Serial Number: 69
Year: 2020
Kind of Traffic: Simulated
Publicly Available: Yes
Count of Records:
Features Count: 28
No. of citations: 204
Attack Type: MITM, DNS,etc
Download Links: https://www.unb.ca/cic/datasets/dohbrw-2020.html
Abstract: CIRA-CIC-DoHBrw-2020 is freely available to public. Described by: “Mohammadreza Montazeri Shatoori et al. in their paper “Detection of DoH Tunnels using Time-series Classification of Encrypted Traffic”. DNS over HTTPS (DoH) is a protocol proposed by the (IETF) Internet Engineering Task Force. By encrypting DNS queries & sending them through a covert tunnel to enhance privacy & protects against man-in-the-middle attacks, ensuring data is not compromised. The DoH protocol within an application was implemented in dataset and capturing Malicious-DoH, Benign-DoH, and non-DoH traffic using “4” servers and “5” different browsers and tools. The proposed 2 layered method uses a statistical features classifier for layer 1 to differentiate non-DoH traffic & DoH traffic, and a time-series classifier for layer 2 to distinguish malicious from benignDoH traffic. Mozilla Firefox, Google Chrome, dns2tcp, Iodine and DNSCat2 are among the tools and browsers used to capture traffic, while Cloudflare, AdGuard, Quad9 and Google DNS, are among the servers which respond to DoH requests.