This thesis describes on a comprehensive exploration of anomaly de-
tection methodologies, focusing on a hybrid approach that leverages both
stateful and stateless features. The study evaluates in a detailed way the
performance of various classifiers, emphasizing a balance between complex-
ity and results.
Our investigation unfolds in distinct stages, starting with the analysis of
stateful features through machine learning classifiers. The hybrid approach
introduces a pivotal second step: the classification of stateless features
in response to potential attacks detected at the stateful level. Notably,
both GridSearchCV and Optuna are deployed for hyperparameter tuning,
enhancing the robustness of the classifiers.
Intriguingly, the comparative analysis reveals that while no single clas-
sifier outperform others across all metrics. The strategic selection of clas-
sifiers such as XGBOOST and Random Forest successfully minimizes false
positives, a pivotal achievement in anomaly detection.
The thesis concludes with an insightful examination of future prospects,
urging for enhanced data quality and feature extraction methodologies.
A practical demonstration via a local python application underscores the
real-world applicability of the hybrid approach, offering users an interactive
experience in understanding the intricacies of anomaly detection.
The results of this thesis can guide future efforts in enhancing anomaly
detection application for DNS data exfiltration attacks.