Ensemble-based Feature Selection and Classification Model for DNS Typo-squatting Detection

TL;DR

This paper introduces an ensemble-based feature selection and classification framework to detect DNS typo-squatting attacks, achieving high accuracy with reduced computational complexity.

Contribution

It proposes a novel ensemble-based feature selection and bagging classification model for improved typo-squatting detection over previous majority-voting methods.

Findings

Achieves high accuracy and precision in detecting typo-squatting domains.

Reduces feature set size by over 50%, lowering computational complexity.

Maintains performance with minimal loss compared to using the full feature set.

Abstract

Domain Name System (DNS) plays in important role in the current IP-based Internet architecture. This is because it performs the domain name to IP resolution. However, the DNS protocol has several security vulnerabilities due to the lack of data integrity and origin authentication within it. This paper focuses on one particular security vulnerability, namely typo-squatting. Typo-squatting refers to the registration of a domain name that is extremely similar to that of an existing popular brand with the goal of redirecting users to malicious/suspicious websites. The danger of typo-squatting is that it can lead to information threat, corporate secret leakage, and can facilitate fraud. This paper builds on our previous work in [1], which only proposed majority-voting based classifier, by proposing an ensemble-based feature selection and bagging classification model to detect DNS typo-squatting attack. Experimental results show that the proposed framework achieves high accuracy and precision in identifying the malicious/suspicious typo-squatting domains (a loss of at most 1.5% in accuracy and 5% in precision when compared to the model that used the complete feature set) while having a lower computational complexity due to the smaller feature set (a reduction of more than 50% in feature set size).