Investigate Effect of Various Feature Selection Methods for Attack Detection of DOH Traffic

DNS over HTTPS (DoH) is advance version to the current DNS protocol. Which enhance the security and privacy to the internet browsing. In a existing DNS protocol, when address is typed in the browser, the device queries a DNS server to translate typed web address into IP address. This unscripted translate process means DNS queries can be read and monitored by the third party, leading to unsecure browsing. To prevent this unsecure browsing, DoH protocol is introduced. DoH is a modern protocol that performs Domain Name System (DNS) resolution over the HTTPS protocol; enhance the privacy and integrity of DNS queries through secure, encrypted channels. Past research is carried out on DOH using various classifiers and feature selection techniques, which are not given satisfactory results. This research uses machine learning (ML)-based algorithms to address the challenge of identifying malicious DoH connections. More specifically focused on efficacy of the k-NN classifier for detecting DoH tunnels by comparing its performance before and after applying feature selection techniques. Principal Component Analysis (PCA), Lasso Regression (LR), Logistic Regression (LoR), and Random Forest (RF) are the feature selection techniques which enhance the robustness and efficiency of the classifier. Two main approaches to feature selection are explored: selecting features before training the k-NN model to reduce dimensionality and eliminate potential noise, and selecting features after training to leverage insights from the k-NN model and prioritize important features. The k-NN algorithm's performance is evaluated before and after feature selection to ensure consistency and reliability in detecting malicious DoH connections. The results demonstrated promising outcomes, achieved tremendous accuracy in the classification task.