Tags:Attacks Detection, Computer system, Cyberattack, Cybersecurity, DNS traffic, Host, Isolation forest, Malicious traffic, Network and Network traffic
Abstract:
The paper presents a new technique for cyberattacks detection based on DNS traffic analysis. It enables the proactive malicious requests detecting in corporate area networks based on DNS protocol, and is aimed to identify and block the ma-licious domains and DND data deletion requested by the attackers. The process of malicious requests detection is based on the use of "isolation for-est" algorithm, which allows to detect the anomalies in DNS data exchange. Based on the general data deletion scheme, an anomaly of DNS traffic is ob-served when it is used for data exchange. The anomaly in the DNS traffic is detected due to analysis of the set of features concerning the requests and responses that may indicate the attack presence in the network.
Technique for Cyberattacks Detection Based on DNS Traffic Analysis