EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

XTS: A Hybrid Framework to Detect DNS-Over-HTTPS Tunnels Based on XGBoost and Cooperative Game Theory

Mungwarakarama Irénée (), Yichuan Wang (), Xinhong Hei (), Xin Song, Jean Claude Turiho and Enan Muhire Nyesheja
Additional contact information
Mungwarakarama Irénée: School of Computer Science and Engineering, Xi’an University, Xi’an 710071, China
Yichuan Wang: School of Computer Science and Engineering, Xi’an University, Xi’an 710071, China
Xinhong Hei: School of Computer Science and Engineering, Xi’an University, Xi’an 710071, China
Xin Song: School of Computer Science and Engineering, Xi’an University, Xi’an 710071, China
Jean Claude Turiho: Computing and Information Science, University of Lay Adventists of Kigali, Kigali 6392, Rwanda
Enan Muhire Nyesheja: Computing and Information Science, University of Lay Adventists of Kigali, Kigali 6392, Rwanda

Mathematics, 2023, vol. 11, issue 10, 1-29

Abstract: This paper proposes a hybrid approach called XTS that uses a combination of techniques to analyze highly imbalanced data with minimum features. XTS combines cost-sensitive XGBoost, a game theory-based model explainer called TreeSHAP, and a newly developed algorithm known as Sequential Forward Evaluation algorithm (SFE). The general aim of XTS is to reduce the number of features required to learn a particular dataset. It assumes that low-dimensional representation of data can improve computational efficiency and model interpretability whilst retaining a strong prediction performance. The efficiency of XTS was tested on a public dataset, and the results showed that by reducing the number of features from 33 to less than five, the proposed model achieved over 99.9% prediction efficiency. XTS was also found to outperform other benchmarked models and existing proof-of-concept solutions in the literature. The dataset contained data related to DNS-over-HTTPS (DoH) tunnels. The top predictors for DoH classification and characterization were identified using interactive SHAP plots, which included destination IP, packet length mode, and source IP. XTS offered a promising approach to improve the efficiency of the detection and analysis of DoH tunnels while maintaining accuracy, which can have important implications for behavioral network intrusion detection systems.

Keywords: DNS tunneling; DoH-based C2 covert channels; XGBoost; cooperative game theory; SHAP values; feature importance analysis; dimensionality reduction; imbalanced data; XAI (search for similar items in EconPapers)
JEL-codes: C (search for similar items in EconPapers)
Date: 2023
References: View complete reference list from CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2227-7390/11/10/2372/pdf (application/pdf)
https://www.mdpi.com/2227-7390/11/10/2372/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jmathe:v:11:y:2023:i:10:p:2372-:d:1151338

Access Statistics for this article

Mathematics is currently edited by Ms. Emma He

More articles in Mathematics from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:gam:jmathe:v:11:y:2023:i:10:p:2372-:d:1151338