Eyabi, Gideon Ebi <br/><br/>
DNS TUNNEL DETECTION WITH ARTIFICIAL INTELLIGENCE / 
GIDEON EBI EYABI; SUPERVISOR: ASST. PROF. DR. DEVRIM SERAL 
 - viii, 50 sheets;  31 cm.  Includes CD 
<br/><br/>Thesis (MSc) - Cyprus International University. Institute of Graduate Studies and Research Computer Engineering Department 
<br/><br/>Includes bibliography (sheets 49-50) 
<br/><br/> ABSTRACT<br/>The network protocol that translates human-readable names like afraid.com into <br/>computational figures like IP addresses that the computer can understand is called <br/>DNS. Without DNS, it would be impossible to memorize all the IP addresses of <br/>various sites on the internet. In the OSI hierarchy of layers, the DNS appears in the <br/>application layer. The DNS uses the UDP and TCP to transmit data.<br/>In this paper, the effects of DNS tunneling on corporate networks will be investigated <br/>and a possible solution will be approached using artificial intelligence. Basically, this <br/>paper will focus on the use of models like K Nearest neighbors, Gaussian Naïve Bias, <br/>and the Decision tree Classifiers. These 3 models were chosen due to their individual <br/>capabilities. The Nearest K Neighbors is best for its ability to store trained data, and <br/>ease the process by letting the algorithm almost bypass the trained dataset phase <br/>directly to the testing phase. Thus, when using the K Nearest neighbor as the chosen <br/>algorithm and a new test data x is observed, it immediately searches new data in the <br/>trained data closest to the data x and gets a prediction. Thus, limiting the phase of <br/>training each time new data is presented. Also, Decision tree was used because it has <br/>the ability to group similar data in the trained phase as nodes, such that if new data is <br/>presented at the test data, it searches prediction based on the closeness of the data to <br/>defined node groups. Also, the Gaussian Naïve Bias uses some probability functions <br/>to predict future events. Thus, having the knowledge of the trained data B, the Naïve <br/>Bias will be able to predict the probability P(A/B). The above algorithms were chosen <br/>because they give predictions similar to what is expected in DNS tunnel detection. <br/>DNS tunneling various ways through which the tunnels are setup on target systems. <br/>One way is through email poisoning, another is through malicious messages and so <br/>on. These classifies best fit these scenarios as they are fully equipped for feature <br/>predictions based on stored trained data. 
<br/><br/><label>Subjects--Topical Terms: </label><br/>Internet domain names --Dissertations, Academic<br/> Computer networks--Security measures --Dissertations, Academic