An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks

Article


Zebin, T., Rezvy, S. and Luo, Y. 2022. An explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks. IEEE Transactions on Information Forensics and Security. 17, pp. 2339-2349. https://doi.org/10.1109/TIFS.2022.3183390
TypeArticle
TitleAn explainable AI-based intrusion detection system for DNS over HTTPS (DoH) attacks
AuthorsZebin, T., Rezvy, S. and Luo, Y.
Abstract

Over the past few years, Domain Name Service (DNS) remained a prime target for hackers as it enables them to gain first entry into networks and gain access to data for exfiltration. Although the DNS over HTTPS (DoH) protocol has desirable properties for internet users such as privacy and security, it also causes a problem in that network administrators are prevented from detecting suspicious network traffic generated by malware and malicious tools. To support their efforts in maintaining a secure network, in this paper, we have implemented an explainable AI solution using a novel machine learning framework. We have used the publicly available CIRA-CIC-DoHBrw-2020 dataset for developing an accurate solution to detect and classify the DNS over HTTPS attacks. Our proposed balanced and stacked Random Forest achieved very high precision (99.91%), recall (99.92%) and F1 score (99.91%) for the classification task at hand. Using explainable AI methods, we have additionally highlighted the underlying feature contributions in an attempt to provide transparent and explainable results from the model.

Sustainable Development Goals9 Industry, innovation and infrastructure
LanguageEnglish
PublisherInstitute of Electrical and Electronics Engineers
JournalIEEE Transactions on Information Forensics and Security
ISSN1556-6013
Electronic1556-6021
Publication dates
Online15 Jun 2022
Print24 Jun 2022
Publication process dates
Deposited27 Jun 2022
Accepted06 Jun 2022
Output statusPublished
Accepted author manuscript
Copyright Statement

© 2022 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.

Digital Object Identifier (DOI)https://doi.org/10.1109/TIFS.2022.3183390
Permalink -

https://repository.mdx.ac.uk/item/89x29

Download files


Accepted author manuscript
  • 38
    total views
  • 7
    total downloads
  • 5
    views this month
  • 2
    downloads this month

Export as

Related outputs

Development of OpenFlow Native Capabilities to optimize QoS
Breiki, M., Zhou, S. and Luo, Y. 2020. Development of OpenFlow Native Capabilities to optimize QoS. 2020 Seventh International Conference on Software Defined Systems (SDS). Paris, France 20 - 23 Apr 2020 IEEE. pp. 67-74 https://doi.org/10.1109/SDS49854.2020.9143890
Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS
Breiki, M., Zhou, S. and Luo, Y. 2020. Design and validation of a meter band rate in OpenFlow and OpenDaylight for optimizing QoS. Advances in Science, Technology and Engineering Systems Journal. 5 (2), pp. 35-43. https://doi.org/10.25046/aj050205
A meter band rate mechanism to improve the native QoS capability of OpenFlow and OpenDaylight
Al Breiki, M., Zhou, S. and Luo, Y. 2019. A meter band rate mechanism to improve the native QoS capability of OpenFlow and OpenDaylight. 2019 International Conference on Advanced Communication Technologies and Networking (CommNet). Rabat, Morocco, Morocco 12 - 14 Apr 2019 IEEE. https://doi.org/10.1109/COMMNET.2019.8742360
An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks
Rezvy, S., Luo, Y., Petridis, M., Lasebae, A. and Zebin, T. 2019. An efficient deep learning model for intrusion classification and prediction in 5G and IoT networks. 2019 53rd Annual Conference on Information Sciences and Systems (CISS). Baltimore, MD, USA, USA 20 - 22 Mar 2019 IEEE. pp. 1-6 https://doi.org/10.1109/CISS.2019.8693059
The impacts of internal threats towards routing protocol for low power and lossy network performance
Le, A., Loo, J., Luo, Y. and Lasebae, A. 2013. The impacts of internal threats towards routing protocol for low power and lossy network performance. 2013 IEEE Symposium on Computers and Communications (ISCC). https://doi.org/10.1109/ISCC.2013.6755045
Location privacy in mobile IPv6 distributed authentication protocol using mobile home agents
Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2009. Location privacy in mobile IPv6 distributed authentication protocol using mobile home agents. Trilling, L., Perkins, D., Dionysios, D., Perlovsky, L., Davey, K., Landgrebe, D., Marino, M., Russell, D., Collicott, S., Ceccarelli, M. and Lund, J. (ed.) The 8th WSEAS International Conference on Electronics, Hardware, Wireless and Optical Communications (EHAC '09). Cambridge, UK 21 - 23 Feb 2009 WSEAS Press. pp. 51-56
Specification-based IDS for securing RPL from topology attacks
Le, A., Loo, J., Luo, Y. and Lasebae, A. 2011. Specification-based IDS for securing RPL from topology attacks. Wireless Days (WD), 2011 IFIP. https://doi.org/10.1109/WD.2011.6098218
Exchange routing information between new neighbor nodes to improve AODV performance
Le, A. and Luo, Y. 2009. Exchange routing information between new neighbor nodes to improve AODV performance. in: 6th international conference on Information Technology: New Generations, 2009. Proceedings IEEE Computer Society.. pp. 1661-1662
Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6
Georgiades, A., Luo, Y., Lasebae, A. and Comley, R. 2008. Introducing mobile home agents into the distributed authentication protocol to achieve location privacy in mobile IPv6. International Journal of Communications. 2 (3), pp. 185-194.
6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach
Le, A., Loo, J., Lasebae, A., Aiash, M. and Luo, Y. 2012. 6LoWPAN: a study on QoS security threats and countermeasures using intrusion detection system approach. International Journal of Communication Systems. 25 (9), pp. 1189-1212. https://doi.org/10.1002/dac.2356
Using unified process to develop an online survey application.
Luo, Y. and Zhao, H. 2005. Using unified process to develop an online survey application. in: Proceedings of the IADIS international conference WWW/Internet 2005. IADIS.
A multi-agent decision support system for stock trading
Luo, Y., Liu, K. and Davis, D. 2002. A multi-agent decision support system for stock trading. IEEE network. 16 (1), pp. 20-27.
Using KADS to design a multi-agent framework for stock trading.
Luo, Y., Liu, K. and Davis, D. 2001. Using KADS to design a multi-agent framework for stock trading. in: Arabnia, H. (ed.) Proceedings of International Conference on Artificial Intelligence(IC-AI'2001). CSREA Press. pp. 1149-1156
Information and knowledge exchange in a multi-agent system for stock trading.
Luo, Y., Davis, D. and Liu, K. 2001. Information and knowledge exchange in a multi-agent system for stock trading. in: Jakobson, G. and Ray, P. (ed.) 2001 enterprise networking, applications and services conference proceedings: entnet@supercomm2001. IEEE. pp. 47-55
A new distributed Java-based agents environment
Luo, Y. and Zhou, Z. 2000. A new distributed Java-based agents environment. Mini-micro systems. 21 (11), pp. 1227-1230.
A multi-agent framework for stock trading.
Luo, Y., Liu, K. and Davis, D. 2000. A multi-agent framework for stock trading. in: Shi, Z., Faltings, B. and Musen, M. (ed.) Proceedings of conference on intelligent information processing. Beijing Publishing House of Electronics Industry of China. pp. 470-477
Dual identity return routability for the security of mobile IPv6 binding updates within the distributed authentication protocol.
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2006. Dual identity return routability for the security of mobile IPv6 binding updates within the distributed authentication protocol. in: WSEAS Conferences: Elounda, Agios Nikolaos, Crete, Greece, August 18-20, 2006 Athens WSEAS.
Distributed authentication protocol utilizing dual identity return routability for the security of binding updates within mobile IPv6.
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2006. Distributed authentication protocol utilizing dual identity return routability for the security of binding updates within mobile IPv6. WSEAS transactions on communications. 5 (10), pp. 1109-2742.
Distributed authentication protocol for the security of binding updates in mobile IPv6.
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2005. Distributed authentication protocol for the security of binding updates in mobile IPv6. in: Proceedings of the 9th WSEAS international CSCC multiconference: circuits 05, systems 05, computers 05, communications 05. WSEAS.
Binding update security for mobile IPv6 using a distributed authentication protocol.
Luo, Y., Lasebae, A., Comley, R. and Georgiades, A. 2005. Binding update security for mobile IPv6 using a distributed authentication protocol. WSEAS transactions on communications. 4 (9), pp. 1109-2742.
Trinity protocol for authentication of binding updates in mobile IPv6.
Luo, Y., Comley, R., Lasebae, A. and Georgiades, A. 2004. Trinity protocol for authentication of binding updates in mobile IPv6. WSEAS transactions on communications. 3 (3), pp. 872-877.
Combining KADS with Zeus to develop a multi-agent e-commerce application.
Luo, Y., Davis, D. and Liu, K. 2003. Combining KADS with Zeus to develop a multi-agent e-commerce application. Electronic commerce research. 3 (3-4), pp. 315-335. https://doi.org/10.1023/A:1023483208268
Computing migration through context awareness and context transmission.
Luo, Y., Cheng, Z. and Chin, K. 2003. Computing migration through context awareness and context transmission. in: Proceedings of the IADIS international conference WWW/Internet 2003. IADIS. pp. 386-394