A New Method to Detect Malicious DNS over HTTPS via Feature Reduction

Ali K. Bozkurt; Burcu Sönmez Sarikaya; Halil E. Aköz; Ataberk Taşpinar; Şerif Bahtiyar

doi:10.1109/UBMK63289.2024.10773501

A New Method to Detect Malicious DNS over HTTPS via Feature Reduction

Ali K. Bozkurt
, Burcu Sönmez Sarikaya
, Halil E. Aköz
, Ataberk Taşpinar
, Şerif Bahtiyar

Bilgisayar Mühendisliği Bölümü

Istanbul Technical University

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

1 Atıf (Scopus)

Özet

The classification o f malicious D NS o ver HTTPS (DoH) as malicious or benign is a challenging task due to its encrypted nature and massive amount of data that needs to be analyzed. The lack of an accurate classification o f DoH violates the security requirements of DNS systems. Our aim in this paper is to detect malicious DoH by incorporating feature reduction to speed up the detection process with machine learning algorithms. We used three classification models with feature reductions. We achieved higher performance while keeping an acceptable accuracy reduction within a negligible margin. Experimental evaluations show that the proposed feature reduction provides a better performance for malicious DoH detection.

Orijinal dil	İngilizce
Ana bilgisayar yayını başlığı	UBMK 2024 - Proceedings
Ana bilgisayar yayını alt yazısı	9th International Conference on Computer Science and Engineering
Editörler	Esref Adali
Yayınlayan	Institute of Electrical and Electronics Engineers Inc.
Sayfalar	754-759
Sayfa sayısı	6
ISBN (Elektronik)	9798350365887
DOI'lar	https://doi.org/10.1109/UBMK63289.2024.10773501
Yayın durumu	Yayınlandı - 2024
Etkinlik	9th International Conference on Computer Science and Engineering, UBMK 2024 - Antalya, Turkey Süre: 26 Eki 2024 → 28 Eki 2024

Yayın serisi

Adı	UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???	9th International Conference on Computer Science and Engineering, UBMK 2024
Ülke/Bölge	Turkey
Şehir	Antalya
Periyot	26/10/24 → 28/10/24

Bibliyografik not

Publisher Copyright:
© 2024 IEEE.

Belgeye Erişim

10.1109/UBMK63289.2024.10773501

Diğer Dosyalar ve Linkler

Link to publication in Scopus

Alıntı Yap

Bozkurt, A. K., Sarikaya, B. S., Aköz, H. E., Taşpinar, A., & Bahtiyar, Ş. (2024). A New Method to Detect Malicious DNS over HTTPS via Feature Reduction. In E. Adali (Ed.), UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering (pp. 754-759). (UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/UBMK63289.2024.10773501

Bozkurt, Ali K. ; Sarikaya, Burcu Sönmez ; Aköz, Halil E. et al. / A New Method to Detect Malicious DNS over HTTPS via Feature Reduction. UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering. editör / Esref Adali. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 754-759 (UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering).

@inproceedings{b345251231454cde8e476d031d53f0c2,

title = "A New Method to Detect Malicious DNS over HTTPS via Feature Reduction",

abstract = "The classification o f malicious D NS o ver HTTPS (DoH) as malicious or benign is a challenging task due to its encrypted nature and massive amount of data that needs to be analyzed. The lack of an accurate classification o f DoH violates the security requirements of DNS systems. Our aim in this paper is to detect malicious DoH by incorporating feature reduction to speed up the detection process with machine learning algorithms. We used three classification models with feature reductions. We achieved higher performance while keeping an acceptable accuracy reduction within a negligible margin. Experimental evaluations show that the proposed feature reduction provides a better performance for malicious DoH detection.",

keywords = "DNS tunneling, DoH, Feature reduction, Machine learning, Malicious DoH",

author = "Bozkurt, \{Ali K.\} and Sarikaya, \{Burcu S{\"o}nmez\} and Ak{\"o}z, \{Halil E.\} and Ataberk Ta{\c s}pinar and {\c S}erif Bahtiyar",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 9th International Conference on Computer Science and Engineering, UBMK 2024 ; Conference date: 26-10-2024 Through 28-10-2024",

year = "2024",

doi = "10.1109/UBMK63289.2024.10773501",

language = "English",

series = "UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "754--759",

editor = "Esref Adali",

booktitle = "UBMK 2024 - Proceedings",

address = "United States",

}

Bozkurt, AK, Sarikaya, BS, Aköz, HE, Taşpinar, A & Bahtiyar, Ş 2024, A New Method to Detect Malicious DNS over HTTPS via Feature Reduction. in E Adali (ed.), UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering. UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering, Institute of Electrical and Electronics Engineers Inc., pp. 754-759, 9th International Conference on Computer Science and Engineering, UBMK 2024, Antalya, Turkey, 26/10/24. https://doi.org/10.1109/UBMK63289.2024.10773501

A New Method to Detect Malicious DNS over HTTPS via Feature Reduction. / Bozkurt, Ali K.; Sarikaya, Burcu Sönmez; Aköz, Halil E. et al.
UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering. ed. / Esref Adali. Institute of Electrical and Electronics Engineers Inc., 2024. p. 754-759 (UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering).

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

TY - GEN

T1 - A New Method to Detect Malicious DNS over HTTPS via Feature Reduction

AU - Bozkurt, Ali K.

AU - Sarikaya, Burcu Sönmez

AU - Aköz, Halil E.

AU - Taşpinar, Ataberk

AU - Bahtiyar, Şerif

PY - 2024

Y1 - 2024

N2 - The classification o f malicious D NS o ver HTTPS (DoH) as malicious or benign is a challenging task due to its encrypted nature and massive amount of data that needs to be analyzed. The lack of an accurate classification o f DoH violates the security requirements of DNS systems. Our aim in this paper is to detect malicious DoH by incorporating feature reduction to speed up the detection process with machine learning algorithms. We used three classification models with feature reductions. We achieved higher performance while keeping an acceptable accuracy reduction within a negligible margin. Experimental evaluations show that the proposed feature reduction provides a better performance for malicious DoH detection.

AB - The classification o f malicious D NS o ver HTTPS (DoH) as malicious or benign is a challenging task due to its encrypted nature and massive amount of data that needs to be analyzed. The lack of an accurate classification o f DoH violates the security requirements of DNS systems. Our aim in this paper is to detect malicious DoH by incorporating feature reduction to speed up the detection process with machine learning algorithms. We used three classification models with feature reductions. We achieved higher performance while keeping an acceptable accuracy reduction within a negligible margin. Experimental evaluations show that the proposed feature reduction provides a better performance for malicious DoH detection.

KW - DNS tunneling

KW - DoH

KW - Feature reduction

KW - Machine learning

KW - Malicious DoH

UR - https://www.scopus.com/pages/publications/85215508902

U2 - 10.1109/UBMK63289.2024.10773501

DO - 10.1109/UBMK63289.2024.10773501

M3 - Conference contribution

AN - SCOPUS:85215508902

T3 - UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering

SP - 754

EP - 759

BT - UBMK 2024 - Proceedings

A2 - Adali, Esref

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 9th International Conference on Computer Science and Engineering, UBMK 2024

Y2 - 26 October 2024 through 28 October 2024

ER -

Bozkurt AK, Sarikaya BS, Aköz HE, Taşpinar A, Bahtiyar Ş. A New Method to Detect Malicious DNS over HTTPS via Feature Reduction. In Adali E, editör, UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering. Institute of Electrical and Electronics Engineers Inc. 2024. p. 754-759. (UBMK 2024 - Proceedings: 9th International Conference on Computer Science and Engineering). doi: 10.1109/UBMK63289.2024.10773501

A New Method to Detect Malicious DNS over HTTPS via Feature Reduction

Özet

Yayın serisi

???event.eventtypes.event.conference???

Bibliyografik not

Belgeye Erişim

Diğer Dosyalar ve Linkler

Parmak izi

Alıntı Yap