| 000 | 03112nam a22002657a 4500 | ||
|---|---|---|---|
| 003 | KOHA | ||
| 005 | 20230710115442.0 | ||
| 008 | 230710d2023 cy ||||| m||| 00| 0 eng d | ||
| 040 |
_aCY-NiCIU _beng _cCY-NiCIU _erda |
||
| 041 | _aeng | ||
| 090 |
_aYL 2893 _bE93 2023 |
||
| 100 | 1 | _aEyabi, Gideon Ebi | |
| 245 | 1 | 0 |
_aDNS TUNNEL DETECTION WITH ARTIFICIAL INTELLIGENCE / _cGIDEON EBI EYABI; SUPERVISOR: ASST. PROF. DR. DEVRIM SERAL |
| 264 | _c2023 | ||
| 300 |
_aviii, 50 sheets; _c31 cm. _eIncludes CD |
||
| 336 |
_2rdacontent _atext _btxt |
||
| 337 |
_2rdamedia _aunmediated _bn |
||
| 338 |
_2rdacarrier _avolume _bnc |
||
| 502 | _aThesis (MSc) - Cyprus International University. Institute of Graduate Studies and Research Computer Engineering Department | ||
| 504 | _aIncludes bibliography (sheets 49-50) | ||
| 520 | _aABSTRACT The network protocol that translates human-readable names like afraid.com into computational figures like IP addresses that the computer can understand is called DNS. Without DNS, it would be impossible to memorize all the IP addresses of various sites on the internet. In the OSI hierarchy of layers, the DNS appears in the application layer. The DNS uses the UDP and TCP to transmit data. In this paper, the effects of DNS tunneling on corporate networks will be investigated and a possible solution will be approached using artificial intelligence. Basically, this paper will focus on the use of models like K Nearest neighbors, Gaussian Naïve Bias, and the Decision tree Classifiers. These 3 models were chosen due to their individual capabilities. The Nearest K Neighbors is best for its ability to store trained data, and ease the process by letting the algorithm almost bypass the trained dataset phase directly to the testing phase. Thus, when using the K Nearest neighbor as the chosen algorithm and a new test data x is observed, it immediately searches new data in the trained data closest to the data x and gets a prediction. Thus, limiting the phase of training each time new data is presented. Also, Decision tree was used because it has the ability to group similar data in the trained phase as nodes, such that if new data is presented at the test data, it searches prediction based on the closeness of the data to defined node groups. Also, the Gaussian Naïve Bias uses some probability functions to predict future events. Thus, having the knowledge of the trained data B, the Naïve Bias will be able to predict the probability P(A/B). The above algorithms were chosen because they give predictions similar to what is expected in DNS tunnel detection. DNS tunneling various ways through which the tunnels are setup on target systems. One way is through email poisoning, another is through malicious messages and so on. These classifies best fit these scenarios as they are fully equipped for feature predictions based on stored trained data. | ||
| 650 | 0 |
_aInternet domain names _vDissertations, Academic |
|
| 650 | 0 |
_a Computer networks _vDissertations, Academic _xSecurity measures |
|
| 942 |
_2ddc _cTS |
||
| 999 |
_c290544 _d290544 |
||