{"id":"https://openalex.org/W4285184946","doi":"https://doi.org/10.1109/tifs.2022.3183390","title":"An Explainable AI-Based Intrusion Detection System for DNS Over HTTPS (DoH) Attacks","display_name":"An Explainable AI-Based Intrusion Detection System for DNS Over HTTPS (DoH) Attacks","publication_year":2022,"publication_date":"2022-01-01","ids":{"openalex":"https://openalex.org/W4285184946","doi":"https://doi.org/10.1109/tifs.2022.3183390"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2022.3183390","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3183390","pdf_url":"https://ieeexplore.ieee.org/ielx7/10206/4358835/09796558.pdf","source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://ieeexplore.ieee.org/ielx7/10206/4358835/09796558.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5076944135","display_name":"Tahmina Zebin","orcid":"https://orcid.org/0000-0003-0437-0570"},"institutions":[{"id":"https://openalex.org/I1118541","display_name":"University of East Anglia","ror":"https://ror.org/026k5mg93","country_code":"GB","type":"education","lineage":["https://openalex.org/I1118541"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Tahmina Zebin","raw_affiliation_strings":["School of Computing Science, University of East Anglia, Norwich, U.K"],"affiliations":[{"raw_affiliation_string":"School of Computing Science, University of East Anglia, Norwich, U.K","institution_ids":["https://openalex.org/I1118541"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034372778","display_name":"Shahadate Rezvy","orcid":"https://orcid.org/0000-0002-2684-7117"},"institutions":[{"id":"https://openalex.org/I124246371","display_name":"York St John University","ror":"https://ror.org/00z5fkj61","country_code":"GB","type":"education","lineage":["https://openalex.org/I124246371"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Shahadate Rezvy","raw_affiliation_strings":["Department of Computer Science, School of Science, Technology and Health, York St John University, York, U.K"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, School of Science, Technology and Health, York St John University, York, U.K","institution_ids":["https://openalex.org/I124246371"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5046073465","display_name":"Yuan Luo","orcid":"https://orcid.org/0000-0002-9812-5543"},"institutions":[{"id":"https://openalex.org/I60488453","display_name":"Middlesex University","ror":"https://ror.org/01rv4p989","country_code":"GB","type":"education","lineage":["https://openalex.org/I60488453"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Yuan Luo","raw_affiliation_strings":["Faculty of Science and Technology, Middlesex University London, London, U.K"],"affiliations":[{"raw_affiliation_string":"Faculty of Science and Technology, Middlesex University London, London, U.K","institution_ids":["https://openalex.org/I60488453"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5076944135"],"corresponding_institution_ids":["https://openalex.org/I1118541"],"apc_list":null,"apc_paid":null,"fwci":17.4904,"has_fulltext":true,"cited_by_count":136,"citation_normalized_percentile":{"value":0.99398799,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"17","issue":null,"first_page":"2339","last_page":"2349"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9980999827384949,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8821648359298706},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7053109407424927},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5428412556648254},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5282151699066162},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.4871525466442108},{"id":"https://openalex.org/keywords/random-forest","display_name":"Random forest","score":0.47836631536483765},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4690794348716736},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.4494858682155609},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.4344017803668976},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.4318380355834961},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.42379915714263916},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.41196519136428833},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3966819643974304},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3272039592266083},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3020455837249756},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.19809827208518982}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8821648359298706},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7053109407424927},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5428412556648254},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5282151699066162},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.4871525466442108},{"id":"https://openalex.org/C169258074","wikidata":"https://www.wikidata.org/wiki/Q245748","display_name":"Random forest","level":2,"score":0.47836631536483765},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4690794348716736},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.4494858682155609},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.4344017803668976},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.4318380355834961},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.42379915714263916},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.41196519136428833},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3966819643974304},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3272039592266083},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3020455837249756},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.19809827208518982},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/tifs.2022.3183390","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3183390","pdf_url":"https://ieeexplore.ieee.org/ielx7/10206/4358835/09796558.pdf","source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},{"id":"pmh:oai:bura.brunel.ac.uk:2438/27256","is_oa":true,"landing_page_url":"https://bura.brunel.ac.uk/handle/2438/27256","pdf_url":"http://bura.brunel.ac.uk/bitstream/2438/27256/3/FullText.pdf","source":{"id":"https://openalex.org/S4306401473","display_name":"Brunel University Research Archive (BURA) (Brunel University London)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I59433898","host_organization_name":"Brunel University of London","host_organization_lineage":["https://openalex.org/I59433898"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Article"},{"id":"pmh:oai:ray.yorksj.ac.uk:6523","is_oa":true,"landing_page_url":"https://orcid.org/0000-0003-0437-0570","pdf_url":"https://ray.yorksj.ac.uk/id/eprint/6523/1/paper_acceptance%20email.pdf","source":{"id":"https://openalex.org/S4306400356","display_name":"Research at York St John (York St John University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I124246371","host_organization_name":"York St John University","host_organization_lineage":["https://openalex.org/I124246371"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"},{"id":"pmh:oai:ueaeprints.uea.ac.uk:85477","is_oa":true,"landing_page_url":null,"pdf_url":"https://ueaeprints.uea.ac.uk/id/eprint/85477/1/T_IFS_13877_2021.R2_Proof_hi.pdf","source":{"id":"https://openalex.org/S4306400384","display_name":"UEA Digital Repository (University of East Anglia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I1118541","host_organization_name":"University of East Anglia","host_organization_lineage":["https://openalex.org/I1118541"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"PeerReviewed"}],"best_oa_location":{"id":"doi:10.1109/tifs.2022.3183390","is_oa":true,"landing_page_url":"https://doi.org/10.1109/tifs.2022.3183390","pdf_url":"https://ieeexplore.ieee.org/ielx7/10206/4358835/09796558.pdf","source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4285184946.pdf","grobid_xml":"https://content.openalex.org/works/W4285184946.grobid-xml"},"referenced_works_count":19,"referenced_works":["https://openalex.org/W1565315670","https://openalex.org/W1570448133","https://openalex.org/W1982870529","https://openalex.org/W2036286049","https://openalex.org/W2799462250","https://openalex.org/W2911964244","https://openalex.org/W2913504480","https://openalex.org/W2939745396","https://openalex.org/W2945790622","https://openalex.org/W2955801758","https://openalex.org/W3010897133","https://openalex.org/W3080354144","https://openalex.org/W3080730509","https://openalex.org/W3105087971","https://openalex.org/W3185198511","https://openalex.org/W3199534252","https://openalex.org/W3201107561","https://openalex.org/W4214809279","https://openalex.org/W6737947904"],"related_works":["https://openalex.org/W2061466315","https://openalex.org/W2376886931","https://openalex.org/W1992118813","https://openalex.org/W2010561419","https://openalex.org/W2374845301","https://openalex.org/W2351448539","https://openalex.org/W1977863481","https://openalex.org/W2384741105","https://openalex.org/W1495178644","https://openalex.org/W2185594426"],"abstract_inverted_index":{"Over":[0],"the":[1,33,100,114,138,151,165],"past":[2],"few":[3],"years,":[4],"Domain":[5],"Name":[6],"Service":[7],"(DNS)":[8],"remained":[9],"a":[10,53,78,92],"prime":[11],"target":[12],"for":[13,30,42,105,137],"hackers":[14],"as":[15,46],"it":[16,50],"enables":[17],"them":[18],"to":[19,28,110,158],"gain":[20,26],"first":[21],"entry":[22],"into":[23],"networks":[24],"and":[25,48,69,112,122,133,161],"access":[27],"data":[29],"exfiltration.":[31],"Although":[32],"DNS":[34,115],"over":[35,116],"HTTPS":[36,117],"(DoH)":[37],"protocol":[38],"has":[39],"desirable":[40],"properties":[41],"internet":[43],"users":[44],"such":[45],"privacy":[47],"security,":[49],"also":[51],"causes":[52],"problem":[54],"in":[55,76,81,155],"that":[56],"network":[57,64],"administrators":[58],"are":[59],"prevented":[60],"from":[61,164],"detecting":[62],"suspicious":[63],"traffic":[65],"generated":[66],"by":[67],"malware":[68],"malicious":[70],"tools.":[71],"To":[72],"support":[73],"their":[74],"efforts":[75],"maintaining":[77],"secure":[79],"network,":[80],"this":[82],"paper,":[83],"we":[84,147],"have":[85,98,148],"implemented":[86],"an":[87,107,156],"explainable":[88,144,162],"AI":[89,145],"solution":[90,109],"using":[91],"novel":[93],"machine":[94],"learning":[95],"framework.":[96],"We":[97],"used":[99],"publicly":[101],"available":[102],"CIRA-CIC-DoHBrw-2020":[103],"dataset":[104],"developing":[106],"accurate":[108],"detect":[111],"classify":[113],"attacks.":[118],"Our":[119],"proposed":[120],"balanced":[121],"stacked":[123],"Random":[124],"Forest":[125],"achieved":[126],"very":[127],"high":[128],"precision":[129],"(99.91%),":[130],"recall":[131],"(99.92%)":[132],"F1":[134],"score":[135],"(99.91%)":[136],"classification":[139],"task":[140],"at":[141],"hand.":[142],"Using":[143],"methods,":[146],"additionally":[149],"highlighted":[150],"underlying":[152],"feature":[153],"contributions":[154],"attempt":[157],"provide":[159],"transparent":[160],"results":[163],"model.":[166]},"counts_by_year":[{"year":2026,"cited_by_count":10},{"year":2025,"cited_by_count":40},{"year":2024,"cited_by_count":50},{"year":2023,"cited_by_count":28},{"year":2022,"cited_by_count":8}],"updated_date":"2026-04-14T08:04:32.555800","created_date":"2025-10-10T00:00:00"}