Search Results

Domain Name System (DNS) Tunneling Has Emerged As A Covert Channel For Data Exfiltration And Command-and-control Communication, Allowing Attackers To Bypass Traditional Security Controls By Encapsulating Malicious Payloads Within Seemingly Benign DNS Traffic. Campus Networks, Characterized By Large-scale User Populations, Diverse Devices, And High Query Volumes, Are Particularly Vulnerable To Such Stealthy Attacks. Traditional Rule-based And Signature-driven Detection Approaches Often Fail Against Sophisticated Or Adaptive Tunneling Techniques That Mimic Legitimate DNS Behavior. This Work Proposes A Machine-learning–based DNS Tunnel Detection Scheme Tailored For Campus Network Environments. The Framework Extracts Discriminative Statistical And Lexical Features From DNS Queries And Responses—such As Query Length, Entropy, Frequency Distribution, And Domain Name Patterns—to Build Robust Classification Models. Supervised Learning Algorithms Are Evaluated For Their Ability To Distinguish Tunneling Traffic From Normal Queries With High Accuracy While Minimizing False Alarms. Experimental Results On Real-world Campus Network Datasets Demonstrate That The Proposed Approach Effectively Detects Various Tunneling Tools And Techniques, Achieving Improved Detection Performance Over Conventional Methods. This Study Highlights The Potential Of Machine Learning In Strengthening DNS Security Within Educational Networks And Provides A Foundation For Scalable, Adaptive Intrusion Detection Mechanisms.