DNS TRAFFIC ANALYSIS FOR CYBER TREAT DETECTION USING MACHINE LEARNING

Abstract

DNS traffic analysis is a critical component of modern cybersecurity, enabling the detection of sophisticated threats such as malware, phishing, botnet communications, and data exfiltration that often evade traditional defenses. This study leverages machine learning algorithms—Random Forest, Logistic Regression, and Support Vector Machines (SVM)—to identify malicious DNS traffic through a multi-phase process involving data preprocessing, feature extraction, and model training. Key features like domain name entropy, TTL distributions, and NXDOMAIN ratios enhance classification accuracy. Evaluation using metrics such as accuracy, precision, recall, F1-score, and AUC-ROC confirms the effectiveness of Random Forest and SVM in detecting DNS anomalies, while Logistic Regression offers interpretability. Emphasizing real-time monitoring and adaptive detection, the research highlights how ML-based DNS analysis not only boosts threat detection accuracy but also reduces false positives, supporting efficient, proactive cybersecurity strategies. Future directions include deep learning, unsupervised techniques, and integration with SIEM systems for scalable enterprise deployment.