Classifying DNS over HTTPS Malicious/Benign Traffic Using Deep Learning Models

Chougule, M; K, P; P. P, A; Viswanathan, S; Ravichandran, KS; Sethumadhavan, M; Rahimi, M; Gandomi, AH

Classifying DNS over HTTPS Malicious/Benign Traffic Using Deep Learning Models

Chougule, M K, P P. P, A Viswanathan, S Ravichandran, KS Sethumadhavan, M Rahimi, M Gandomi, AH

Permalink

Publisher:: IEEE
Publication Type:: Conference Proceeding
Citation:: 2023 10th International Conference on Soft Computing &amp; Machine Intelligence (ISCMI), 2024, 00, pp. 1-5
Issue Date:: 2024-03-14

Closed Access

	Filename	Description	Size
	1718426.pdf	Published version	412.81 kB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Chougule, M
dc.contributor.author	K, P
dc.contributor.author	P. P, A
dc.contributor.author	Viswanathan, S
dc.contributor.author	Ravichandran, KS
dc.contributor.author	Sethumadhavan, M
dc.contributor.author	Rahimi, M
dc.contributor.author	Gandomi, AH
dc.date	2023-11-25
dc.date.accessioned	2024-05-13T04:33:02Z
dc.date.available	2024-05-13T04:33:02Z
dc.date.issued	2024-03-14
dc.identifier.citation	2023 10th International Conference on Soft Computing &amp; Machine Intelligence (ISCMI), 2024, 00, pp. 1-5
dc.identifier.isbn	979-8-3503-5938-1
dc.identifier.issn	2640-0154
dc.identifier.uri	http://hdl.handle.net/10453/178924
dc.description.abstract	As we live in an era where privacy over the Internet has become rudimentary protocols like DNS over HTTPS DoH and DNS over TLS DoT which promote encryption have become popular While these protocols were introduced to overcome the drawbacks of DNS protocol even DoH has some security issues that need to be tackled to prevent any misuse Herein we implemented deep learning models to classify DNS over HTTPS traffic and found the most efficient method in regard to time required complexity and computational requirements Previous studies have used a variety of features from datasets to identify malicious activities Although machine learning and deep learning models are commonly used they require more human intervention These models are also more computationally complex as one is required to tune the model and its parameters for accurate results In comparison some deep learning models are more efficient as they work well without any human intervention and are capable of parameter tuning by themselves In this work we used the CIRA CIC DoHBrw 2020 dataset and performed data imbalance handling one hot encoding and feature selection to create a model that can be used for a more generalized environment We implemented long short term memory LSTM bidirectional LSTM BiLSTM and gated recurrent unit GRU models to classify DoH traffic with high accuracy Although the mentioned models produced good accuracy the BiLSTM model performs better than the LSTM model in the time taken for prediction and accuracy the GRU model outperformed both LSTM and BiLSTM models in terms of accuracy computation time and computation complexity Hence it is more efficient than both LSTM and BiLSTM models
dc.language	en
dc.publisher	IEEE
dc.relation.ispartof	2023 10th International Conference on Soft Computing &amp; Machine Intelligence (ISCMI)
dc.relation.ispartof	2023 10th International Conference on Soft Computing and Machine Intelligence
dc.relation.isbasedon	10.1109/iscmi59957.2023.10458486
dc.rights	info:eu-repo/semantics/closedAccess
dc.title	Classifying DNS over HTTPS Malicious/Benign Traffic Using Deep Learning Models
dc.type	Conference Proceeding
utslib.citation.volume	00
utslib.location.activity	Mexico City, Mexico
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
utslib.copyright.status	closed_access	*
dc.date.updated	2024-05-13T04:33:01Z
pubs.finish-date	2023-11-26
pubs.place-of-publication	Piscataway, USA
pubs.publication-status	Published
pubs.start-date	2023-11-25
pubs.volume	00
dc.location	Piscataway, USA

Abstract:

As we live in an era where privacy over the Internet has become rudimentary protocols like DNS over HTTPS DoH and DNS over TLS DoT which promote encryption have become popular While these protocols were introduced to overcome the drawbacks of DNS protocol even DoH has some security issues that need to be tackled to prevent any misuse Herein we implemented deep learning models to classify DNS over HTTPS traffic and found the most efficient method in regard to time required complexity and computational requirements Previous studies have used a variety of features from datasets to identify malicious activities Although machine learning and deep learning models are commonly used they require more human intervention These models are also more computationally complex as one is required to tune the model and its parameters for accurate results In comparison some deep learning models are more efficient as they work well without any human intervention and are capable of parameter tuning by themselves In this work we used the CIRA CIC DoHBrw 2020 dataset and performed data imbalance handling one hot encoding and feature selection to create a model that can be used for a more generalized environment We implemented long short term memory LSTM bidirectional LSTM BiLSTM and gated recurrent unit GRU models to classify DoH traffic with high accuracy Although the mentioned models produced good accuracy the BiLSTM model performs better than the LSTM model in the time taken for prediction and accuracy the GRU model outperformed both LSTM and BiLSTM models in terms of accuracy computation time and computation complexity Hence it is more efficient than both LSTM and BiLSTM models

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/178924