Figures index

From

Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers

Yaser M. Banadaki

Journal of Computer Sciences and Applications. 2020, 8(2), 46-55 doi:10.12691/jcsa-8-2-2
  • Figure 1. (a) Training procedure of intrusion detection including data preprocessing, training, and optimizing the training algorithms, deployment of ML-based classifiers, and testing of the model to extract the classification performance metrics. (b) The network topology used to capture the traffic datasets, including benign and malicious DoH traffic along with non-DoH traffic
  • Figure 2. Training progress pipelines for four ML models: XGBoost classifier, random forest classifier, decision tree classifier, and gradient boosting classifier
  • Figure 3. (a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Decision Tree algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
  • Figure 4. (a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Decision Tree algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
  • Figure 5. (a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Gradient Boosting algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
  • Figure 6. (a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of LGBM algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
  • Figure 7. (a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of XGBoost algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2
  • Figure 8. (a) Evaluation measures, (b) confusion matrices, (c) ROC curve, and (d) feature importance of Random Forest algorithm in classifying DoH traffic from non-DoH traffic in layer one and characterizing Benign-DoH from Malicious-DoH traffic in layer 2