METC: A Hybrid Deep Learning Framework for Cross-Network Encrypted DNS over HTTPS Traffic Detection and Tunnel Identification

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-03-24 DOI:10.1016/j.inffus.2025.103125

Ming Zuo , Changyong Guo , Haiyan Xu , Zhaoxin Zhang , Yanan Cheng

{"title":"METC: A Hybrid Deep Learning Framework for Cross-Network Encrypted DNS over HTTPS Traffic Detection and Tunnel Identification","authors":"Ming Zuo , Changyong Guo , Haiyan Xu , Zhaoxin Zhang , Yanan Cheng","doi":"10.1016/j.inffus.2025.103125","DOIUrl":null,"url":null,"abstract":"<div><div>With the widespread adoption of DNS over HTTPS (DoH), network privacy and security have significantly improved, but detecting encrypted DoH traffic remains challenging, especially in heterogeneous environments. Existing research primarily focuses on desktops, neglecting mobile-specific detection.</div><div>To address this gap, we propose METC, a multi-stage hybrid learning framework for encrypted DoH traffic detection. We develop a mobile traffic collection tool supporting IPv6 and real-time inference and release the first mobile DoH dataset, comprising 38.21 GB of data.</div><div>METC integrates Convolutional Neural Networks (CNNs), Bidirectional Gated Recurrent Units (BiGRUs), and multi-head attention mechanisms, effectively capturing local traffic patterns, temporal dependencies, and key features to enhance cross-network generalization. Our CNN-BiGRU-Attention model achieves an F1-score of 97.34% in mobile DoH detection and 99.96%, 95.99%, and 94.65% in DoH-based tunnel traffic identification across three datasets. Additionally, it accurately identifies 10 tunneling tools, outperforming XGBoost in cross-network scenarios.</div><div>In summary, METC offers an innovative and efficient solution for encrypted DoH traffic detection and tunnel identification, advancing deep learning applications in network security.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"121 ","pages":"Article 103125"},"PeriodicalIF":14.7000,"publicationDate":"2025-03-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525001988","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

With the widespread adoption of DNS over HTTPS (DoH), network privacy and security have significantly improved, but detecting encrypted DoH traffic remains challenging, especially in heterogeneous environments. Existing research primarily focuses on desktops, neglecting mobile-specific detection.

To address this gap, we propose METC, a multi-stage hybrid learning framework for encrypted DoH traffic detection. We develop a mobile traffic collection tool supporting IPv6 and real-time inference and release the first mobile DoH dataset, comprising 38.21 GB of data.

METC integrates Convolutional Neural Networks (CNNs), Bidirectional Gated Recurrent Units (BiGRUs), and multi-head attention mechanisms, effectively capturing local traffic patterns, temporal dependencies, and key features to enhance cross-network generalization. Our CNN-BiGRU-Attention model achieves an F1-score of 97.34% in mobile DoH detection and 99.96%, 95.99%, and 94.65% in DoH-based tunnel traffic identification across three datasets. Additionally, it accurately identifies 10 tunneling tools, outperforming XGBoost in cross-network scenarios.

In summary, METC offers an innovative and efficient solution for encrypted DoH traffic detection and tunnel identification, advancing deep learning applications in network security.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.