L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling
Domain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
KeAi Communications Co. Ltd.
2025-09-01
|
| Series: | Data Science and Management |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S2666764924000560 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849222526760124416 |
|---|---|
| author | Emmanuel Oluwatobi Asani Mojiire Oluwaseun Ayoola Emmanuel Tunbosun Aderemi Victoria Oluwaseyi Adedayo-Ajayi Joyce A. Ayoola Oluwatobi Noah Akande Jide Kehinde Adeniyi Oluwambo Tolulope Olowe |
| author_facet | Emmanuel Oluwatobi Asani Mojiire Oluwaseun Ayoola Emmanuel Tunbosun Aderemi Victoria Oluwaseyi Adedayo-Ajayi Joyce A. Ayoola Oluwatobi Noah Akande Jide Kehinde Adeniyi Oluwambo Tolulope Olowe |
| author_sort | Emmanuel Oluwatobi Asani |
| collection | DOAJ |
| description | Domain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose a Lebesgue-2 regularized multilayer perceptron (L2R-MLP) algorithm for detecting DNS tunneling attacks. The DNS dataset was carefully curated from a publicly available repository, and relevant features, such as packet size and count, were selected using the recusive feature elimination technique. L2 regularization in the MLP classifier's hidden layers enhances pattern recognition during training, effectively countering the risk of overfitting. When evaluated against a benchmark MLP model, L2R-MLP demonstrated superior performance with 99.46% accuracy, 97.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 89.00%. In comparison, the benchmark MLP achieved 92.53% accuracy, 96.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 87.00%. This highlights the effectiveness of L2 regularization in improving predictive capabilities and model generalization for unseen instances. |
| format | Article |
| id | doaj-art-0de976b0bf574529867f003cbc9c70bd |
| institution | Kabale University |
| issn | 2666-7649 |
| language | English |
| publishDate | 2025-09-01 |
| publisher | KeAi Communications Co. Ltd. |
| record_format | Article |
| series | Data Science and Management |
| spelling | doaj-art-0de976b0bf574529867f003cbc9c70bd2025-08-26T04:14:35ZengKeAi Communications Co. Ltd.Data Science and Management2666-76492025-09-018332333110.1016/j.dsm.2024.10.005L2R-MLP: a multilabel classification scheme for the detection of DNS tunnelingEmmanuel Oluwatobi Asani0Mojiire Oluwaseun Ayoola1Emmanuel Tunbosun Aderemi2Victoria Oluwaseyi Adedayo-Ajayi3Joyce A. Ayoola4Oluwatobi Noah Akande5Jide Kehinde Adeniyi6Oluwambo Tolulope Olowe7Department of Computer Science, Landmark University, Omu-Aran, 251103, Nigeria; Landmark University SDG 11, Landmark University, Omu-Aran, 251103, Nigeria; Department of Computer Science, WestMidland University, Lagos, 100001, NigeriaDepartment of Computer Science, Landmark University, Omu-Aran, 251103, NigeriaDepartment of Computer Science, Landmark University, Omu-Aran, 251103, Nigeria; Landmark University SDG 8, Landmark University, Omu-Aran, 251103, Nigeria; Corresponding author. Department of Computer Science, Landmark University, Omu-Aran, Nigeria.Department of Computer Science, Landmark University, Omu-Aran, 251103, Nigeria; Landmark University SDG 8, Landmark University, Omu-Aran, 251103, Nigeria; Department of Cyber Security Science, Ladoke Akintola University of Technology, Ogbomosho, 210214, NigeriaElectrical and Computer Engineering, Santa Clara University, Santa Clara, CA 95035, USAComputer Science Department, Baze University, Abuja, 900211, NigeriaDepartment of Computer Science, Landmark University, Omu-Aran, 251103, Nigeria; Landmark University SDG 9, Landmark University, Omu-Aran, 251103, NigeriaDepartment of Computer Science, Landmark University, Omu-Aran, 251103, Nigeria; Landmark University SDG 9, Landmark University, Omu-Aran, 251103, NigeriaDomain name system (DNS) tunneling attacks can bypass firewalls, which typically “trust” DNS transmissions by concealing malicious traffic in the packets trusted to convey legitimate ones, thereby making detection using conventional security techniques challenging. To address this issue, we propose a Lebesgue-2 regularized multilayer perceptron (L2R-MLP) algorithm for detecting DNS tunneling attacks. The DNS dataset was carefully curated from a publicly available repository, and relevant features, such as packet size and count, were selected using the recusive feature elimination technique. L2 regularization in the MLP classifier's hidden layers enhances pattern recognition during training, effectively countering the risk of overfitting. When evaluated against a benchmark MLP model, L2R-MLP demonstrated superior performance with 99.46% accuracy, 97.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 89.00%. In comparison, the benchmark MLP achieved 92.53% accuracy, 96.00% precision, 97.00% F1-score, 99.95% recall, and an AUC of 87.00%. This highlights the effectiveness of L2 regularization in improving predictive capabilities and model generalization for unseen instances.http://www.sciencedirect.com/science/article/pii/S2666764924000560Domain name systemDNS tunnelingMultilayered perceptronL2 regularizationMultilabel classification |
| spellingShingle | Emmanuel Oluwatobi Asani Mojiire Oluwaseun Ayoola Emmanuel Tunbosun Aderemi Victoria Oluwaseyi Adedayo-Ajayi Joyce A. Ayoola Oluwatobi Noah Akande Jide Kehinde Adeniyi Oluwambo Tolulope Olowe L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling Data Science and Management Domain name system DNS tunneling Multilayered perceptron L2 regularization Multilabel classification |
| title | L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling |
| title_full | L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling |
| title_fullStr | L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling |
| title_full_unstemmed | L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling |
| title_short | L2R-MLP: a multilabel classification scheme for the detection of DNS tunneling |
| title_sort | l2r mlp a multilabel classification scheme for the detection of dns tunneling |
| topic | Domain name system DNS tunneling Multilayered perceptron L2 regularization Multilabel classification |
| url | http://www.sciencedirect.com/science/article/pii/S2666764924000560 |
| work_keys_str_mv | AT emmanueloluwatobiasani l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT mojiireoluwaseunayoola l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT emmanueltunbosunaderemi l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT victoriaoluwaseyiadedayoajayi l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT joyceaayoola l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT oluwatobinoahakande l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT jidekehindeadeniyi l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling AT oluwambotolulopeolowe l2rmlpamultilabelclassificationschemeforthedetectionofdnstunneling |