信息安全研究2025,Vol.11Issue(4):358-366,9.DOI:10.12379/j.issn.2096-1057.2025.04.09
一种DoH实时流量识别系统
A DoH Real-time Traffic Identification System
摘要
Abstract
DoH(Dns-over-https)technology has become the main means of encrypting DNS.Different from DoH traffic data sets that are captured over a long period of time,real-time DoH traffic identification requires multiple traffic capture in a short period of time,resulting in traffic fragmentation and makeing flow level and session level features not applicable.In order to solve this problem,a DoH real-time traffic identification system is proposed.The system utilizes the DNS resolution server IP dictionary for preliminary and rapid identification,and establishes a feature extraction method for DoH real-time traffic based on the relevant characteristics of packet length,inter packet latency,and traffic surge,combined with machine learning models for accurate traffic identification.Multiple network public datasets are used,and a real-time DoH traffic dataset are independently generated for verification experiments.The experimental results show that the feature extraction method used in the traffic identification system,can accurately identify real-time DoH traffic.关键词
DNS/DNS-over-HTTPS/加密流量/实时流量/机器学习Key words
DNS/DNS-over-HTTPS/encrypted traffic/real time traffic/machine learning分类
计算机与自动化引用本文复制引用
孙璇,马行一,康海燕..一种DoH实时流量识别系统[J].信息安全研究,2025,11(4):358-366,9.基金项目
国家社会科学基金项目(21BTQ079) (21BTQ079)
北京未来区块链与隐私计算高精尖创新中心基金项目(GJJ-22-03) (GJJ-22-03)
