Comparative Analysis of DNS over HTTPS Detectors

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F24%3APU151372" target="_blank" >RIV/00216305:26230/24:PU151372 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/63839172:_____/24:10133680

Výsledek na webu

<a href="https://doi.org/10.1016/j.comnet.2024.110452" target="_blank" >https://doi.org/10.1016/j.comnet.2024.110452</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1016/j.comnet.2024.110452" target="_blank" >10.1016/j.comnet.2024.110452</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Comparative Analysis of DNS over HTTPS Detectors

Popis výsledku v původním jazyce

DNS over HTTPS (DoH) is a protocol that encrypts DNS traffic to improve user privacy and security. However, its use also poses challenges for network operators and security analysts who need to detect and monitor network traffic for security purposes. Therefore, there are multiple DoH detection proposals that leverage machine learning to identify DoH connections; however, these proposals were often tested on different datasets, and their evaluation methodologies were not consistent enough to allow direct performance comparison. We recreated seven DoH detection proposals and evaluated them using six different experiments to answer research questions that targeted specific deployment scenarios concerning ML-model transferability, usability, and longevity. For thorough testing, we used a large Collection of DoH datasets along with a novel 5-week dataset that enabled the evaluation of data drift. Our study provides insights into the current state of DoH detection techniques and can help network operators and security analysts choose the most suitable method for their specific needs.

Název v anglickém jazyce

Comparative Analysis of DNS over HTTPS Detectors

Popis výsledku anglicky

DNS over HTTPS (DoH) is a protocol that encrypts DNS traffic to improve user privacy and security. However, its use also poses challenges for network operators and security analysts who need to detect and monitor network traffic for security purposes. Therefore, there are multiple DoH detection proposals that leverage machine learning to identify DoH connections; however, these proposals were often tested on different datasets, and their evaluation methodologies were not consistent enough to allow direct performance comparison. We recreated seven DoH detection proposals and evaluated them using six different experiments to answer research questions that targeted specific deployment scenarios concerning ML-model transferability, usability, and longevity. For thorough testing, we used a large Collection of DoH datasets along with a novel 5-week dataset that enabled the evaluation of data drift. Our study provides insights into the current state of DoH detection techniques and can help network operators and security analysts choose the most suitable method for their specific needs.

Druh

J_imp - Článek v periodiku v databázi Web of Science

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

<a href="/cs/project/VJ02010024" target="_blank" >VJ02010024: Analýza šifrovaného provozu pomocí síťových toků</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název periodika

Computer Networks

ISSN

1389-1286

e-ISSN

1872-7069

Svazek periodika

2024

Číslo periodika v rámci svazku

247

Stát vydavatele periodika

NL - Nizozemsko

Počet stran výsledku

13

Strana od-do

110452-110465

Kód UT WoS článku

001237361300001

EID výsledku v databázi Scopus

2-s2.0-85191654030