This project focuses on building an advanced tool to accurately detect DNS tunneling, a technique often used to bypass security controls and exfiltrate data. The tool leverages cache miss properties to monitor and analyze DNS query behavior. By examining patterns of cache misses—such as frequency, timing, and anomalies—it can identify potential tunneling attempts that exploit the DNS protocol.
To enhance detection accuracy, machine learning models will be employed to classify and differentiate between legitimate DNS traffic and malicious tunneling queries. The combination of cache miss analysis and machine learning aims to minimize false positives and improve overall detection efficiency, providing a powerful solution to safeguard network security.