Detection of DoH Traffic Tunnels Using Deep Learning for Encrypted Traffic Classification

Currently, the primary concerns on Internet are security and privacy, particularly in encrypted communications to prevent snooping modification of Domain Name System (DNS) data by hackers who may attack using HTTP protocol gain illegal access information. DNS over HTTPS (DoH) is new that has made remarkable progress encrypting traffic modifying spying. To alleviate these challenges, this study explored detection DoH tunnels traffic, with aim determine gained information through use HTTP. implement proposed work, state-of-the-art machine learning algorithms were used including Random Forest (RF), Gaussian Naive Bayes (GNB), Logistic Regression (LR), k-Nearest Neighbor (KNN), Support Vector Classifier (SVC), Linear Discriminant Analysis (LDA), Decision Tree (DT), Adaboost, Gradient Boost (SGD), LSTM neural networks. Moreover, ensemble models consisting multiple base classifiers utilized carry out a series experiments conduct comparative study. The CIRA-CIC-DoHBrw2020 dataset was for experimentation. experimental findings showed accuracy stacking model binary classification 99.99%. In multiclass classification, gradient boosting scored maximum values 90.71%, 90.87%, 91.18% Accuracy, Recall, Precision, AUC. micro average ROC curve 98%.