Key points are not available for this paper at this time.
Abstract. The Domain Name System (DNS) is responsible for translating server's IP address into a domain name, enabling an end user to access a resource without having to remember it’s IP address. This protocol is the basis of the modern Internet, but all messages between the client and the server pass through an unprotected communication channel, which makes it vulnerable to various types of attacks (Spoofing, Eavesdropping, Phishing and others). To overcome this problem, DNSSEC (DNS Secure), DoT (DNS over TLS) and DNS over HTTPS (DoH) protocols were developed. The last one was the most effective. DoH encrypts DNS traffic between the client and the server and also guarantees data integrity and confidentiality. This creates a problem in the correct recognition of DoH traffic. The article will describe research tools for detecting and analyzing malicious DNS traffic based on traffic analyzers and machine learning methods. Comprehensive methods for overcoming threats will be proposed and comparative characteristics of DNS security protocols will be presented. Thus, there is a need to apply a hybrid method of investigating malicious DNS traffic based on the combined use of traffic analyzers, machine learning, and human expertise to obtain statistical data. And that is why this topic of research is relevant, insufficiently researched in terms of the security of domain structures. This work is dedicated to the further development and research of DNS technology using encryption protocols and identification and analysis of malicious traffic, based on machine learning algorithms.
Коробейнікова et al. (Fri,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: