A novel deep-learning based approach to DNS over HTTPS network traffic detection
Abstract
Domain name system (DNS) over hypertext transfer protocol secure (HTTPS) (DoH) is currently a new standard for secure communication between DNS servers and end-users. Secure sockets layer (SSL)/transport layer security (TLS) encryption should guarantee the user a high level of privacy regarding the impossibility of data content decryption and protocol identification. Our team created a DoH data set from captured real network traffic and proposed novel deep-learning-based detection models allowing encrypted DoH traffic identification. Our detection models were trained on the network traffic from the Czech top-level domain maintainer, Czech network interchange center (CZ.NIC), and successfully applied to the identification of the DoH traffic from Cloudflare. The reached detection model accuracy was near 95%, and it is clear that the encryption does not prohibit the DoH protocol identification.
Keywords
Computer networks; detection; DNS over HTTPS; machine learning; traffic detection
Full Text:
PDFDOI: http://doi.org/10.11591/ijece.v13i6.pp6691-6700
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
International Journal of Electrical and Computer Engineering (IJECE)
p-ISSN 2088-8708, e-ISSN 2722-2578
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).