Open Access

ARTICLE

Real-Time Identification Technology for Encrypted DNS Traffic with Privacy Protection

Zhipeng Qin^1,2,*, Hanbing Yan³, Biyang Zhang², Peng Wang², Yitao Li³

1 School of Computer Science and Engineering, Beihang University, Beijing, 100191, China
2 National Computer Network Emergency Response Technical Team/Coordination Center of China Shanxi Branch, Taiyuan, 030001, China
3 National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing, 100029, China

* Corresponding Author: Zhipeng Qin. Email:

Computers, Materials & Continua 2025, 83(3), 5811-5829. https://doi.org/10.32604/cmc.2025.063308

Received 10 January 2025; Accepted 19 March 2025; Issue published 19 May 2025

Abstract

With the widespread adoption of encrypted Domain Name System (DNS) technologies such as DNS over Hyper Text Transfer Protocol Secure (HTTPS), traditional port and protocol-based traffic analysis methods have become ineffective. Although encrypted DNS enhances user privacy protection, it also provides concealed communication channels for malicious software, compelling detection technologies to shift towards statistical feature-based and machine learning approaches. However, these methods still face challenges in real-time performance and privacy protection. This paper proposes a real-time identification technology for encrypted DNS traffic with privacy protection. Firstly, a hierarchical architecture of cloud-edge-end collaboration is designed, incorporating task offloading strategies to balance privacy protection and identification efficiency. Secondly, a privacy-preserving federated learning mechanism based on Federated Robust Aggregation (FedRA) is proposed, utilizing Medoid aggregation and differential privacy techniques to ensure data privacy and enhance identification accuracy. Finally, an edge offloading strategy based on a dynamic priority scheduling algorithm (DPSA) is designed to alleviate terminal burden and reduce latency. Simulation results demonstrate that the proposed technology significantly improves the accuracy and real-time performance of encrypted DNS traffic identification while protecting privacy, making it suitable for various network environments.

---

Keywords

---