L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling
Domain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co. Ltd.
2025-09-01
|
| Series: | Data Science and Management |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2666764924000560 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | Domain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose a Lebesgue-2 regularized multilayer perceptron (L2R-MLP) algorithm for detecting DNS tunneling attacks. The DNS dataset was carefully curated from a publicly available repository, and relevant features, such as packet size and count, were selected using the recusive feature elimination technique. L2 regularization in the MLP classifier's hidden layers enhances pattern recognition during training, effectively countering the risk of overfitting. When evaluated against a benchmark MLP model, L2R-MLP demonstrated superior performance with 99.46% accuracy, 97.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 89.00%. In comparison, the benchmark MLP achieved 92.53% accuracy, 96.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 87.00%. This highlights the effectiveness of L2 regularization in improving predictive capabilities and model generalization for unseen instances. |
|---|---|
| ISSN: | 2666-7649 |