Zebin, T.; Rezvy, S.; Luo, Y.

An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks

Article

Zebin, T., Rezvy, S. and Luo, Y. 2022. An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks. IEEE Transactions on Information Forensics and Security. 17, pp. 2339-2349. https://doi.org/10.1109/TIFS.2022.3183390

Publication dates
Type	Article
Title	An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks
Authors	Zebin, T., Rezvy, S. and Luo, Y.
Abstract	Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91%), recall (99.92%) and F1 score (99.91%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.
Keywords	Tunneling; Servers; Security; Cryptography; Protocols; Computer crime; Feature extraction; Secure computing; machine learning; intrusion detection system; explainable AI
Sustainable Development Goals	9 Industry, innovation and infrastructure
Publisher	Institute of Electrical and Electronics Engineers
Journal	IEEE Transactions on Information Forensics and Security
ISSN	1556-6013
Electronic	1556-6021
Online	15 Jun 2022
Print	24 Jun 2022
Publication process dates
Deposited	27 Jun 2022
Accepted	06 Jun 2022
Output status	Published
Accepted author manuscript	Luo_Accepted_Journal_Paper_IEEE.pdf
Copyright Statement	© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.
Digital Object Identifier (DOI)	https://doi.org/10.1109/TIFS.2022.3183390
Web of Science identifier	WOS:000815662000011
Language	English

Permalink -

https://repository.mdx.ac.uk/item/89x29

Log in to edit

Download files

Accepted author manuscript

Luo_Accepted_Journal_Paper_IEEE.pdf

60
total views
16
total downloads
6
views this month
0
downloads this month

Export as

Related outputs

Development of OpenFlow Native Capabilities to optimize QoS

Breiki, M., Zhou, S. and Luo, Y. 2020. Development of OpenFlow Native Capabilities to optimize QoS. 2020 Seventh International Conference on Software Defined Systems (SDS). Paris, France 20 - 23 Apr 2020 IEEE. pp. 67-74 https://doi.org/10.1109/SDS49854.2020.9143890

Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS

Breiki, M., Zhou, S. and Luo, Y. 2020. Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS. Advances in Science, Technology and Engineering Systems Journal. 5 (2), pp. 35-43. https://doi.org/10.25046/aj050205

A meter band rate mechanism to improve the native QoS capability of OpenFlow and OpenDaylight

Al Breiki, M., Zhou, S. and Luo, Y. 2019. A meter band rate mechanism to improve the native QoS capability of OpenFlow and OpenDaylight. 2019 International Conference on Advanced Communication Technologies and Networking (CommNet). Rabat, Morocco, Morocco 12 - 14 Apr 2019 IEEE. https://doi.org/10.1109/COMMNET.2019.8742360

An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks

Rezvy, S., Luo, Y., Petridis, M., Lasebae, A. and Zebin, T. 2019. An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks. 2019 53rd Annual Conference on Information Sciences and Systems (CISS). Baltimore, MD, USA, USA 20 - 22 Mar 2019 IEEE. pp. 1-6 https://doi.org/10.1109/CISS.2019.8693059

The impacts of internal threats towards routing protocol for low power and lossy network performance

Le, A., Loo, J., Luo, Y. and Lasebae, A. 2013. The impacts of internal threats towards routing protocol for low power and lossy network performance. 2013 IEEE Symposium on Computers and Communications (ISCC). https://doi.org/10.1109/ISCC.2013.6755045

Location privacy in mobile IPv6 distributed authentication protocol using mobile home agents

Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2009. Location privacy in mobile IPv6 distributed authentication protocol using mobile home agents. Trilling, L., Perkins, D., Dionysios, D., Perlovsky, L., Davey, K., Landgrebe, D., Marino, M., Russell, D., Collicott, S., Ceccarelli, M. and Lund, J. (ed.) The 8th WSEAS International Conference on Electronics, Hardware, Wireless and Optical Communications (EHAC '09). Cambridge, UK 21 - 23 Feb 2009 WSEAS Press. pp. 51-56

Specification-based IDS for securing RPL from topology attacks

Le, A., Loo, J., Luo, Y. and Lasebae, A. 2011. Specification-based IDS for securing RPL from topology attacks. Wireless Days (WD), 2011 IFIP. https://doi.org/10.1109/WD.2011.6098218

Exchange routing information between new neighbor nodes to improve AODV performance

Le, A. and Luo, Y. 2009. Exchange routing information between new neighbor nodes to improve AODV performance. in: 6th international conference on Information Technology: New Generations, 2009. Proceedings IEEE Computer Society. pp. 1661-1662

Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6

Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2008. Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6. International Journal of Communications. 2 (3), pp. 185-194.

6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach

Le, A., Loo, J., Lasebae, A., Aiash, M. and Luo, Y. 2012. 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach. International Journal of Communication Systems. 25 (9), pp. 1189-1212. https://doi.org/10.1002/dac.2356

Using unified process to develop an online survey application.

Luo, Y. and Zhao, H. 2005. Using unified process to develop an online survey application. in: Proceedings of the IADIS international conference WWW/Internet 2005. IADIS.

A multi-agent decision support system for stock trading

Luo, Y., Liu, K. and Davis, D. 2002. A multi-agent decision support system for stock trading. IEEE network. 16 (1), pp. 20-27.

Using KADS to design a multi-agent framework for stock trading.

Luo, Y., Liu, K. and Davis, D. 2001. Using KADS to design a multi-agent framework for stock trading. in: Arabnia, H. (ed.) Proceedings of International Conference on Artificial Intelligence(IC-AI'2001). CSREA Press. pp. 1149-1156

Information and knowledge exchange in a multi-agent system for stock trading.

Luo, Y., Davis, D. and Liu, K. 2001. Information and knowledge exchange in a multi-agent system for stock trading. in: Jakobson, G. and Ray, P. (ed.) 2001 enterprise networking, applications and services conference proceedings: entnet@supercomm2001. IEEE. pp. 47-55

A new distributed Java-based agents environment

Luo, Y. and Zhou, Z. 2000. A new distributed Java-based agents environment. Mini-micro systems. 21 (11), pp. 1227-1230.

A multi-agent framework for stock trading.

Luo, Y., Liu, K. and Davis, D. 2000. A multi-agent framework for stock trading. in: Shi, Z., Faltings, B. and Musen, M. (ed.) Proceedings of conference on intelligent information processing. Beijing Publishing House of Electronics Industry of China. pp. 470-477

Dual identity return routability for the security of mobile IPv6 binding updates within the distributed authentication protocol.

Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2006. Dual identity return routability for the security of mobile IPv6 binding updates within the distributed authentication protocol. in: WSEAS Conferences: Elounda, Agios Nikolaos, Crete, Greece, August 18-20, 2006 Athens WSEAS.

Distributed authentication protocol utilizing dual identity return routability for the security of binding updates within mobile IPv6.

Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2006. Distributed authentication protocol utilizing dual identity return routability for the security of binding updates within mobile IPv6. WSEAS transactions on communications. 5 (10), pp. 1109-2742.

Distributed authentication protocol for the security of binding updates in mobile IPv6.

Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2005. Distributed authentication protocol for the security of binding updates in mobile IPv6. in: Proceedings of the 9th WSEAS international CSCC multiconference: circuits 05, systems 05, computers 05, communications 05. WSEAS.