{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,4]],"date-time":"2026-05-04T11:29:19Z","timestamp":1777894159507,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,7,28]],"date-time":"2023-07-28T00:00:00Z","timestamp":1690502400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,7,28]]},"DOI":"10.1145\/3589012.3594895","type":"proceedings-article","created":{"date-parts":[[2023,7,31]],"date-time":"2023-07-31T16:08:35Z","timestamp":1690819715000},"page":"9-17","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":8,"title":["Insights into DoH: Traffic Classification for DNS over HTTPS in an Encrypted Network"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-3268-1878","authenticated-orcid":false,"given":"Fatema","family":"Bannat Wala","sequence":"first","affiliation":[{"name":"Lawrence Berkeley National Lab, Berkeley, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6542-7473","authenticated-orcid":false,"given":"Scott","family":"Campbell","sequence":"additional","affiliation":[{"name":"Lawrence Berkeley National Lab, Berkeley, CA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8455-9546","authenticated-orcid":false,"given":"Mariam","family":"Kiran","sequence":"additional","affiliation":[{"name":"Lawrence Berkeley National Lab, Berkeley, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,7,31]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2019. Google to run DoH experiment in Chrome. https:\/\/www.zdnet.com\/article\/google-to-run-dns-over-https-doh-experiment-in-chrome\/.  2019. Google to run DoH experiment in Chrome. https:\/\/www.zdnet.com\/article\/google-to-run-dns-over-https-doh-experiment-in-chrome\/."},{"key":"e_1_3_2_1_2_1","unstructured":"2019. New Godlua Backdoor Found Abusing DNS Over HTTPS (DoH) Protocol. https:\/\/www.trendmicro.com\/vinfo\/es\/security\/news\/cybercrime-and-digital-threats\/new-godlua-backdoor-found-abusing-dns-over-https-doh-protocol.  2019. New Godlua Backdoor Found Abusing DNS Over HTTPS (DoH) Protocol. https:\/\/www.trendmicro.com\/vinfo\/es\/security\/news\/cybercrime-and-digital-threats\/new-godlua-backdoor-found-abusing-dns-over-https-doh-protocol."},{"key":"e_1_3_2_1_3_1","unstructured":"2020. Mozilla enables DoH by Default. https:\/\/www.zdnet.com\/article\/mozilla-enables-doh-by-default-for-all-firefox-users-in-the-us\/.  2020. Mozilla enables DoH by Default. https:\/\/www.zdnet.com\/article\/mozilla-enables-doh-by-default-for-all-firefox-users-in-the-us\/."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICTC.2016.7763485"},{"key":"e_1_3_2_1_5_1","volume-title":"et al","author":"Arends R","year":"2005","unstructured":"R Arends , R Austein , M Larson , Daniel Massey , Scott W Rose , et al . 2005 . DNS Security Introduction and Requirements , RFC 4033. (2005). R Arends, R Austein, M Larson, Daniel Massey, Scott W Rose, et al . 2005. DNS Security Introduction and Requirements, RFC 4033. (2005)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/501983.501996"},{"key":"e_1_3_2_1_7_1","article-title":"Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers","volume":"2020","author":"Banadaki Yaser M.","year":"2020","unstructured":"Yaser M. Banadaki . 2020 . Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers . Journal of Computer Sciences and Applications , 2020 , Vol. 8, No. 2, 46--55 (2020). https:\/\/doi.org\/10.12691\/jcsa-8--2--2 10.12691\/jcsa-8--2--2 Yaser M. Banadaki. 2020. Detecting Malicious DNS over HTTPS Traffic in Domain Name System using Machine Learning Classifiers. Journal of Computer Sciences and Applications, 2020, Vol. 8, No. 2, 46--55 (2020). https:\/\/doi.org\/10.12691\/jcsa-8--2--2","journal-title":"Journal of Computer Sciences and Applications"},{"key":"e_1_3_2_1_8_1","volume-title":"10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20)","author":"Bushart Jonas","year":"2020","unstructured":"Jonas Bushart and Christian Rossow . 2020 . Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS . In 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20) . USENIX Association. https:\/\/www.usenix.org\/conference\/foci20\/presentation\/bushart Jonas Bushart and Christian Rossow. 2020. Padding Ain't Enough: Assessing the Privacy Guarantees of Encrypted DNS. In 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20). USENIX Association. https:\/\/www.usenix.org\/conference\/foci20\/presentation\/bushart"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECUREWARE.2007.4385307"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00026"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_12"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978317"},{"key":"e_1_3_2_1_15_1","volume-title":"International workshop on critical information infrastructures security. Springer, 185--196","author":"Kambourakis Georgios","year":"2007","unstructured":"Georgios Kambourakis , Tassos Moschos , Dimitris Geneiatakis , and Stefanos Gritzalis . 2007 . Detecting DNS amplification attacks . In International workshop on critical information infrastructures security. Springer, 185--196 . Georgios Kambourakis, Tassos Moschos, Dimitris Geneiatakis, and Stefanos Gritzalis. 2007. Detecting DNS amplification attacks. In International workshop on critical information infrastructures security. Springer, 185--196."},{"key":"e_1_3_2_1_16_1","unstructured":"A Mankin D Wessels and P Hoffman. 2016. Internet Engineering Task Force (IETF) Z. Hu Request for Comments: 7858 L. Zhu Category: Standards Track J. Heidemann. (2016).  A Mankin D Wessels and P Hoffman. 2016. Internet Engineering Task Force (IETF) Z. Hu Request for Comments: 7858 L. Zhu Category: Standards Track J. Heidemann. (2016)."},{"key":"e_1_3_2_1_17_1","volume-title":"The EDNS(0) Padding Option. Internet Engineering Task Force [IETF]","author":"Mayrhofer A.","year":"2016","unstructured":"A. Mayrhofer . 2016. The EDNS(0) Padding Option. Internet Engineering Task Force [IETF] ( 2016 ). A. Mayrhofer. 2016. The EDNS(0) Padding Option. Internet Engineering Task Force [IETF] (2016)."},{"key":"e_1_3_2_1_18_1","volume-title":"Padding Policies for Extension Mechanisms for DNS (EDNS(0)). Internet Engineering Task Force [IETF]","author":"Mayrhofer A.","year":"2018","unstructured":"A. Mayrhofer . 2018. Padding Policies for Extension Mechanisms for DNS (EDNS(0)). Internet Engineering Task Force [IETF] ( 2018 ). A. Mayrhofer. 2018. Padding Policies for Extension Mechanisms for DNS (EDNS(0)). Internet Engineering Task Force [IETF] (2018)."},{"key":"e_1_3_2_1_19_1","unstructured":"D. Meyer. 2016. Networking Meets Artificial Intelligence: A Glimpse into the (Very) Near Future. CTO corner. Dated: 08- 19--2016.  D. Meyer. 2016. Networking Meets Artificial Intelligence: A Glimpse into the (Very) Near Future. CTO corner. Dated: 08- 19--2016."},{"key":"e_1_3_2_1_20_1","volume-title":"Malicious DNS Tunnel Tool Recognition using Persistent DoH Traffic Analysis","author":"Mitsuhashi Rikima","year":"2022","unstructured":"Rikima Mitsuhashi , Yong Jin , Katsuyoshi Iida , Takahiro Shinagawa , and Yoshiaki Takai . 2022. Malicious DNS Tunnel Tool Recognition using Persistent DoH Traffic Analysis . IEEE Transactions on Network and Service Management ( 2022 ), 1--1. https:\/\/doi.org\/10.1109\/TNSM.2022.3215681 10.1109\/TNSM.2022.3215681 Rikima Mitsuhashi, Yong Jin, Katsuyoshi Iida, Takahiro Shinagawa, and Yoshiaki Takai. 2022. Malicious DNS Tunnel Tool Recognition using Persistent DoH Traffic Analysis. IEEE Transactions on Network and Service Management (2022), 1--1. https:\/\/doi.org\/10.1109\/TNSM.2022.3215681"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3551663.3558605"},{"key":"e_1_3_2_1_22_1","volume-title":"DoH Tunneling Detection System for Enterprise Network Using Deep Learning Technique. Applied Sciences 12, 5","author":"Nguyen Tuan Anh","year":"2022","unstructured":"Tuan Anh Nguyen and Minho Park . 2022. DoH Tunneling Detection System for Enterprise Network Using Deep Learning Technique. Applied Sciences 12, 5 ( 2022 ). https:\/\/doi.org\/10.3390\/app12052416 10.3390\/app12052416 Tuan Anh Nguyen and Minho Park. 2022. DoH Tunneling Detection System for Enterprise Network Using Deep Learning Technique. Applied Sciences 12, 5 (2022). https:\/\/doi.org\/10.3390\/app12052416"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.103001"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of the Annual Conference on USENIX Annual Technical Conference","author":"Reid Jim","year":"1998","unstructured":"Jim Reid and Anton Holleman . 1998 . Domain Name System: The Origin Solution . In Proceedings of the Annual Conference on USENIX Annual Technical Conference ( New Orleans, Louisiana) (ATEC '98). USENIX Association, USA, 28. Jim Reid and Anton Holleman. 1998. Domain Name System: The Origin Solution. In Proceedings of the Annual Conference on USENIX Annual Technical Conference (New Orleans, Louisiana) (ATEC '98). USENIX Association, USA, 28."},{"key":"e_1_3_2_1_25_1","volume-title":"Encrypted dns- privacy. A Traffic Analysis Perspective (Proc. of the NDSS)","author":"Siby Sandra","year":"2020","unstructured":"Sandra Siby , Marc Juarez , Claudia Diaz , Narseo Vallina-Rodriguez , and Carmela Troncoso . 2020. Encrypted dns- privacy. A Traffic Analysis Perspective (Proc. of the NDSS) ( 2020 ). Sandra Siby, Marc Juarez, Claudia Diaz, Narseo Vallina-Rodriguez, and Carmela Troncoso. 2020. Encrypted dns- privacy. A Traffic Analysis Perspective (Proc. of the NDSS) (2020)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/3ICT51146.2020.9312004"},{"key":"e_1_3_2_1_27_1","unstructured":"David Stalder. 2021. Machine-learning based Detection of Malicious DNS-over- HTTPS (DoH) Traffic Based on Packet Captures. https:\/\/files.ifi.uzh.ch\/CSG\/staff\/vonderassen\/extern\/theses\/ba-stalder.pdf.  David Stalder. 2021. Machine-learning based Detection of Malicious DNS-over- HTTPS (DoH) Traffic Based on Packet Captures. https:\/\/files.ifi.uzh.ch\/CSG\/staff\/vonderassen\/extern\/theses\/ba-stalder.pdf."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409192"},{"key":"e_1_3_2_1_29_1","volume-title":"Digital Threats: Research and Practice","author":"Wala Fatema Bannat","year":"2022","unstructured":"Fatema Bannat Wala and Chase Cotton . 2022. \"Off-Label\" use of DNS. Digital Threats: Research and Practice ( 2022 ). Fatema Bannat Wala and Chase Cotton. 2022. \"Off-Label\" use of DNS. Digital Threats: Research and Practice (2022)."}],"event":{"name":"HPDC '23: The 32nd International Symposium on High-Performance Parallel and Distributed Computing","location":"Orlando FL USA","acronym":"HPDC '23","sponsor":["SIGHPC ACM Special Interest Group on High Performance Computing, Special Interest Group on High Performance Computing","SIGARCH ACM Special Interest Group on Computer Architecture"]},"container-title":["Proceedings of the 2023 on Systems and Network Telemetry and Analytics"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589012.3594895","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3589012.3594895","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:36:15Z","timestamp":1750178175000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3589012.3594895"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,7,28]]},"references-count":27,"alternative-id":["10.1145\/3589012.3594895","10.1145\/3589012"],"URL":"https:\/\/doi.org\/10.1145\/3589012.3594895","relation":{},"subject":[],"published":{"date-parts":[[2023,7,28]]},"assertion":[{"value":"2023-07-31","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}