was created based on real DNS logs. The data will be enriched using Open Source Intelligence (OSINT) sources. The exploratory analysis and data preparations steps were carried and the final dataset submitted to different Supervised ML algorithms to accurately and timely classify if a domain request is malicious or not. The results show that the ML algorithms were able to classify the benign and malicious domains with accuracy rates between 89% and 96% and the time to test between 0.01 and 3.37 seconds which provides a valuable register to the scientific community which can be applied in firewall systems in order to increase the security analysis and performance. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021-11-18T00:00:00Z 2021-11-18 2022-03-08T15:45:28Z |
| dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.driver.fl_str_mv |
info:eu-repo/semantics/masterThesis |
| format |
masterThesis |
| status_str |
publishedVersion |
| dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/20.500.11960/2677 TID:202928136 |
| url |
http://hdl.handle.net/20.500.11960/2677 |
| identifier_str_mv |
TID:202928136 |
| dc.language.iso.fl_str_mv |
eng |
| language |
eng |
| dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
| eu_rights_str_mv |
openAccess |
| dc.format.none.fl_str_mv |
application/pdf |
| dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
| instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| instacron_str |
RCAAP |
| institution |
RCAAP |
| reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
| repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
| repository.mail.fl_str_mv |
|
| _version_ |
1799131533031768064 |