Multi-Class DNS Attacks Classification using Deep Learning
| dc.contributor.advisor | Fistum, Assamnew (PhD) | |
| dc.contributor.author | Teshome, Assefa | |
| dc.date.accessioned | 2022-02-10T04:46:23Z | |
| dc.date.accessioned | 2023-11-04T15:13:03Z | |
| dc.date.available | 2022-02-10T04:46:23Z | |
| dc.date.available | 2023-11-04T15:13:03Z | |
| dc.date.issued | 2021-01 | |
| dc.description.abstract | Nowadays, the number of Internet customers and data usage are increasing rapidly in Ethiopia and worldwide. One of the main components for providing internet services for customers is Domain Name System. It translates a domain name to IP address. It improves by introducing innovative architecture, interfaces, and protocols. It aids customers to simplify their services using these platforms. However, these have also opened new vulnerabilities on DNS. Thus it becomes the target of attackers. The attacker takes the advantage of openness to attack DNS such as DOS/DDOS, cache poisoning, Tunneling, Domain generating algorithms attack, and others. There are many implementations to detect DNS attacks. Recently, deep learning has emerged as an effective method for multi-class DNS attack detection and classification. We found that RNN classifiers improve DNS attack classification. They are good at dealing with sequential information. These classifiers’ performances were evaluated by calculating mean test accuracy, AUC-ROC, f1-score, and confusion matrix. We compared the performance of four different supervised deep learning classifiers, LSTM, GRU, BiGRU, and BiLSTM, on five-class DNS attacks. We selected the BIGRU model. The value of test accuracy and AUC of it are 97.18% and 0.9970 respectively. The performance of per class classifications by Ensemble model which we reviewed has been built less than BIGRU to classify ramnit and qakbot classes. F1-score of BIGRU to classify qakbot is greater than Ensemble model by 0.1666. And the same way, the F1-score of BIGRU to classify ramnit classes is also greater than the Ensemble model by 0.0798. | en_US |
| dc.identifier.uri | http://etd.aau.edu.et/handle/123456789/29986 | |
| dc.language.iso | en_US | en_US |
| dc.publisher | Addis Ababa University | en_US |
| dc.subject | Domain Name System | en_US |
| dc.subject | deep learning | en_US |
| dc.subject | RNN | en_US |
| dc.subject | DOS/DDOS | en_US |
| dc.subject | cache poisoning | en_US |
| dc.subject | DNS Tunneling | en_US |
| dc.subject | DNS Amplification | en_US |
| dc.subject | ramnit | en_US |
| dc.subject | qakbot | en_US |
| dc.title | Multi-Class DNS Attacks Classification using Deep Learning | en_US |
| dc.type | Thesis | en_US |