Unveiling Hidden Patterns: Self-Similarity and Entropy for Robust Encrypted DNS Traffic Security
摘要
The increasing complexity and volume of modern network traffic, specifically within the context of encrypted Domain Name System (DNS) protocols, particularly DNS over HTTPS (DoH), pose significant challenges to traditional traffic analysis methods, making it difficult to discern legitimate activity from covert or malicious communications. This paper explores the intrinsic self-similarity and long-term memory properties of encrypted DNS traffic, employing multiple statistical methods for Hurst parameter estimation. By comparing benign and malicious traffic, we uncover distinct temporal structures, revealing the heightened predictability and persistence of malicious traffic. Furthermore, our entropy analysis quantifies packet inter-arrival randomness, providing additional discriminatory insights. Based on these findings, we propose an anomaly detector founded exclusively on these statistical features, demonstrating that they are sufficient to robustly differentiate malicious from benign traffic. These findings significantly enhance the understanding of how long-range dependencies and variations in unpredictability can be leveraged to enhance network security protocols and improve the detection of hidden threats within encrypted channels.