An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks

Article

Zebin, T., Rezvy, S. and Luo, Y. 2022. An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks. IEEE Transactions on Information Forensics and Security. 17, pp. 2339-2349. https://doi.org/10.1109/TIFS.2022.3183390
TypeArticle
TitleAn explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks
AuthorsZebin, T., Rezvy, S. and Luo, Y.
Abstract

Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91%), recall (99.92%) and F1 score (99.91%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.

KeywordsTunneling; Servers; Security; Cryptography; Protocols; Computer crime; Feature extraction; Secure computing; machine learning; intrusion detection system; explainable AI
Sustainable Development Goals9 Industry, innovation and infrastructure
PublisherInstitute of Electrical and Electronics Engineers
JournalIEEE Transactions on Information Forensics and Security
ISSN1556-6013
Electronic1556-6021
Publication dates
Online15 Jun 2022
Print24 Jun 2022
Publication process dates
Deposited27 Jun 2022
Accepted06 Jun 2022
Output statusPublished
Accepted author manuscript
Copyright Statement

© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Digital Object Identifier (DOI)https://doi.org/10.1109/TIFS.2022.3183390
Web of Science identifierWOS:000815662000011
LanguageEnglish
Permalink -

https://repository.mdx.ac.uk/item/89x29

Log in to edit

Download files

Accepted author manuscript
Luo_Accepted_Journal_Paper_IEEE.pdf

  • 186
    total views
  • 66
    total downloads
  • 9
    views this month
  • 1
    downloads this month

Export as

Related outputs

Development of OpenFlow Native Capabilities to optimize QoS
Breiki, M., Zhou, S. and Luo, Y. 2020. Development of OpenFlow Native Capabilities to optimize QoS. 2020 Seventh International Conference on Software Defined Systems (SDS). Paris, France 20 - 23 Apr 2020 IEEE. pp. 67-74 https://doi.org/10.1109/SDS49854.2020.9143890
Deep learning for detection and segmentation of artefact and disease instances in gastrointestinal endoscopy
Ali, S., Dmitrieva, M., Ghatwary, N., Bano, S., Polat, G., Temizel, A., Krenzer, A., Hekalo, A., Guo, Y., Matuszewski, B., Gridach, M., Voiculescu, I., Yoganand, V., Chavan, A., Raj, A., Nguyen, N., Tran, D., Huynh, L., Boutry, N., Rezvy, S., Chen, H., Choi, Y., Subramanian, A., Balasubramanian, V., Gao, X., Hu, H., Liao, Y., Stoyanov, D., Daul, C., Realdon, S., Cannizzaro, R., Lamarque, D., Tran-Nguyen, T., Bailey, A., Braden, B., East, J. and Rittscher, J. 2021. Deep learning for detection and segmentation of artefact and disease instances in gastrointestinal endoscopy. Medical Image Analysis. 70. https://doi.org/10.1016/j.media.2021.102002
COVID-19 detection and disease progression visualization: Deep learning on chest X-rays for classification and coarse localization
Zebin, T. and Rezvy, S. 2021. COVID-19 detection and disease progression visualization: Deep learning on chest X-rays for classification and coarse localization. Applied Intelligence. 51 (2), pp. 1010-1021. https://doi.org/10.1007/s10489-020-01867-1
COVID-19 detection and disease progression visualization: Deep learning on chest X-rays for classification and coarse localization
Zebin, T., Rezvy, S. and Pang, W. 2020. COVID-19 detection and disease progression visualization: Deep learning on chest X-rays for classification and coarse localization. https://doi.org/10.21203/rs.3.rs-34534/v1
Transfer learning for endoscopy disease detection and segmentation with mask-RCNN benchmark architecture
Rezvy, S., Zebin, T., Pang, W., Taylor, S. and Gao, X. 2020. Transfer learning for endoscopy disease detection and segmentation with mask-RCNN benchmark architecture. 2nd International Workshop and Challenge on Computer Vision in Endoscopy. Iowa City, United States 03 Apr 2020 pp. 68-72
Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS
Breiki, M., Zhou, S. and Luo, Y. 2020. Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS. Advances in Science, Technology and Engineering Systems Journal. 5 (2), pp. 35-43. https://doi.org/10.25046/aj050205
A deep learning approach for length of stay prediction in clinical settings from medical records
Zebin, T., Rezvy, S. and Chaussalet, T. 2019. A deep learning approach for length of stay prediction in clinical settings from medical records. 2019 IEEE Conference on Computational Intelligence in Bioinformatics and Computational Biology (CIBCB). Siena, Italy 09 - 10 Jul 2019 IEEE. pp. 1-5 https://doi.org/10.1109/CIBCB.2019.8791477
A meter band rate mechanism to improve the native QoS capability of OpenFlow and OpenDaylight
Al Breiki, M., Zhou, S. and Luo, Y. 2019. A meter band rate mechanism to improve the native QoS capability of OpenFlow and OpenDaylight. 2019 International Conference on Advanced Communication Technologies and Networking (CommNet). Rabat, Morocco, Morocco 12 - 14 Apr 2019 IEEE. https://doi.org/10.1109/COMMNET.2019.8742360
An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks
Rezvy, S., Luo, Y., Petridis, M., Lasebae, A. and Zebin, T. 2019. An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks. 2019 53rd Annual Conference on Information Sciences and Systems (CISS). Baltimore, MD, USA, USA 20 - 22 Mar 2019 IEEE. pp. 1-6 https://doi.org/10.1109/CISS.2019.8693059
The impacts of internal threats towards routing protocol for low power and lossy network performance
Le, A., Loo, J., Luo, Y. and Lasebae, A. 2013. The impacts of internal threats towards routing protocol for low power and lossy network performance. 2013 IEEE Symposium on Computers and Communications (ISCC). https://doi.org/10.1109/ISCC.2013.6755045
Intrusion detection and classification with autoencoded deep neural network
Rezvy, S., Petridis, M., Lasebae, A. and Zebin, T. 2019. Intrusion detection and classification with autoencoded deep neural network. Lanet, J. and Toma, C. (ed.) SecITC 2018: International Conference on Security for Information Technology and Communications. Bucharest, Romania 08 - 09 Nov 2018 Switzerland Springer. pp. 142-156 https://doi.org/10.1007/978-3-030-12942-2_12
System capacity Improvement by on request channel allocation in LTE cellular network
Lasebae, A., Rahman, S. and Rezvy, S. 2014. System capacity Improvement by on request channel allocation in LTE cellular network. The 15th IEEE International Conference on a World of Wireless, Mobile and Multimedia Networks. Sydney, Australia 16 - 19 Jun 2014
Instant channel allocation technique to improve system throughput in joint LTE network
Rezvy, S., Rahman, S., Lasebae, A. and Loo, J. 2014. Instant channel allocation technique to improve system throughput in joint LTE network. The 28th IEEE International Conference on Advanced Information Networking and Applications. Victoria, BC, Canada 03 - 16 May 2014 IEEE. pp. 900-904 https://doi.org/10.1109/WAINA.2014.198
System capacity improvement by on request channel allocation in LTE cellular network
Rezvy, S., Rahman, S., Lasebae, A. and Loo, J. 2014. System capacity improvement by on request channel allocation in LTE cellular network. 48th Annual Conference on Information Sciences and Systems (CISS-2014). Princeton, New Jersey, USA 19 - 21 Mar 2014 Institute of Electrical and Electronics Engineers (IEEE). https://doi.org/10.1109/CISS.2014.6814105
On demand based frequency allocation to mitigate interference in femto-macro LTE cellular network
Rezvy, S., Rahman, S., Lasebae, A. and Loo, J. 2013. On demand based frequency allocation to mitigate interference in femto-macro LTE cellular network. Second International Conference on Future Generation Communication Technologies (FGCT- 2013). London, UK 12 - 14 Nov 2013 Institute of Electrical and Electronics Engineers (IEEE). pp. 213-218
Downlink femto-macro ICI cancellation by on request channel allocation in LTE network
Rezvy, S., Rahman, S., Lasebae, A. and Loo, J. 2014. Downlink femto-macro ICI cancellation by on request channel allocation in LTE network. 48th Annual Conference on Information Sciences and Systems (CISS-2014). Princeton University, New Jersey, USA 19 - 21 Mar 2014
Instant channel allocation technique to improve system throughput in joint LTE cellular network
Rezvy, S., Rahman, S., Lasebae, A. and Loo, J. 2014. Instant channel allocation technique to improve system throughput in joint LTE cellular network. Advanced Information Networking and Applications Workshops (WAINA 2014). Victoria, Canada 13 - 16 May 2014 Institute of Electrical and Electronics Engineers (IEEE). pp. 900-904 https://doi.org/10.1109/WAINA.2014.198
Specification-based IDS for securing RPL from topology attacks
Le, A., Loo, J., Luo, Y. and Lasebae, A. 2011. Specification-based IDS for securing RPL from topology attacks. Wireless Days (WD), 2011 IFIP. https://doi.org/10.1109/WD.2011.6098218
Exchange routing information between new neighbor nodes to improve AODV performance
Le, A. and Luo, Y. 2009. Exchange routing information between new neighbor nodes to improve AODV performance. in: 6th international conference on Information Technology: New Generations, 2009. Proceedings IEEE Computer Society. pp. 1661-1662
Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6
Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2008. Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6. International Journal of Communications. 2 (3), pp. 185-194.
6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach
Le, A., Loo, J., Lasebae, A., Aiash, M. and Luo, Y. 2012. 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach. International Journal of Communication Systems. 25 (9), pp. 1189-1212. https://doi.org/10.1002/dac.2356
Using unified process to develop an online survey application.
Luo, Y. and Zhao, H. 2005. Using unified process to develop an online survey application. in: Proceedings of the IADIS international conference WWW/Internet 2005. IADIS.
A multi-agent decision support system for stock trading
Luo, Y., Liu, K. and Davis, D. 2002. A multi-agent decision support system for stock trading. IEEE network. 16 (1), pp. 20-27.
Using KADS to design a multi-agent framework for stock trading.
Luo, Y., Liu, K. and Davis, D. 2001. Using KADS to design a multi-agent framework for stock trading. in: Arabnia, H. (ed.) Proceedings of International Conference on Artificial Intelligence(IC-AI'2001). CSREA Press. pp. 1149-1156
Information and knowledge exchange in a multi-agent system for stock trading.
Luo, Y., Davis, D. and Liu, K. 2001. Information and knowledge exchange in a multi-agent system for stock trading. in: Jakobson, G. and Ray, P. (ed.) 2001 enterprise networking, applications and services conference proceedings: entnet@supercomm2001. IEEE. pp. 47-55
A new distributed Java-based agents environment
Luo, Y. and Zhou, Z. 2000. A new distributed Java-based agents environment. Mini-micro systems. 21 (11), pp. 1227-1230.
A multi-agent framework for stock trading.
Luo, Y., Liu, K. and Davis, D. 2000. A multi-agent framework for stock trading. in: Shi, Z., Faltings, B. and Musen, M. (ed.) Proceedings of conference on intelligent information processing. Beijing Publishing House of Electronics Industry of China. pp. 470-477
Computing migration through context awareness and context transmission.
Luo, Y., Cheng, Z. and Chin, K. 2003. Computing migration through context awareness and context transmission. in: Proceedings of the IADIS international conference WWW/Internet 2003. IADIS. pp. 386-394
Location privacy in mobile IPv6 distributed authentication protocol using mobile home agents
Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2009. Location privacy in mobile IPv6 distributed authentication protocol using mobile home agents. Trilling, L., Perkins, D., Dionysios, D., Perlovsky, L., Davey, K., Landgrebe, D., Marino, M., Russell, D., Collicott, S., Ceccarelli, M. and Lund, J. (ed.) The 8th WSEAS International Conference on Electronics, Hardware, Wireless and Optical Communications (EHAC '09). Cambridge, UK 21 - 23 Feb 2009 World Scientific and Engineering Academy and Society (WSEAS). pp. 51-56
Dual identity return routability for the security of mobile IPv6 binding updates within the distributed authentication protocol.
Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2006. Dual identity return routability for the security of mobile IPv6 binding updates within the distributed authentication protocol. Lazakidou, A. and Siassiakos, K. (ed.) 6th WSEAS International Conference on Applied Informatics and Communications. Elounda, Greece 18 - 20 Aug 2006 World Scientific and Engineering Academy and Society (WSEAS). pp. 406-411
Distributed authentication protocol utilizing dual identity return routability for the security of binding updates within mobile IPv6
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2006. Distributed authentication protocol utilizing dual identity return routability for the security of binding updates within mobile IPv6. WSEAS Transactions on Communications. 5 (10), pp. 1109-2742.
Distributed authentication protocol for the security of binding updates in mobile IPv6
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2005. Distributed authentication protocol for the security of binding updates in mobile IPv6. Kartalopoulos, S. (ed.) 9th WSEAS International Conference on Communications. Athens, Greece 14 - 16 Jul 2005 World Scientific and Engineering Academy and Society (WSEAS).
Binding update security for mobile IPv6 using a distributed authentication protocol
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2005. Binding update security for mobile IPv6 using a distributed authentication protocol. WSEAS Transactions on Communications. 4 (9), pp. 1109-2742.
Trinity protocol for authentication of binding updates in mobile IPv6
Luo, Y., Comley, R., Lasebae, A. and Georgiades, A. 2004. Trinity protocol for authentication of binding updates in mobile IPv6. WSEAS Transactions on Communications. 3 (3), pp. 872-877.
Combining KADS with Zeus to develop a multi-agent e-commerce application
Davis, D., Luo, Y. and Liu, K. 2003. Combining KADS with Zeus to develop a multi-agent e-commerce application. Electronic Commerce Research. 3 (3-4), pp. 315-335. https://doi.org/10.1023/A:1023483208268