Figure 1. (a) Training procedure of intrusion detection including data preprocessing, training, and optimizing the training algorithms, deployment of ML-based classifiers, and testing of the model to extract the classification performance metrics. (b) The network topology used to capture the traffic datasets, including benign and malicious DoH traffic along with non-DoH traffic

From

Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers

Yaser M. Banadaki

Journal of Computer Sciences and Applications. 2020, 8(2), 46-55 doi:10.12691/jcsa-8-2-2