Tesi etd-02062024-110752 |
Link copiato negli appunti
Tipo di tesi
Tesi di laurea magistrale
Autore
MACCHIA, ALESSANDRO
URN
etd-02062024-110752
Titolo
Anomaly Detection on DNS attacks using Machine
Learning techniques
Dipartimento
INFORMATICA
Corso di studi
DATA SCIENCE AND BUSINESS INFORMATICS
Relatori
relatore Prof. Baiardi, Fabrizio
Parole chiave
- anomaly detection
- dns attacks
- machine learning
- dns
Data inizio appello
23/02/2024
Consultabilità
Non consultabile
Data di rilascio
23/02/2094
Riassunto
This thesis describes on a comprehensive exploration of anomaly de-
tection methodologies, focusing on a hybrid approach that leverages both
stateful and stateless features. The study evaluates in a detailed way the
performance of various classifiers, emphasizing a balance between complex-
ity and results.
Our investigation unfolds in distinct stages, starting with the analysis of
stateful features through machine learning classifiers. The hybrid approach
introduces a pivotal second step: the classification of stateless features
in response to potential attacks detected at the stateful level. Notably,
both GridSearchCV and Optuna are deployed for hyperparameter tuning,
enhancing the robustness of the classifiers.
Intriguingly, the comparative analysis reveals that while no single clas-
sifier outperform others across all metrics. The strategic selection of clas-
sifiers such as XGBOOST and Random Forest successfully minimizes false
positives, a pivotal achievement in anomaly detection.
The thesis concludes with an insightful examination of future prospects,
urging for enhanced data quality and feature extraction methodologies.
A practical demonstration via a local python application underscores the
real-world applicability of the hybrid approach, offering users an interactive
experience in understanding the intricacies of anomaly detection.
The results of this thesis can guide future efforts in enhancing anomaly
detection application for DNS data exfiltration attacks.
tection methodologies, focusing on a hybrid approach that leverages both
stateful and stateless features. The study evaluates in a detailed way the
performance of various classifiers, emphasizing a balance between complex-
ity and results.
Our investigation unfolds in distinct stages, starting with the analysis of
stateful features through machine learning classifiers. The hybrid approach
introduces a pivotal second step: the classification of stateless features
in response to potential attacks detected at the stateful level. Notably,
both GridSearchCV and Optuna are deployed for hyperparameter tuning,
enhancing the robustness of the classifiers.
Intriguingly, the comparative analysis reveals that while no single clas-
sifier outperform others across all metrics. The strategic selection of clas-
sifiers such as XGBOOST and Random Forest successfully minimizes false
positives, a pivotal achievement in anomaly detection.
The thesis concludes with an insightful examination of future prospects,
urging for enhanced data quality and feature extraction methodologies.
A practical demonstration via a local python application underscores the
real-world applicability of the hybrid approach, offering users an interactive
experience in understanding the intricacies of anomaly detection.
The results of this thesis can guide future efforts in enhancing anomaly
detection application for DNS data exfiltration attacks.
File
| Nome file | Dimensione |
|---|---|
La tesi non è consultabile. |
|