The Domain Name System (DNS) is critical for Internet communication but is vulnerable to attacks such as DNS spoofing and cache poisoning. This paper proposes a hybrid stacking ensemble model integrating XGBoost, CatBoost, and LightGBM with a calibrated Logistic Regression meta-classifier for early detection of such attacks. A two-phase preprocessing pipeline is applied, including Isolation Forest-based anomaly filtering and SMOTE oversampling for class imbalance handling. SHAP-based analysis ensures interpretability of the model. The proposed model achieves 99.81% accuracy and 99.69% F1-score on a real-world dataset, and 98.04% accuracy on a simulated dataset, outperforming baseline models. The approach provides a robust and deployable solution for real-time DNS threat detection.
Md. Ashiqul Islam (Sun,) studied this question.