DOH TUNNELING TRAFFIC DETECTION BASED ON OPTIMIZED SUPPORT VECTOR MACHINE

To effectively deal with the threat brought by DoH (DNS-over-HTTPS) tunneling, a detection model based on the improved slime mold algorithm optimizing support vector machine is proposed. The concept of feature propensity was proposed using mutual information and the Pearson correlation coefficient. An embedded adaptive feature selection method was constructed in combination with the support vector machine. It selected the optimal feature subset according to the screening target formulated on the characteristics of the original dataset. Refraction reverse learning, differential mutation, and elite Gaussian perturbation strategies were used to solve the problem of slow convergence speed of the slime mold algorithm and easy to fall into local optimum. Different benchmark functions were used to verify the effectiveness of the improved slime mold algorithm. The results of two sets of comparative experiments show that the proposed method can more effectively improve the detection rate of DoH tunneling traffic by support vector machine and significantly reduce the false positive rate.