Přístupnostní navigace
E-application
Search Search Close
Publication detail
JEŘÁBEK, K. HYNEK, K. RYŠAVÝ, O.
Original Title
Comparative Analysis of DNS over HTTPS Detectors
Type
journal article - other
Language
English
Original Abstract
DNS over HTTPS (DoH) is a protocol that encrypts DNS traffic to improve user privacy and security. However, its use also poses challenges for network operators and security analysts who need to detect and monitor network traffic for security purposes. Therefore, there are multiple DoH detection proposals that leverage machine learning to identify DoH connections; however, these proposals were often tested on different datasets, and their evaluation methodologies were not consistent enough to allow direct performance comparison. We recreated seven DoH detection proposals and evaluated them using six different experiments to answer research questions that targeted specific deployment scenarios concerning ML-model transferability, usability, and longevity. For thorough testing, we used a large Collection of DoH datasets along with a novel 5-week dataset that enabled the evaluation of data drift. Our study provides insights into the current state of DoH detection techniques and can help network operators and security analysts choose the most suitable method for their specific needs.
Keywords
DNS over HTTPS,DoH, detection,comparative analysis,machine learning,network security
Authors
JEŘÁBEK, K.; HYNEK, K.; RYŠAVÝ, O.
Released
20. 4. 2024
ISBN
1389-1286
Periodical
Computer Networks
Year of study
2024
Number
247
State
Kingdom of the Netherlands
Pages from
110452
Pages to
110465
Pages count
13
URL
https://doi.org/10.1016/j.comnet.2024.110452
BibTex
@article{BUT188647, author="Kamil {Jeřábek} and Karel {Hynek} and Ondřej {Ryšavý}", title="Comparative Analysis of DNS over HTTPS Detectors", journal="Computer Networks", year="2024", volume="2024", number="247", pages="110452--110465", doi="10.1016/j.comnet.2024.110452", issn="1389-1286", url="https://doi.org/10.1016/j.comnet.2024.110452" }