All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

DoH Insight: Detecting DNS over HTTPS by Machine Learning

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F20%3A10133298" target="_blank" >RIV/63839172:_____/20:10133298 - isvavai.cz</a>

  • Alternative codes found

    RIV/68407700:21240/20:00342630

  • Result on the web

    <a href="http://dx.doi.org/10.1145/3407023.3409192" target="_blank" >http://dx.doi.org/10.1145/3407023.3409192</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3407023.3409192" target="_blank" >10.1145/3407023.3409192</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    DoH Insight: Detecting DNS over HTTPS by Machine Learning

  • Original language description

    Over the past few years, a new protocol DNS over HTTPS (DoH) has been created to improve users&apos; privacy on the internet. DoH can be used instead of traditional DNS for domain name translation with encryption as a benefit. This new feature also brings some threats because various security tools depend on readable information from DNS to identify, e.g., malware, botnet communication, and data exfiltration. Therefore, this paper focuses on the possibilities of encrypted traffic analysis, especially on the accurate recognition of DoH. The aim is to evaluate what information (if any) can be gained from HTTPS extended IP flow data using machine learning. We evaluated five popular ML methods to find the best DoH classifiers. The experiments show that the accuracy of DoH recognition is over 99.9 %. Additionally, it is also possible to identify the application that was used for DoH communication, since we have discovered (using created datasets) significant differences in the behavior of Firefox, Chrome, and cloudflared. Our trained classifier can distinguish between DoH clients with the 99.9 % accuracy.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Result continuities

  • Project

  • Continuities

    R - Projekt Ramcoveho programu EK

Others

  • Publication year

    2020

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    ARES &apos;20: Proceedings of the 15th International Conference on Availability, Reliability and Security

  • ISBN

    978-1-4503-8833-7

  • ISSN

  • e-ISSN

  • Number of pages

    8

  • Pages from-to

    1-8

  • Publisher name

    ACM

  • Place of publication

    New York, NY, USA

  • Event location

    Dublin, Irsko

  • Event date

    Aug 25, 2020

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

Similar results(10)

Privacy Illusion: Beware of Unpadded DoHDoH detection: Discovering hidden DNSDNS over HTTPS Detection Using Standard Flow Telemetry