Abstract
Domain Name System flood attacks are generally carried out in the application layer with the user datagram protocol. This type of attack is a vulnerability that concerns almost all web assets of web services. Various studies provide different security solutions to handle these attacks, but cyber-attackers find some unique approaches to exploit Domain Name Systems. In this study, we focused on Domain Name System flood attacks, which involve delaying or blocking services by increasing the memory and processor usage of Domain Name System servers. In order to separate the measurements of Domain Name System server traffic from legitimate network traffic, flooding attacks were detected with an innovative hybrid deep learning model consisting of a convolutional neural network with a long short-term memory model. This proposed model has been validated with the CIRA-CIC-DoHBrw-2020 dataset obtained from traffic data that causes flooding of the Domain Name System over HyperText Markup Language requests. Validation metrics were compared with widely used support vector machines, shallow neural networks and deep learning classifiers with long short-time model. As a result, very low false alarms and significantly high detection accuracy (99.54%) were achieved using the proposed hybrid deep learning classification. The proposed method for direct detection of domain system attacks without feature optimization and statistical methods such as coding of tags, normalization and standardization of data offers a comprehensive solution based on these metrics.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
The data set CIRA-CIC-DoHBrw-2020 comes from the Canadian Cyber Security Institute (CIC) project funded by the Canadian Internet Registration Authority (CIRA).
References
Abou El Houda Z, Khoukhi L, Hafid AS (2020) Bringing intelligence to software defined networks: mitigating DDoS attacks. IEEE Trans Netw Serv Manag 17(4):2523–2535
Alzahrani MY, Bamhdi AM (2022) Hybrid deep-learning model to detect botnet attacks over internet of things environments. Soft Comput 26:7721–7735. https://doi.org/10.1007/s00500-022-06750-4
Arunkumar M, Ashok Kumar K (2022) Malicious attack detection approach in cloud computing using machine learning techniques. Soft Comput 26:13097–13107. https://doi.org/10.1007/s00500-021-06679-0
Banadaki YM (2020) Detecting malicious dns over https traffic in domain name system using machine learning classifiers. J Computer Sci Appl 8(2):46–55
Behal S, Kumar K, Sachdeva M (2018) A generalized detection system to detect distributed denial of service attacks and flash events for information theory metrics. Turk J Electr Eng Comput Sci 26(4):1759–1770
DNS over HTTPS Traffic Dataset (CIRA-CIC-DoHBrw-2020), https://www.unb.ca/cic/datasets/dohbrw-2020.html, Access Date: 29.03.2022
ElShafee A, El-Shafai W (2022) Design and analysis of data link impersonation attack for wired LAN application layer services J Ambient Intell Humanized Comput 1–24
Fouladi RF, Ermiş O, Anarim E (2022) A novel approach for distributed denial of service defense using continuous wavelet transform and convolutional neural network for software-defined network. Comput Secur 112:102524
Gezer A (2018) Identification of abnormal DNS traffic with hurst parameter. Balkan J Electric Computer Eng 6(3):191–197
Halim Z, Yousaf MN, Waqas M, Sulaiman M, Abbas G, Hussain M, Hanif M (2021) An effective genetic algorithm-based feature selection method for intrusion detection systems. Comput Secur 110:102448
Hsu FH, Lee CH, Wang CY, Hung RY, Zhuang Y (2021) DDoS flood and destination service changing sensor. Sensors 21(6):1980
Ismail S, Hassen HR, Just M, Zantout H (2021) A review of amplification-based distributed denial of service attacks and their mitigation. Comput Secur 109:102380
Kaur S, Kumar K, Aggarwal N (2021) DDoS defense mechanisms for SDN control plane. In: Smys S, Palanisamy R, Rocha Á, Beligiannis GN (eds) Computer networks and inventive communication technologies. Lecture notes on data engineering and communications technologies, vol 58. Springer, Singapore. https://doi.org/10.1007/978-981-15-9647-6_83
Khormali A, Park J, Alasmary H, Anwar A, Saad M, Mohaisen D (2021) Domain name system security and privacy: a contemporary survey. Comput Netw 185:107699
Kshirsagar D, Kumar S (2022) A feature reduction based reflected and exploited DDoS attacks detection system. J Ambient Intell Humaniz Comput 13(1):393–405
Li M, Li Q, Xuan G, Guo D (2021) Identifying compromised hosts under APT using DNS request sequences. J Parallel Distrib Comput 152:67–78
Liu C, Dai L, Cui W, Lin T (2019) A byte-level CNN method to detect DNS tunnels. In 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC) (pp 1–8). IEEE.
Mahamat SB, Çeken C (2019) Anomaly detection in software-defined networking using machine learning. Duzce Univ J Sci Technol 7(1):748–756. https://doi.org/10.29130/dubited.433825
Malhotra P, Singh Y, Anand P, Bangotra DK, Singh PK, Hong WC (2021) Internet of things: evolution, concerns and security challenges. Sensors 21(5):1809
Mittal M, Kumar K, Behal S (2022) Deep learning approaches for detecting DDoS attacks: a systematic review. Soft Comput. https://doi.org/10.1007/s00500-021-06608-1
Montazeri Shatoori M, Davidson L, Kaur G, Lashkari AH (2020) Detection of doh tunnels using time-series classification of encrypted traffic. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech) (pp 63–70) IEEE
Mousavi SH, Khansari M, Rahmani R (2020) A fully scalable big data framework for botnet detection based on network traffic analysis. Inf Sci 512:629–640
Müller M, Chung T, Mislove A, van Rijswijk-Deij R (2019) Rolling with confidence: managing the complexity of dnssec operations. IEEE Trans Netw Serv Manag 16(3):1199–1211
Namgung J, Son S, Moon YS (2021) Efficient deep learning models for DGA domain detection. Secur Commun Netw. https://doi.org/10.1155/2021/8887881
Palaniappan G, Sangeetha S, Rajendran B, Goyal S, Bindhumadhava BS (2020) Malicious domain detection using machine learning on domain name features, host-based features and web-based features. Procedia Computer Sci 171:654–661
Ramakrishnan S, Senthil Rajan A (2022) Network attack detection with QNNBADT in minimal response times using minimized features. In Computer Networks and Inventive Communication Technologies (pp 563–579). Springer, Singapore
Saravanan R, Shanmuganathan S, Palanichamy Y (2016) Behavior-based detection of application layer distributed denial of service attacks during flash events. Turk J Electr Eng Comput Sci 24(2):510–523
Satoh A, Nakamura Y, Fukuda Y, Sasai K, Kitagata G (2019) A cause-based classification approach for malicious DNS queries detected through blacklists. IEEE Access 7:142991–143001
Siby S, Juarez M, Diaz C, Vallina-Rodriguez N, Troncoso C (2020) Encrypted DNS=Privacy? a traffic analysis perspective, In: Network and Distributed System Security Symposium, NDSS
Singh K, Dhindsa KS, Bhushan B (2018) Threshold-based distributed DDoS attack detection in ISP networks. Turk J Electr Eng Comput Sci 26(4):1796–1811
Sommestad T, Holm H, Steinvall D (2021) Variables influencing the effectiveness of signature-based network intrusion detection systems. Inform Secur J Global Perspect 31(6):711–728. https://doi.org/10.1080/19393555.2021.1975853
Steadman J, Scott-Hayward S (2021) DNSxP: enhancing data exfiltration protection through data plane programmability. Comput Netw 195:108174
Thinh TN, Bao THQ, Ngo DM, Pham‐Quoc C (2021) High‐performance anomaly intrusion detection system with ensemble neural networks on reconfigurable hardware. Concurrency Comput Pract Exper. https://doi.org/10.1002/cpe.6370
Varghese JE, Muniyal B (2021) A pilot study in software-defined networking using wireshark for analyzing network parameters to detect DDoS attacks. In: Kaiser MS, Xie J, Rathore VS (eds) Information and communication technology for competitive strategies (ICTCS 2020). Lecture notes in networks and systems, vol 190. Springer, Singapore. https://doi.org/10.1007/978-981-16-0882-7_41
Zhan M, Li Y, Yu G, Li B, Wang W (2022) Detecting DNS over HTTPS based data exfiltration. Computer Netw 209:108919
Funding
This work was not funded by any organization.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no conflict of interest.
Ethical approval
This article does not contain any studies with human participants or animals performed by any of the authors.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Kasim, Ö. Hybrid deeper neural network model for detection of the Domain Name System over Hypertext markup language protocol traffic flooding attacks. Soft Comput 27, 5923–5932 (2023). https://doi.org/10.1007/s00500-022-07631-6
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00500-022-07631-6