Treffer: Detecting malicious DNS queries in covert tunnels using recursive harmony search.

The Domain Name System (DNS) protocol has gained much attention from attackers recently, especially the ones targeting organizations with heavy online presence or those that rely on e-business. This problem can be extended beyond the simple domain of compromising the encrypted DNS packets that can be sent over networks which are hardly ever internally protected by firewalls or blacklist methods. The advantages offered by machine learning (ML) techniques and computational intelligence models have been largely operationalized in detecting these attacks, especially when appropriate datasets are utilized. This paper proposes an intrusion detection model for recognizing unauthorized DNS traffic in covert network tunnels by utilizing flow-level statistics from the "CIRA-CIC-DoHBrw-2020" dataset. The research involves embedding a Recursive Harmony Search (RHS) feature selection algorithm in the training of Random Forest (RF) model. The suggested method exhibits good performance in terms of accuracy and classification metrics on the malicious DNS queries detection task. Previous researchers emphasized detection approaches, which were deployed on the network for DNS attacks in the form of anomaly detection, signature-based methods, and ML which are good, but most of the time quite resource-consuming and requires some considerable amount of data for training. Here, we present a framework that resolves these issues by efficiently utilizing the ML techniques combined with RHS feature selection algorithm. The proposed framework intends to detect illegitimate DNS activities with low false alarm rates and minimize resources consumption. [ABSTRACT FROM AUTHOR]