Please use this identifier to cite or link to this item:
Title: DNS over HTTPS traffic analysis and detection
Author: López Romera, Carlos
Director: García Font, Víctor
Tutor: Hernández Gañán, Carlos
Keywords: DNS
machine learning
traffic analysis
Issue Date: 2-Jun-2020
Publisher: Universitat Oberta de Catalunya (UOC)
Abstract: The Domain Name Service (DNS) is a prevalent protocol used in computer communications, used to translate domain names to addresses that can be routed to via de Internet Protocol (IP). One of the main characteristics of DNS is the use of plaintext requests and responses, leaking information even in traditional secure communications; a client might resolve a server's IP address using plaintext messages, and then cryptographically protect its exchange with the server itself. DNS over HTTPS (DoH) is a protocol specification introduced in the IETF RFC 8484 (2018), which provides a mapping of regular DNS requests and responses over TLS-encapsulated HTTP messages. TLS (Transport Layer Protocol) and HTTP (HyperText Transfer Protocol), known in conjunction as HTTPS, are the two most common methods of communication with web servers, each providing security and structure respectively. DoH, then, provides not only the cryptographic benefits of TLS, but also the masquerading of DoH communications as regular web traffic. Although recent work has aimed to identify the content of DoH communications by using different fingerprinting techniques, distinguishing regular TLS-encapsulated HTTP traffic from DoH remains an unsolved challenge. In this thesis, passive analysis of DoH traffic is presented, as well as a method and implementation for its detection.
Language: English
Appears in Collections:Bachelor thesis, research projects, etc.

Files in This Item:
File Description SizeFormat 
lopezcTFM0620memory.pdfTFM memory1.69 MBAdobe PDFView/Open

This item is licensed under a Creative Commons License Creative Commons