Vulnerability Detection of DNS over HTTPS Traffic using Ensemble Machine Learning

Abstract

As the Internet is growing very fast, the Domain Name System (DNS) remains under constant attacks and day by day its vulnerability is increasing. In the cyberattacks, maximum target attackers are doing on DNS. Several security add-ons came with DNS to secure it, but we have not come across any robust solution until now. DNS over HTTPS (DoH) and DNS over TLS (DoT) are introduced recently with encrypted DNS to reduce the visibility of DNS requests. Though DoH has been designed to mitigate the DNS security issues DoH has its own drawbacks like it bypasses the local firewalls. However, DoH is a popular protocol now, but it can be compromised. This paper presents a Machine Learning (ML) approach to detect DoH traffic and to filter it into Benign-DoH traffic and Malicious-DoH traffic using ensemble machine learning algorithms. To find the best prediction results, we have applied various ML models such as; (i) Decision Tree (DT), ii) Logistic regression (LR), (iii) K nearest neighboring (KNN), and (iv) Random woodland (RF). Several evaluation matrices have been considered to analyze the performance, like precision, recall, F1-score, and confusion matrix. The results analysis is carried out on a benchmark MoH dataset (CIRA-CIC-DoHBrw-2020) with 30 extracted features. Several elements are used to improve a strong model. An ensemble learning-based RF classifier emerge as the best-suited model with 100% accuracy. The outcomes of the proposed ensemble learning model confirmed that it is the best choice to secure the DoH based DNS attacks because this model detected most malicious activities.