A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Lyu, Minzhao; Gharakheili, Hassan Habibi; Sivaraman, Vijay

doi:10.48550/arxiv.2201.00900

2022

DOI: 10.48550/arxiv.2201.00900

|View full text |Cite

Preprint

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Minzhao Lyu,

Hassan Habibi Gharakheili,

Vijay Sivaraman

Abstract: The domain name system (DNS) that maps alphabetic names to numeric Internet Protocol (IP) addresses plays a foundational role for Internet communications. By default, DNS queries and responses are exchanged in unencrypted plaintext, and hence, can be read and/or hijacked by third parties. To protect user privacy, the networking community has proposed standard encryption technologies such as DNS over TLS (DoT), DNS over HTTPS (DoH), and DNS over QUIC (DoQ) for DNS communications, enabling clients to perform sec… Show more

Help me understand this report

View published versions

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 63 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

Dawood,

Xiao,

et al. 2024

PeerJ Computer Science

View full text Add to dashboard Cite

This article explores detecting and categorizing network traffic data using machine-learning (ML) methods, specifically focusing on the Domain Name Server (DNS) protocol. DNS has long been susceptible to various security flaws, frequently exploited over time, making DNS abuse a major concern in cybersecurity. Despite advanced attack, tactics employed by attackers to steal data in real-time, ensuring security and privacy for DNS queries and answers remains challenging. The evolving landscape of internet services has allowed attackers to launch cyber-attacks on computer networks. However, implementing Secure Socket Layer (SSL)-encrypted Hyper Text Transfer Protocol (HTTP) transmission, known as HTTPS, has significantly reduced DNS-based assaults. To further enhance security and mitigate threats like man-in-the-middle attacks, the security community has developed the concept of DNS over HTTPS (DoH). DoH aims to combat the eavesdropping and tampering of DNS data during communication. This study employs a ML-based classification approach on a dataset for traffic analysis. The AdaBoost model effectively classified Malicious and Non-DoH traffic, with accuracies of 75% and 73% for DoH traffic. The support vector classification model with a Radial Basis Function (SVC-RBF) achieved a 76% accuracy in classifying between malicious and non-DoH traffic. The quadratic discriminant analysis (QDA) model achieved 99% accuracy in classifying malicious traffic and 98% in classifying non-DoH traffic.

show abstract

Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

Dawood,

Xiao,

et al. 2024

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

A Survey on DNS Encryption: Current Development, Malware Misuse, and Inference Techniques

Cited by 1 publication

References 63 publications

Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

Intelligent model for the detection and classification of encrypted network traffic in cloud infrastructure

Contact Info

Product

Resources

About