Malicious traffic Detection of DNS over HTTPS using Ensemble Machine Learning

Abstract

As the Internet is growing very fast, the Domain Name System remains under constant attacks and day by day its vulnerability is increasing. In the cyberattacks, it has been shown that the maximum attackers make target on Domain Name System. Several security add-ons came with DNS to secure it, but we have not come across any robust solution until now. DNS over HTTPS and DNS over TLS are introduced recently with encrypted DNS to reduce the visibility of DNS requests. DNS over HTTPS has been designed to mitigate the DNS security issues but it has own drawbacks like it bypasses the local firewalls. However, DNS over HTTPS is a popular protocol now, but it is also vulnerable. This paper presents a Machine Learning approach to detect. DNS over HTTPS traffic and to filter it into Benign-DNS over HTTPS traffic and Malicious-DNS over HTTPS traffic using ensemble machine learning algorithms. To find the best prediction results, we have applied various ML models such as; (i) Decision tree, ii) Logistic regression, (iii) K nearest neighboring, and (iv) Random forest. Several evaluation metrics have been considered to analyze the performance, like precision, recall, F1-score, and confusion matrix. The results analysis is carried out on a benchmark DNS over HTTPS dataset (CIRA-CIC-DoHBrw-2020) with 30 extracted features. To make this model robust, several parameters are used to check its performance. An ensemble learning-based RF classifier emerge as the best-suited model with 100% accuracy. The outcomes of the proposed ensemble learning model confirmed that it is the best choice to secure the DNS over HTTPS based DNS attacks because this model detected most malicious activities.