Science and Education Publishing
From Scientific Research to Knowledge
Submission
Browse by Subjects
Search
Journal Home
For Authors
Online Submission
Current Issue
Archive
About Us
Figures index
From
Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers
Yaser M. Banadaki
Journal of Computer Sciences and Applications
.
2020
, 8(2), 46-55 doi:10.12691/jcsa-8-2-2
Figure
1
.
(a) Training procedure of intrusion detection including data preprocessing, training, and optimizing the training algorithms, deployment of ML-based classifiers, and testing of the model to extract the classification performance metrics. (b) The network topology used to capture the traffic datasets, including benign and malicious DoH traffic along with non-DoH traffic
Full size figure and legend
Figure
2
.
Training progress pipelines for four ML models: XGBoost classifier, random forest classifier, decision tree classifier, and gradient boosting classifier
Full size figure and legend
Figure
3
.
(a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Decision Tree algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
Full size figure and legend
Figure
4
.
(a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Decision Tree algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
Full size figure and legend
Figure
5.
(a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Gradient Boosting algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
Full size figure and legend
Figure
6
.
(a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of LGBM algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
Full size figure and legend
Figure
7
.
(a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of XGBoost algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
Full size figure and legend
Figure 8.
(a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Random Forest algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
Full size figure and legend