| Summary: | Nowadays there are many Domain Name Service (DNS) firewall solutions to prevent users to access malicious domains. These can provide real-time protection and block illegitimate communications. Most of these solutions are based on known malicious domain lists that are being constantly updated. However, in this way, it is only possible to block malicious communications for known malicious domains, leaving out many others that are malicious but have not yet been updated in the blocklists. This work intends to provide a DNS firewall solution based on Machine Learning (ML) to improve the detection of malicious DNS requests on the fly. For this purpose, a dataset with thirty-four features and 90000 records was created based on real DNS logs. The data will be enriched using Open Source Intelligence (OSINT) sources. The exploratory analysis and data preparations steps were carried and the final dataset submitted to different Supervised ML algorithms to accurately and timely classify if a domain request is malicious or not. The results show that the ML algorithms were able to classify the benign and malicious domains with accuracy rates between 89% and 96% and the time to test between 0.01 and 3.37 seconds which provides a valuable register to the scientific community which can be applied in firewall systems in order to increase the security analysis and performance.
|
|---|