Domain Name System (DNS) is an essential component in internet infrastructure to direct domains to IP addresses or conversely. Despite its important role in delivering internet services, attackers often use DNS as a bridge to breach a system. A DNS traffic analysis system is needed for early detection of attacks. However, the available security tools still have many shortcomings, for example broken authentication, sensitive data exposure, injection, etc. This research uses DNS analysis to develop anomaly-based techniques to detect malicious traffic on the DNS infrastructure. To do this, We look for network features that characterize DNS traffic. Features obtained will then be processed using the Decision Tree algorithm to classifyincoming DNS traffic. We experimented with 2.291.024 data traffic data matches the characteristics of BotNet and normal traffic. By dividing the data into 80% training and 20% testing data, our experimental results showed high detection aacuracy (96.36%) indicating the robustness of our method.

L. Watkins et al., “Using semi-supervised machine learning to address the Big Data problem in DNS networks,” 2017 IEEE 7th Annu. Comput. Commun. Work. Conf. CCWC 2017, no. January, 2017, doi: 10.1109/CCWC.2017.7868376.

S. S. C. Silva, R. M. P. Silva, R. C. G. Pinto, and R. M. Salles, “Botnets: A survey,” Comput. Networks, vol. 57, no. 2, pp. 378–403, 2013, doi: 10.1016/j.comnet.2012.07.021.

X. Li, J. Wang, and X. Zhang, “Botnet detection technology based on DNS,” Futur. Internet, vol. 9, no. 4, pp. 1–12, 2017, doi: 10.3390/fi9040055.

S. Miller and C. Busby-Earle, “The role of machine learning in botnet detection,” 2016 11th Int. Conf. Internet Technol. Secur. Trans. ICITST 2016, pp. 359–364, 2017, doi: 10.1109/ICITST.2016.7856730.

X. Dong, J. Hu, and Y. Cui, “Overview of botnet detection based on machine learning,” 2018, doi: 10.1109/ICMCCE.2018.00106.

A. Feizollah, N. B. Anuar, R. Salleh, F. Amalina, R. R. Ma’arof, and S. Shamshirband, “A study of machine learning classifiers for anomaly-based mobile botnet detection,” Malaysian J. Comput. Sci., vol. 26, no. 4, pp. 251–265, 2013.

M. Singh, M. Singh, and S. Kaur, “Issues and challenges in DNS based botnet detection: A survey,” Comput. Secur., vol. 86, pp. 28–52, 2019, doi: 10.1016/j.cose.2019.05.019.

M. Stevanovic and J. M. Pedersen, “An analysis of network traffic classification for botnet detection,” in 2015 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA), 2015, pp. 1–8.

M. Stevanovic, J. M. Pedersen, A. D’Alconzo, S. Ruehrup, and A. Berger, “On the ground truth problem of malicious DNS traffic analysis,” Comput. Secur., vol. 55, pp. 142–158, 2015.

H. R. Zeidanloo, A. B. Manaf, P. Vahdani, F. Tabatabaei, and M. Zamani, “Botnet detection based on traffic monitoring,” in ICNIT 2010 - 2010 International Conference on Networking and Information Technology, 2010, pp. 97–101, doi: 10.1109/ICNIT.2010.5508552.

S. Y. Yerima and M. K. Alzaylaee, “Mobile Botnet Detection: A Deep Learning Approach Using Convolutional Neural Networks,” arXiv. 2020.

J. Wu, “Artificial Neural Network Based DGA Botnet Detection,” 2020, doi: 10.1088/1742-6596/1578/1/012074.

E. B. Beigi, H. H. Jazi, N. Stakhanova, and A. A. Ghorbani, “Towards effective feature selection in machine learning-based botnet detection approaches,” 2014, doi: 10.1109/CNS.2014.6997492.

S. Saad et al., “Detecting P2P botnets through network behavior analysis and machine learning,” 2011, doi: 10.1109/PST.2011.5971980.

Y. M. Mahardhika, A. Sudarsono, and A. R. Barakbah, “An implementation of Botnet dataset to predict accuracy based on network flow model,” 2017, doi: 10.1109/KCIC.2017.8228455.

J. Pang, R. De Prisco, J. Hendricks, B. Maggs, A. Akella, and S. Seshan, “Availability, usage, and deployment characteristics of the domain name system,” Proc. 2004 ACM SIGCOMM Internet Meas. Conf. IMC 2004, no. January, pp. 1–14, 2004, doi: 10.1145/1028788.1028790.

A. Alenazi, I. Traore, K. Ganame, and I. Woungang, “Holistic Model for HTTP Botnet Detection Based on DNS Traffic Analysis,” 2017, doi: 10.1007/978-3-319-69155-8_1.

M. Abedini et al., “A generalized framework for medical image classification and recognition,” IBM J. Res. Dev., vol. 59, no. 2/3, p. 1, 2015.