ABSTRACT

The tremendous growth of innovative technologies used for online services in the global economic space brings vulnerabilities to security breaches. The upsurge of these vulnerabilities created a level playing field for cyberattacks to flourish, with assailants constantly adapting new nefarious methods to compromise information and deceive naïve users of the cyberspace. Despite the amazing and numerous anti-phishing approaches and solutions, the increasing incidences caused by malicious DNS attacks such as spam, phishing and malware  could be attributed to the dynamism in the approaches used by cybercriminals to counterfeit the techniques. To address these issues, many cybersecurity researchers have switched their focus to machine learning-based methodologies for malicious DNS  detection. The study aims to enhance machine-based model for detecting dynamic DNS attacks detection by exploring various Machine Learning, Ensemble learning and Deep Learning. The source of the dataset was the recent DNS dataset released by Bell University, which was used for model training in both the k-Fold and Holdout experiments. The implementation language was Python. The performance of various models was subjected to classification and regression metrics. A customized web crawler was implemented to extract url attributes for model evaluation. The results from various experiments reveal that the random forest with 89.9% and 89.4% accuracy valued at 5-folds and 3-folds cross validation respectively outperformes base line approaches in classifying and detecting malicious DNS.  An improvement in malicious DNS detection is possible by finetuning machine learning models such as ensemble and deep learning..