Summary of DNS Over HTTPS Abuse

Hynek, Karel; Vekshin, Dmitrii; Luxemburk, Jan; Čejka, Tomáš; Wasicek, Armin

doi:10.1109/access.2022.3175497

Cited by 21 publications

(5 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All dashboards in graphs appear once the links [47–52] are clicked. Readers are advised to examine the details about the information on each graph.…”

Section: Resultsmentioning

confidence: 99%

Identifying China’s distinctive academic fields among the top 2% of influential scientists: A bibliometric analysis using Rasch KIDMAP

Wu,

Chou

2024

Medicine

View full text Add to dashboard Cite

Background: Leading scientists worldwide are recognized by their placement in the top 2% based on their career-spanning contributions, as categorized by the Science-Metrix classification. However, there has been little focus on the unique scientific fields and subfields that separate countries. Although the KIDMAP in the Rasch model has been utilized to depict student performance, its application in identifying distinctive academic areas remains unexplored. Our study uses this model to pinpoint unique research domains specific to countries based on the top 2% author data. Methods: We sourced our data from Elsevier career-long author database updated until the end of 2022. This encompassed 168 countries, 22 scientific domains, and 174 subdomains in 2021 and 2022 (with a total of 194,983 and 204,643 researchers, respectively). Our approach was threefold: identifying unique fields, subfields, and researchers. Visualizations included scatter plots, KIDMAP, and the Impact Bam Plot (IBP). China distinctive research areas were identified using the Rasch KIDMAP. Results: Key insights include the following: The US prevailing dominance in scientific domains in both 2021 and 2022. China distinct contribution in the “Enabling & Strategic Technologies” domain. China notable emphasis on the “Complementary & Alternative Medicine” subfield in 2022. Dr Phillip Low from the Mayo Clinic (US) emerged as a leading figure in the General & Internal Medicine research domain. Conclusions: Despite trailing the US in global research achievements, China showcased pronounced expertise in specific scientific areas, such as the “Complementary & Alternative Medicine” subfield in 2022, when compared to China other subfields based on the level of academic performance (−3.09 logits). Future research could benefit from incorporating KIDMAP visuals to gauge other countries’ strengths in various research sectors, expanding beyond the China-centric focus in this study.

show abstract

“…All dashboards in graphs appear once the links [47–52] are clicked. Readers are advised to examine the details about the information on each graph.…”

Section: Resultsmentioning

confidence: 99%

Identifying China’s distinctive academic fields among the top 2% of influential scientists: A bibliometric analysis using Rasch KIDMAP

Wu,

Chou

2024

Medicine

View full text Add to dashboard Cite

show abstract

“…There have been more efforts made by different researchers to utilize the properties and statistical features of the traffic flow to classify DNS-over-HTTPS (DoH) and DoH-based C2 tunnels using machine learning and deep learning models. Notwithstanding previous research on HTTPS traffic analysis, the malware use of HTTPS, or TLS with machine learning using flow-based features [40][41][42][43][44][45], this section focused on studies conducted on DoH traffic and DoH-based tunneling detection using machine learning methods.…”

Section: Dns Tunneling Detection With ML Methodsmentioning

confidence: 99%

XTS: A Hybrid Framework to Detect DNS-Over-HTTPS Tunnels Based on XGBoost and Cooperative Game Theory

et al. 2023

View full text Add to dashboard Cite

This paper proposes a hybrid approach called XTS that uses a combination of techniques to analyze highly imbalanced data with minimum features. XTS combines cost-sensitive XGBoost, a game theory-based model explainer called TreeSHAP, and a newly developed algorithm known as Sequential Forward Evaluation algorithm (SFE). The general aim of XTS is to reduce the number of features required to learn a particular dataset. It assumes that low-dimensional representation of data can improve computational efficiency and model interpretability whilst retaining a strong prediction performance. The efficiency of XTS was tested on a public dataset, and the results showed that by reducing the number of features from 33 to less than five, the proposed model achieved over 99.9% prediction efficiency. XTS was also found to outperform other benchmarked models and existing proof-of-concept solutions in the literature. The dataset contained data related to DNS-over-HTTPS (DoH) tunnels. The top predictors for DoH classification and characterization were identified using interactive SHAP plots, which included destination IP, packet length mode, and source IP. XTS offered a promising approach to improve the efficiency of the detection and analysis of DoH tunnels while maintaining accuracy, which can have important implications for behavioral network intrusion detection systems.

show abstract

“…To do so, DoH encrypts all DNS requests/responses before dispatch via HTTPs protocol. It also uses the same standard HTTPS port number (i.e., port number 443) to encapsulate the DNS request in the HTTPS traffic request [ 36 ]. Despite all such security mechanisms implemented into the DoH protocol, attackers can still use advanced attack approaches to steal information on the fly through the transmission of malicious DoH traffic.…”

Section: Doh Identification Architecturementioning

confidence: 99%

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Al‐Haija

Alohaly

Odeh

2023

Sensors

View full text Add to dashboard Cite

The Domain Name System (DNS) protocol essentially translates domain names to IP addresses, enabling browsers to load and utilize Internet resources. Despite its major role, DNS is vulnerable to various security loopholes that attackers have continually abused. Therefore, delivering secure DNS traffic has become challenging since attackers use advanced and fast malicious information-stealing approaches. To overcome DNS vulnerabilities, the DNS over HTTPS (DoH) protocol was introduced to improve the security of the DNS protocol by encrypting the DNS traffic and communicating it over a covert network channel. This paper proposes a lightweight, double-stage scheme to identify malicious DoH traffic using a hybrid learning approach. The system comprises two layers. At the first layer, the traffic is examined using random fine trees (RF) and identified as DoH traffic or non-DoH traffic. At the second layer, the DoH traffic is further investigated using Adaboost trees (ADT) and identified as benign DoH or malicious DoH. Specifically, the proposed system is lightweight since it works with the least number of features (using only six out of thirty-three features) selected using principal component analysis (PCA) and minimizes the number of samples produced using a random under-sampling (RUS) approach. The experiential evaluation reported a high-performance system with a predictive accuracy of 99.4% and 100% and a predictive overhead of 0.83 µs and 2.27 µs for layer one and layer two, respectively. Hence, the reported results are superior and surpass existing models, given that our proposed model uses only 18% of the feature set and 17% of the sample set, distributed in balanced classes.

show abstract

Summary of DNS Over HTTPS Abuse

Cited by 21 publications

References 49 publications

Identifying China’s distinctive academic fields among the top 2% of influential scientists: A bibliometric analysis using Rasch KIDMAP

Identifying China’s distinctive academic fields among the top 2% of influential scientists: A bibliometric analysis using Rasch KIDMAP

XTS: A Hybrid Framework to Detect DNS-Over-HTTPS Tunnels Based on XGBoost and Cooperative Game Theory

A Lightweight Double-Stage Scheme to Identify Malicious DNS over HTTPS Traffic Using a Hybrid Learning Approach

Contact Info

Product

Resources

About