Classifying DNS over HTTPS Malicious/Benign Traffic Using Deep Learning Models

Publisher:
IEEE
Publication Type:
Conference Proceeding
Citation:
2023 10th International Conference on Soft Computing & Machine Intelligence (ISCMI), 2024, 00, pp. 1-5
Issue Date:
2024-03-14
Filename Description Size
1718426.pdfPublished version412.81 kB
Adobe PDF
Full metadata record
As we live in an era where privacy over the Internet has become rudimentary protocols like DNS over HTTPS DoH and DNS over TLS DoT which promote encryption have become popular While these protocols were introduced to overcome the drawbacks of DNS protocol even DoH has some security issues that need to be tackled to prevent any misuse Herein we implemented deep learning models to classify DNS over HTTPS traffic and found the most efficient method in regard to time required complexity and computational requirements Previous studies have used a variety of features from datasets to identify malicious activities Although machine learning and deep learning models are commonly used they require more human intervention These models are also more computationally complex as one is required to tune the model and its parameters for accurate results In comparison some deep learning models are more efficient as they work well without any human intervention and are capable of parameter tuning by themselves In this work we used the CIRA CIC DoHBrw 2020 dataset and performed data imbalance handling one hot encoding and feature selection to create a model that can be used for a more generalized environment We implemented long short term memory LSTM bidirectional LSTM BiLSTM and gated recurrent unit GRU models to classify DoH traffic with high accuracy Although the mentioned models produced good accuracy the BiLSTM model performs better than the LSTM model in the time taken for prediction and accuracy the GRU model outperformed both LSTM and BiLSTM models in terms of accuracy computation time and computation complexity Hence it is more efficient than both LSTM and BiLSTM models
Please use this identifier to cite or link to this item: