Not logged in.
Quick Search - Contribution
|Title||Machine-learning based Detection of Malicious DNS-over-HTTPS (DoH) Traffic Based on Packet Captures|
|Institution||University of Zurich|
|Faculty||Faculty of Business, Economics and Informatics|
|Abstract Text||The goal of this thesis is to implement a working prototype for the detection of malicious DNS-over-HTTPS (DoH) traffic into the already existing System SecGrid, a platform for the extraction of internet traffic, its analysis, and the detection of cyber-attacks developed by the CSG-Group at the University of Zurich. The implementation contains a special feature extraction for DoH traffic based on TCP-flows and a two Layered Machine Learning pipeline for the detection of malicious DoH traffic. The evaluation proves that the prototype is extremely precise for single data-sets, but as soon as the models are trained and tested with different data the accuracy of the prototype deteriorates drastically. The conclusion is the diversification of the training data-sets into data-sets that are aligned with real-world browser settings and all available DoH resolvers and especially the quantitative and qualitative extension of the state-of-the-art data.|