i will add a detailed explanation of the both research and currently very messy source-code for the paper. iam currently low-key working on revison of source code. I did added the messy version of it with alot of comment tho. so if you wanna check it out be my guest.
Make sure to check out to paper: https://www.researchgate.net/publication/354225319_Deep_Learning_Based_DNS_Tunneling_Detection_and_Blocking_System
https://aece.ro/abstractplus.php?year=2021&number=3&article=5
Abstract—The main purpose of DNS is to convert domain names into IPs. Due to the inadequate precautions taken for the security of DNS, it is used for malicious communication or data leakage. Within the scope of this study, a real-time deep network-based system is proposed on live networks to prevent the common DNS tunneling threats over DNS. The decision-making capability of the proposed system at the instant of threat on a live system is the particular feature of the study. Networks trained with various deep network topologies by using the data from Alexa top 1 million sites were tested on a live network. The system was integrated to the network during the tests to prevent threats in real-time. The result of the tests reveals that the threats were blocked with success rate of 99.91%. Obtained results confirm that we can block almost all tunnel attacks over DNS protocol. In addition, the average time to block each tunneled package was calculated to be 0.923 ms. This time clearly demonstrates that the network flow will not be affected, and no delay will be experienced in the operation of our system in real-time.