Paper Title
Explainable AI Driven Intrusion Detection For DNS Over Https Attacks

Abstract
The Domain Name Service (DNS) has been a frequent target for hackers due to its critical role in network access. Traditional DNS queries, which were transmitted in plaintext, allowed application firewalls and intrusion detection systems to analyze and secure traffic. To enhance user privacy, DNS over HTTPS (DoH) was introduced, encrypting DNS queries as HTTPS traffic. While this improves privacy, it complicates traditional traffic analysis methods used to detect malicious activities. This study examines encrypted traffic analysis for accurately identifying DoH-based attacks using the CIRA-CIC-DoBre-2020 dataset. It employs balanced and stacked Random Forest classifiers, LSTM, and Bi-LSTM models for detection and classification. To enhance model transparency, the SHAP framework is used to analyze feature contributions in predictions. Keywords - Security attacks, Deep learning, DNS-over-HTTPS (DoH), Explainable AI (XAI), SHAP algorithm, Intrusion Detection System (IDS).