This study looks at the security issues with DNS over HTTPS (DoH), which hides DNS traffic for better privacy but also allows hackers to hide their activities. Introduction: DDoS attacks harm networks by flooding servers with too much traffic, while regular DNS can be easily intercepted. Objectives: The research wants to build a better system to detect attacks in encrypted DNS by using fewer but more important data features, creating a combined optimization method, and testing how well it identifies attacks. Methods: Using real-world encrypted DNS traffic data, the study combines two search methods (Particle Swarm and Grey Wolf) to find the best features for machine learning models. Results: The combined search method worked better than either method alone in tests, and for attack detection, Random Forest achieved about 95% accuracy, while Naive Bayes improved greatly from 66% to 77% when enhanced with the new technique. Conclusions: The combined approach helps find better features for detecting attacks, especially improving weaker detection methods when looking for threats in encrypted DNS traffic.