Document Type

Article

Publication Date

6-30-2023

Publication Title

2023 Silicon Valley Cybersecurity Conference (SVCC)

Pages

1-8

Publisher Name

IEEE

Abstract

The DNS over HTTPS (DoH) protocol is implemented to improve the original DNS protocol that uses unencrypted DNS queries and responses. With the DNS traffic, an eavesdropper can easily identify websites that a user is visiting. In order to address this concern of web privacy, encryption is used by performing a DNS lookup over HTTPS. In this paper, we studied whether the encrypted DoH traffic could be exploited to identify websites that a user has visited. This is a different type of website fingerprinting by analyzing encrypted DNS network traffic rather than the network traffic between the client and the web server. DNS typically uses fewer network packets than a website download. Our model and algorithm can accurately predict one out of 10, 000 websites with a 95% accuracy using the first 50 DoH packets. In the open-world environment with 100, 000 websites, our model achieves an F1-score of 93%.

Comments

Author Posting © 2023 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The definitive version of this work was published in 2023 Silicon Valley Cybersecurity Conference (SVCC), (June 30, 2023), http://doi.org/10.1109/SVCC56964.2023.10165086.

Download

Share

COinS