MULTIBASE CLOUD MONITORING OF DNS TRAFFIC BASED ON PRECEDENT ANALYSIS OF DNS PROTOCOL ANOMALIES

Danylo Chepel; Serhiy Malakhov

doi:10.36074/grail-of-science.20.02.2026.112

MULTIBASE CLOUD MONITORING OF DNS TRAFFIC BASED ON PRECEDENT ANALYSIS OF DNS PROTOCOL ANOMALIES

Authors

Danylo Chepel V. N. Karazin Kharkiv National University, Ukraine, Ukraine https://orcid.org/0009-0009-7449-8095
Serhiy Malakhov V. N. Karazin Kharkiv National University, Ukraine https://orcid.org/0000-0001-8826-1616

DOI:

https://doi.org/10.36074/grail-of-science.20.02.2026.112

Keywords:

DNS, RPZ, AI;, CBR, cybersecurity, traffic filtering, network anomalies, precedent analysis, cloud monitoring, multibase monitoring, data analysis

Summary

The paper presents the results of an experimental study of a software tool for DNS traffic data analysis with the involvement of artificial intelligence based on a case-based reasoning (CBR) approach. In order to increase the transparency, reliability, and traceability of AI-assisted analysis of test measurement results, case-based reasoning methods were integrated. The experimental prototype was implemented as a Python client integrated with the Gemini API and operates on a dataset obtained from previous studies, thereby ensuring continuity and comparability of results. The system utilizes a manually defined initial set of cases and autonomously expands it by adding new anomalous cases accompanied by explanatory comments. The experimental results demonstrate that the proposed mechanism supports both targeted anomaly detection and the identification of general deviations in the data. The obtained results confirm the feasibility of using a case-based approach to enhance the transparency and traceability of AI-assisted DNS traffic analysis. At the same time, the experiments revealed clustering effects that may lead to false positive results and incorrect data interpretation, which necessitated a revision of the analysis constraints. Further evaluation confirmed that the introduced changes reduced the identified effect and increased the reliability of anomaly interpretation.

Downloads

PDF

Downloads

Download data is not yet available.

License

References

Коробейнікова, Т., & Федчук, Т. (2024). Огляд протоколів DNS, DoT та DoT. Débats scientifiques et orientations prospectives du développement scientifique. European Scientific Platform. https://doi.org/10.36074/logos-01.03.2024.056. DOI: https://doi.org/10.36074/logos-01.03.2024.056

Чепель, Д., & Малахов, С. (2024). Узагальнення напрямів фільтрації DNS трафіку як складової безпеки сучасних інформаційних систем. Computer Science and Cybersecurity, (1), 6–21. https://doi.org/10.26565/2519-2310-2024-1-01. DOI: https://doi.org/10.36074/grail-of-science.02.08.2024.055

Чепель, Д., & Малахов, С. (2025). Мультипротокольний моніторинг трафіку DNS, як основа для коригування поточних параметрів RPZ. Theoretical and practical aspects of modern scientific research. European Scientific Platform. https://doi.org/10.36074/logos-24.01.2025.049. DOI: https://doi.org/10.36074/logos-24.01.2025.049

Ali, B., & Chen, G. (2025). Next-generation AI for advanced threat detection and security enhancement in DNS over HTTPS. Journal of Network and Computer Applications, 244, 104326. https://doi.org/10.1016/j.jnca.2025.104326. DOI: https://doi.org/10.1016/j.jnca.2025.104326

Chepel, D., & Malakhov, S. (2025). Multibased cloud monitoring of DNS traffic for operative correction of current RPZ parameters. Modern Information Security, 63(3), 176–187. https://doi.org/10.31673/2409-7292.2025.031949. DOI: https://doi.org/10.31673/2409-7292.2025.031949

Hatalis, K., Kondapalli, V., & Christou, D. (2025). Review of case-based reasoning for LLM agents: Theoretical foundations, architectural components, and cognitive integration. arXiv. https://doi.org/10.48550/arXiv.2504.06943.

Inala, J. P., Wang, C., Drucker, S., Ramos, G., Dibia, V., Riche, N., Brown, D., Marshall, D., & Gao, J. (2024). Data analysis in the era of generative AI. arXiv. https://doi.org/10.48550/arXiv.2409.18475.

Pradeep, P., Caro-Martínez, M., & Wijekoon, A. (2024). A practical exploration of the convergence of Case-Based Reasoning and Explainable Artificial Intelligence. Expert Systems With Applications, 124733. https://doi.org/10.1016/j.eswa.2024.124733. DOI: https://doi.org/10.1016/j.eswa.2024.124733

Pradeep, P., Caro-Martínez, M., & Wijekoon, A. (2025). Empowering explainable artificial intelligence through case-based reasoning: A comprehensive exploration. IEEE Transactions on Knowledge and Data Engineering, 1–20. https://doi.org/10.1109/tkde.2025.3609825. DOI: https://doi.org/10.1109/TKDE.2025.3609825

Rahmani, A. M., Azhir, E., Ali, S., Mohammadi, M., Ahmed, O. H., Yassin Ghafour, M., Hasan Ahmed, S., & Hosseinzadeh, M. (2021). Artificial intelligence approaches and mechanisms for big data analytics: A systematic study. PeerJ Computer Science, 7, Article e488. https://doi.org/10.7717/peerj-cs.488. DOI: https://doi.org/10.7717/peerj-cs.488

Safitra, M. F., Lubis, M., Kusumasari, T. F., & Putri, D. P. (2024). Advancements in artificial intelligence and data science: Models, applications, and challenges. Procedia Computer Science, 234, 381–388. https://doi.org/10.1016/j.procs.2024.03.018. DOI: https://doi.org/10.1016/j.procs.2024.03.018

Zebin, T., Rezvy, S., & Luo, Y. (2022). An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks. IEEE Transactions on Information Forensics and Security, 1. https://doi.org/10.1109/tifs.2022.3183390. DOI: https://doi.org/10.36227/techrxiv.17696972.v1