Journal of Artificial Intelligence and Metaheuristics
Journal DOI
2833-5597ISSN (Online)
Volume 7 , Issue 2 , PP: 73-81, 2024 | Cite this article as | XML | Html | PDF | Full Length Article
Al-Seyday.T. Qenawy 1 * , Hussein Alkattan 2 , Amany Khaled 3
Doi: https://doi.org/10.54216/JAIM.070207
This paper provides a detailed review of related works for classifying secure DNS traffic, with emphasis on the identification of threats relating to DoH using machine learning algorithms. In the present study, with the help of DoHBrw-2020 dataset consisting the network traffic data of DoH protocol during its testing phase, we compare the performance of various machine learning algorithms: Decision Tree, SVM, KNN, Na¨ıve Bayes, Neural Network (MLP), Gradient Boosting, and SVM with RBF kernel. As for each model, we have Accuracy, Sensitivity, Specificity, Positive Predicted Value, Negative Predicted Value, and F Score. They reveal the fact that the chosen Decision Tree model produces the highest accuracy and equals to 99. 65% and all the criteria of the assessment should be well managed. It is important that the various machine learning methods contribute to the study’s discovery of high potential in improving DNS traffic security and offers an understanding on the best models to use for real-time detection of DoH threats. From these outcomes, it can draw many perspectives to the further creation and implementation of safer DNS solutions within contemporary information security paradigms.
DNS over HTTPS, Machine Learning, Traffic Classification, DoHBrw-2020, Cybersecurity
[1] Q. Abu Al-Haija, M. Alohaly, and A. Odeh. A lightweight double-stage scheme to identify malicious dns over https traffic using a hybrid learning approach. Sensors, 23(7), 2023.
[2] A. Aggarwal and M. Kumar. An ensemble framework for detection of dns-over-https (doh) traffic. Multimedia Tools and Applications, 83(11):32945–32972, 2024.
[3] L. A. C. Ahakonye, G. C. Amaizu, C. I. Nwakanma, J. M. Lee, and D.-S. Kim. Classification and characterization of encoded traffic in scada network using hybrid deep learning scheme. Journal of Communications and Networks, 26(1):65–79, 2024.
[4] A. R. Alzighaibi. Detection of doh traffic tunnels using deep learning for encrypted traffic classification. Computers, 12(3), 2023.
[5] M. Chougule, P. K, A. P. P, S. Viswanathan, K. S. Ravichandran, M. Sethumadhavan, M. Rahimi, and A. H. Gandomi. Classifying dns over https malicious/benign traffic using deep learning models. In 2023 10th International Conference on Soft Computing & Machine Intelligence (ISCMI), pages 1–5, 2023.
[6] S. Ding, D. Zhang, J. Ge, X. Yuan, and X. Du. Encrypt dns traffic: Automated feature learning method for detecting dns tunnels. In 2021 IEEE Intl Conf on Parallel & Distributed Processing with Applications, Big Data & Cloud Computing, Sustainable Computing & Communications, Social Computing & Networking (ISPA/BDCloud/SocialCom/SustainCom), pages 352–359, 2021.
[7] K. Hynek, D. Vekshin, J. Luxemburk, T. Cejka, and A.Wasicek. Summary of dns over https abuse. IEEE Access, 10:54668–54680, 2022.
[8] K. Jerabek, K. Hynek, and O. Rysavy. Comparative analysis of dns over https detectors. Computer Networks, 247:110452, 2024.
[9] K. Jerabek, K. Hynek, O. Rysavy, and I. Burgetova. Dns over https detection using standard flow telemetry. IEEE Access, 11:50000–50012, 2023.
[10] O¨ . Kasim. Hybrid deeper neural network model for detection of the domain name system over hypertext markup language protocol traffic flooding attacks. Soft Computing, 27(9):5923–5932, 2023.
[11] R. Mitsuhashi, A. Satoh, Y. Jin, K. Iida, T. Shinagawa, and Y. Takai. Identifying malicious dns tunnel tools from doh traffic using hierarchical machine learning classification. In J. K. Liu, S. Katsikas, W. Meng, W. Susilo, and R. Intan, editors, Information Security, pages 238–256. Springer International Publishing, 2021.
[12] M. MontazeriShatoori, L. Davidson, G. Kaur, and A. Habibi Lashkari. Detection of doh tunnels using time-series classification of encrypted traffic. In 2020 IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC/PiCom/CBDCom/CyberSciTech), pages 63–70, 2020.
[13] M. Moure-Garrido, C. Campo, and C. Garcia-Rubio. Real time detection of malicious doh traffic using statistical analysis. Computer Networks, 234:109910, 2023.
[14] I. Mungwarakarama, Y. Wang, X. Hei, X. Song, E. M. Nyesheja, and J. C. Turiho. Fsdc: Flow samples and dimensions compression for efficient detection of dns-over-https tunnels. Electronics, 13(13), 2024.
[15] T. Q. Nguyen, R. Laborde, A. Benzekri, A. Oglaza, and M. Mounsif. Autoroc-dbscan: Automatic tuning of dbscan to detect malicious dns tunnels. Annals of Telecommunications, 2024.
[16] S. Niktabe, A. H. Lashkari, and A. H. Roudsari. Unveiling doh tunnel: Toward generating a balanced doh encrypted traffic dataset and profiling malicious behavior using inherently interpretable machine learning. Peer-to-Peer Networking and Applications, 17(1):507–531, 2024.
[17] S. Niktabe, A. H. Lashkari, and D. P. Sharma. Detection, characterization, and profiling doh malicious traffic using statistical pattern recognition. International Journal of Information Security, 23(2):1293– 1316, 2024.
[18] S. K. Singh and P. K. Roy. Detecting malicious dns over https traffic using machine learning. In 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT), pages 1–6, 2020.
[19] A. R. Tapsoba, T. F. Ou´edraogo, and W.-B. S. Zongo. Analysis of plaintext features in doh traffic for dga domains detection. In A´ . Rocha, C. Ferra´s, J. Hochstetter Diez, and M. Die´guez Rebolledo, editors, Information Technology and Systems, pages 127–138. Springer Nature Switzerland, 2024.
[20] Y. Wang, C. Shen, D. Hou, X. Xiong, and Y. Li. Ff-mr: A doh-encrypted dns covert channel detection method based on feature fusion. Applied Sciences, 12(24), 2022.
[21] S. Wu, W. Wang, and Z. Ding. Detecting malicious doh traffic: Leveraging small sample analysis and adversarial networks for detection. Journal of Information Security and Applications, 84:103827, 2024.
[22] T. Zebin, S. Rezvy, and Y. Luo. An explainable ai-based intrusion detection system for dns over https (doh) attacks. IEEE Transactions on Information Forensics and Security, 17:2339–2349, 2022.
