Publication Details
Comparative Analysis of DNS over HTTPS Detectors
DNS over HTTPS,DoH, detection,comparative analysis,machine learning,network
security
DNS over HTTPS (DoH) is a protocol that encrypts DNS traffic to improve user
privacy and security. However, its use also poses challenges for network
operators and security analysts who need to detect and monitor network traffic
for security purposes. Therefore, there are multiple DoH detection proposals that
leverage machine learning to identify DoH connections; however, these proposals
were often tested on different datasets, and their evaluation methodologies were
not consistent enough to allow direct performance comparison. We recreated seven
DoH detection proposals and evaluated them using six different experiments to
answer research questions that targeted specific deployment scenarios concerning
ML-model transferability, usability, and longevity. For thorough testing, we used
a large Collection of DoH datasets along with a novel 5-week dataset that enabled
the evaluation of data drift. Our study provides insights into the current state
of DoH detection techniques and can help network operators and security analysts
choose the most suitable method for their specific needs.
@article{BUT188647,
author="Kamil {Jeřábek} and Karel {Hynek} and Ondřej {Ryšavý}",
title="Comparative Analysis of DNS over HTTPS Detectors",
journal="Computer Networks",
year="2024",
volume="2024",
number="247",
pages="110452--110465",
doi="10.1016/j.comnet.2024.110452",
issn="1872-7069",
url="https://doi.org/10.1016/j.comnet.2024.110452"
}