Table 1.
Summary of related work on malicious DNS over HTTPS traffic detection.
Fig 1.
Architecture of Proposed System for DoH tunnel malicious Detection.
Table 2.
Shows the CIC dataset.
Table 3.
Details of HKD dataset.
Fig 2.
Distributions of features on CIC dataset.
Fig 3.
Distributions of features on HKD dataset.
Fig 4.
CIC dataset feature Importance.
Fig 5.
HKD dataset feature importance.
Fig 6.
Structure of the LSTM.
Fig 7.
Framework of the Proposed stacked ensemble model.
Table 4.
Hyperparameters.
Table 5.
Performance Evaluation Parameters.
Table 6.
Performance comparison of proposed model, single classifier and built models on CIC-DoH dataset.
Table 7.
Performance comparison of the proposed model, single classifier, and built models on the HKD-DoH dataset.
Fig 8.
(a) Accuracy (b), Precision (c), Recall, and (d) F1-score of different models for the CIC-DoH dataset.
Fig 9.
ROC and Precision-Recall curves of the proposed stacked meta-model on the CIC-DoH dataset: (a) ROC curve (AUC = 0.9999), (b) Precision-Recall curve (AUC-PR = 1.0000).
Fig 10.
Confusion matrix of proposed stacking on CIC-DoH dataset: (a) non-normalized cm, (b) normalized cm.
Fig 11.
(a) Accuracy (b) Precision (c) Recall and (d) F1-score of different models for HKD-DoH dataset.
Fig 12.
ROC and Precision-Recall curves of the proposed stacked meta-model on the HKD-DoH dataset: (a) ROC curve (AUC = 1.0000), (b) Precision-Recall curve (AUC-PR = 1.0000).
Fig 13.
Confusion matrix of proposed stacking on HKD-DoH dataset: (a) non-normalized cm, (b) normalized cm.
Table 8.
Performance of comparison between the proposed approach and existing works on the CIC dataset.
Table 9.
Time complexity analysis of models.