The paper presents an autoencoder model designed to detect malicious DNS-over-HTTPS (DoH) traffic. With the increasing adoption of DoH protocol by major browsers to encrypt DNS traffic and protect user privacy, intrusion detection systems face challenges as they can’t observe domain names in plaintext. The proposed autoencoder model seeks to address this problem by identifying anomalies in encrypted DoH traffic, thereby detecting malicious traffic, including zero-day attacks. The model outperforms other anomaly detection algorithms in experimental evaluations, achieving a median F-1 score of 99% over several types of malicious traffic.
Publication date: 19 Oct 2023
Project Page: Not Provided
Paper: https://arxiv.org/pdf/2310.11325