DNS OVER HTTPS: DETECTING MALICIOUS PACKETS USING MACHINE LEARNING

Abstract

With the implementation of the HTTPs, the communication between the website and the browser has become secure. The HTTPs uses the TSL encryption, which uses the asymmetric key to encrypt the data being exchanged. Https is only responsible for data transfer, the IP translation is done by the DNS. DNS was first introduced in 1983, since then it has been responsible for resolving the URL into the IP address. A non-cached DNS query is resolved by first sending it to the Recursive DNS Servers, which is then sent to the Authoritative DNS Servers which finally returns the IP address. All these transmissions are not encrypted and can be read by any on-route router, this compromised the privacy of the users and they became susceptible to tracking and spoofing. In 2018, DNS over HTTPS was introduced and it greatly enhanced the privacy of the users by encrypting the query. DoH works by sending the DNS query over https directly over to the DoH server thus eliminating the information leakage. DoH solved the privacy issues but it resulted in other problems. DNS data is actively used by intrusion detection systems, firewalls and by various corporations to either block, control or to monitor the traffic before it enters into the network. But now as the DNS data would be encrypted thus vi these services can't be carried out properly. It can even lead to serious consequences if a malware bypasses the firewall. Due to all these reasons, it hasn’t been welcomed by many corporations. But Google and Firefox have already decided to provide this feature in their browsers. Thus, the network needs to be monitored based on other properties to filter the malicious traffic. In this project we have used artificial neural network to train the model. The model has shown exceptional accuracy. Our work is different from all the previous work.