Not logged in.

Contribution Details

Type Bachelor's Thesis
Scope Discipline-based scholarship
Title Machine-learning based Detection of Malicious DNS-over-HTTPS (DoH) Traffic Based on Packet Captures
Organization Unit
  • David Stalder
  • Jan Von der Assen
  • Burkhard Stiller
  • English
Institution University of Zurich
Faculty Faculty of Business, Economics and Informatics
Date 2022
Abstract Text The goal of this thesis is to implement a working prototype for the detection of malicious DNS-over-HTTPS (DoH) traffic into the already existing System SecGrid, a platform for the extraction of internet traffic, its analysis, and the detection of cyber-attacks developed by the CSG-Group at the University of Zurich. The implementation contains a special feature extraction for DoH traffic based on TCP-flows and a two Layered Machine Learning pipeline for the detection of malicious DoH traffic. The evaluation proves that the prototype is extremely precise for single data-sets, but as soon as the models are trained and tested with different data the accuracy of the prototype deteriorates drastically. The conclusion is the diversification of the training data-sets into data-sets that are aligned with real-world browser settings and all available DoH resolvers and especially the quantitative and qualitative extension of the state-of-the-art data.
PDF File Download
Export BibTeX