Unveiling DoH tunnel: Toward generating a balanced DoH encrypted traffic dataset and profiling malicious behavior using inherently interpretable machine learning

Niktabe, Sepideh; Lashkari, Arash Habibi; Roudsari, Arousha Haghighian

doi:10.1007/s12083-023-01597-4

Peer-to-Peer Netw. Appl.

2023

DOI: 10.1007/s12083-023-01597-4

|View full text |Cite

Unveiling DoH tunnel: Toward generating a balanced DoH encrypted traffic dataset and profiling malicious behavior using inherently interpretable machine learning

Sepideh Niktabe,

Arash Habibi Lashkari,

Arousha Haghighian Roudsari

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Other1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

References 108 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

DoH Deception: Evading ML-Based Tunnel Detection Models with Real-world Adversarial Examples

Valente,

Osti,

P. Júnior

et al. 2024

Anais Do XXIV Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2024)

View full text Add to dashboard Cite

Previous research on DNS over HTTPS (DoH) tunnel detection has focused on developing detection Machine Learning (ML) models, emphasizing accuracy and explainability. However, these models have neglected the threat of adversarial attacks, rendering them vulnerable and less robust. Our study reveals that most state-of-the-art DoH tunnel detection models are likely susceptible to adversarial black-box attacks. We adopt a novel approach by adapting the Zeroth Order Optimization (ZOO) attack to support DoH request features. The most constrained adaptation generated adversarial examples for 5 out of 6 DoH public tunnel tools. Our methods have successfully evaded the four most used state-of-the-art tunnel detection architectures. The technique relies on network flows and does not depend on the DoH request format. Thus, researchers can use it to create more robust DoH tunnel classifiers that target similar architectures in different security domains.

show abstract

DoH Deception: Evading ML-Based Tunnel Detection Models with Real-world Adversarial Examples

Valente,

Osti,

P. Júnior

et al. 2024

Anais Do XXIV Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2024)

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Unveiling DoH tunnel: Toward generating a balanced DoH encrypted traffic dataset and profiling malicious behavior using inherently interpretable machine learning

Cited by 1 publication

References 108 publications

DoH Deception: Evading ML-Based Tunnel Detection Models with Real-world Adversarial Examples

DoH Deception: Evading ML-Based Tunnel Detection Models with Real-world Adversarial Examples

Contact Info

Product

Resources

About