Improved Intrusion Detection System to Alleviate Attacks on DNS Service

Abstract

: Cybercriminals continuously devise new and more sophisticated ways to attack their targets’ security and cyberattacks are on the rise. One of the earliest and most vulnerable network services is the Domain Name System (DNS), which has had several security issues that have been repeatedly exploited over time. Building a strong Intrusion Detection System (IDS) that guards against unwanted access to network resources is essential to identify DNS attacks in the network and safeguard data. Recently, a number of interesting approaches have been developed as a cure-all for intrusion detection, but constructing a safe DNS system remains difficult because attackers frequently alter their tactics to move around the system’s security measures. In this study, we provide a self-learning model that detects the new attacks on DNS using machine learning classifiers. Support Vector Machine (SVM), K-nearest neighbor, Naive Bayes, and Decision Tree are used in the proposed model to classify data as intrusive or normal. The UNSW_NB15 dataset is used to assess the model performance. Data are pre-processed to eliminate irrelevant attributes from the dataset given that the dimensions of the data affect the success of an IDS. Empirical findings show that SVM and Decision Tree have the best performance for all the classifiers, with an accuracy rate of 99.99%. The performance of Naive Bayes is 99.89% for all attack types, which is the lowest of all the classifiers.