IEEE

TunnelEye: An Explainable Framework for Real-Time Detection of Malicious DoH Traffic in High-Speed Backbone Networks

Since plaintext DNS queries are vulnerable to eavesdropping and tampering, encrypted DNS protocols such as DoH (DNS over HTTPS) have been widely adopted. However, attackers can exploit DoH by hiding ...