{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T00:57:10Z","timestamp":1740099430688,"version":"3.37.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030249069"},{"type":"electronic","value":"9783030249076"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-24907-6_33","type":"book-chapter","created":{"date-parts":[[2019,7,10]],"date-time":"2019-07-10T15:02:46Z","timestamp":1562770966000},"page":"441-455","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Detection of Application-Layer Tunnels with Rules and Machine Learning"],"prefix":"10.1007","author":[{"given":"Huaqing","family":"Lin","sequence":"first","affiliation":[]},{"given":"Gao","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9697-2108","authenticated-orcid":false,"given":"Zheng","family":"Yan","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,7,11]]},"reference":[{"key":"33_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"280","DOI":"10.1007\/978-3-319-67380-6_26","volume-title":"Internet of Things, Smart Spaces, and Next Generation Networks and Systems","author":"V Nuojua","year":"2017","unstructured":"Nuojua, V., David, G., H\u00e4m\u00e4l\u00e4inen, T.: DNS tunneling detection techniques \u2013 classification, and theoretical comparison in case of a real APT campaign. In: Galinina, O., Andreev, S., Balandin, S., Koucheryavy, Y. (eds.) NEW2AN\/ruSMART\/NsCC 2017. LNCS, vol. 10531, pp. 280\u2013291. Springer, Cham (2017). \n                    https:\/\/doi.org\/10.1007\/978-3-319-67380-6_26"},{"key":"33_CR2","doi-asserted-by":"crossref","unstructured":"Borders, K., Prakash, A.: Web tap: detecting covert web traffic. In: Proceedings of the 11th ACM Conference on Computer and Communications Security, pp. 110\u2013120. ACM, New York (2004)","DOI":"10.1145\/1030083.1030100"},{"key":"33_CR3","doi-asserted-by":"crossref","unstructured":"Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Detecting http tunnels with statistical mechanisms. In: 2007 IEEE International Conference on Communications, Glasgow, pp. 6162\u20136168. IEEE (2007)","DOI":"10.1109\/ICC.2007.1020"},{"issue":"1","key":"33_CR4","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1016\/j.comnet.2008.09.010","volume":"53","author":"M Dusi","year":"2009","unstructured":"Dusi, M., Crotti, M., Gringoli, F., Salgarelli, L.: Tunnel hunter: detecting application-layer tunnels with statistical fingerprinting. Comput. Netw. 53(1), 81\u201397 (2009)","journal-title":"Comput. Netw."},{"key":"33_CR5","series-title":"Lecture Notes in Electrical Engineering","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-981-10-4154-9_26","volume-title":"Information Science and Applications 2017","author":"VT Do","year":"2017","unstructured":"Do, V.T., Engelstad, P., Feng, B., van Do, T.: Detection of DNS tunneling in mobile networks using machine learning. In: Kim, K., Joukov, N. (eds.) ICISA 2017. LNEE, vol. 424, pp. 221\u2013230. Springer, Singapore (2017). \n                    https:\/\/doi.org\/10.1007\/978-981-10-4154-9_26"},{"key":"33_CR6","doi-asserted-by":"crossref","unstructured":"Almusawi, A., Amintoosi, H.: DNS Tunneling detection method based on multilabel support vector machine. In: Security and Communication Networks 2018 (2018)","DOI":"10.1155\/2018\/6137098"},{"key":"33_CR7","doi-asserted-by":"publisher","first-page":"852","DOI":"10.1016\/j.procs.2013.05.109","volume":"17","author":"C Qi","year":"2013","unstructured":"Qi, C., Chen, X., Xu, C., Shi, J., Liu, P.: A bigram based real time DNS tunnel detection approach. Procedia Comput. Sci. 17, 852\u2013860 (2013)","journal-title":"Procedia Comput. Sci."},{"issue":"14","key":"33_CR8","doi-asserted-by":"publisher","first-page":"1987","DOI":"10.1002\/dac.2836","volume":"28","author":"M Aiello","year":"2015","unstructured":"Aiello, M., Mongelli, M., Papaleo, G.: DNS tunneling detection through statistical fingerprints of protocol messages and machine learning. Int. J. Commun. Syst. 28(14), 1987\u20132002 (2015)","journal-title":"Int. J. Commun. Syst."},{"key":"33_CR9","doi-asserted-by":"crossref","unstructured":"Liu, J., Li, S., Zhang, Y., Xiao, J., Chang, P., Peng, C.: Detecting DNS tunnel through binary-classification based on behavior features. In: IEEE Trustcom\/BigDataSE\/ICESS, Sydney, pp. 339\u2013346. IEEE (2017)","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.256"},{"key":"33_CR10","doi-asserted-by":"crossref","unstructured":"Ding, Y.J., Cai, W.D.: A method for HTTP-tunnel detection based on statistical features of traffic. In: 2011 IEEE 3rd International Conference on Communication Software and Networks, Xi\u2019an, pp. 247\u2013250. IEEE (2011)","DOI":"10.1109\/ICCSN.2011.6013585"},{"key":"33_CR11","doi-asserted-by":"crossref","unstructured":"Piraisoody, G., Huang, C., Nandy, B., Seddigh, N.: Classification of applications in HTTP tunnels. In: 2013 IEEE 2nd International Conference on Cloud Networking (CloudNet), San Francisco, pp. 67\u201374. IEEE (2013)","DOI":"10.1109\/CloudNet.2013.6710559"},{"issue":"1","key":"33_CR12","first-page":"63","volume":"20","author":"S Li","year":"2014","unstructured":"Li, S., Yun, X., Zhang, Y.: Anomaly-based model for detecting HTTP-tunnel traffic using network behavior analysis. High Technol. Lett. 20(1), 63\u201369 (2014)","journal-title":"High Technol. Lett."},{"key":"33_CR13","doi-asserted-by":"crossref","unstructured":"Mujtaba, G., Parish, D.J.: Detection of applications within encrypted tunnels using packet size distributions. In: 2009 International Conference for Internet Technology and Secured Transactions (ICITST), London, pp. 1\u20136. IEEE (2009)","DOI":"10.1109\/ICITST.2009.5402624"},{"key":"33_CR14","series-title":"Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","doi-asserted-by":"publisher","first-page":"234","DOI":"10.1007\/978-3-319-04283-1_15","volume-title":"Security and Privacy in Communication Networks","author":"F Wang","year":"2013","unstructured":"Wang, F., Huang, L., Chen, Z., Miao, H., Yang, W.: A novel web tunnel detection method based on protocol behaviors. In: Zia, T., Zomaya, A., Varadharajan, V., Mao, M. (eds.) SecureComm 2013. LNICST, vol. 127, pp. 234\u2013251. Springer, Cham (2013). \n                    https:\/\/doi.org\/10.1007\/978-3-319-04283-1_15"},{"issue":"1","key":"33_CR15","first-page":"37","volume":"2011","author":"F Allard","year":"2011","unstructured":"Allard, F., Dubois, R., Gompel, P., Morel, M.: Tunneling activities detection using machine learning techniques. J. Telecommun. Inf. Technol. 2011(1), 37\u201342 (2011)","journal-title":"J. Telecommun. Inf. Technol."},{"issue":"2","key":"33_CR16","doi-asserted-by":"publisher","first-page":"1153","DOI":"10.1109\/COMST.2015.2494502","volume":"18","author":"AL Buczak","year":"2016","unstructured":"Buczak, A.L., Guven, E.: A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Commun. Surv. Tutor. 18(2), 1153\u20131176 (2016)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"1","key":"33_CR17","doi-asserted-by":"publisher","first-page":"686","DOI":"10.1109\/COMST.2018.2847722","volume":"21","author":"P Mishra","year":"2018","unstructured":"Mishra, P., Varadharajan, V., Tupakula, U., Pilli, E.S.: A detailed investigation and analysis of using machine learning techniques for intrusion detection. IEEE Commun. Surv. Tutor. 21(1), 686\u2013728 (2018)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"33_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2016.10.001","volume":"64","author":"TS Wang","year":"2017","unstructured":"Wang, T.S., Lin, H.T., Cheng, W.T., Chen, C.Y.: DBod: Clustering and detecting DGA-based botnets using DNS traffic analysis. Comput. Secur. 64, 1\u201315 (2017)","journal-title":"Comput. Secur."},{"key":"33_CR19","doi-asserted-by":"crossref","unstructured":"Khehra, G., Sofat, S.: BotScoop: scalable detection of DGA based botnets using DNS traffic. In: 2018 9th International Conference on Computing, Communication and Networking Technologies (ICCCNT), Bangalore, pp. 1\u20136. IEEE (2018)","DOI":"10.1109\/ICCCNT.2018.8493722"},{"key":"33_CR20","unstructured":"Alexa Top 1 Million Sites. \n                    http:\/\/www.alexa.com\/topsites\n                    \n                  . Accessed 20 Jan 2019"},{"key":"33_CR21","unstructured":"360 Netlab Open Data DGA. \n                    https:\/\/data.netlab.360.com\/dga\/\n                    \n                  . Accessed 20 Jan 2019"},{"issue":"1","key":"33_CR22","doi-asserted-by":"publisher","first-page":"586","DOI":"10.1109\/COMST.2018.2863942","volume":"21","author":"X Jing","year":"2019","unstructured":"Jing, X., Yan, Z., Pedrycz, W.: Security data collection and data analytics in the Internet: a survey. IEEE Commun. Surv. Tutor. 21(1), 586\u2013618 (2019)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"33_CR23","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.jnca.2018.11.002","volume":"126","author":"H Lin","year":"2019","unstructured":"Lin, H., Yan, Z., Fu, Y.: Adaptive security-related data collection with context awareness. J. Netw. Comput. Appl. 126, 88\u2013103 (2019)","journal-title":"J. Netw. Comput. Appl."}],"container-title":["Lecture Notes in Computer Science","Security, Privacy, and Anonymity in Computation, Communication, and Storage"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-24907-6_33","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,10]],"date-time":"2019-07-10T15:07:55Z","timestamp":1562771275000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-24907-6_33"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030249069","9783030249076"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-24907-6_33","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"11 July 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SpaCCS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Atlanta, GA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 July 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spaccs2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/cse.stfx.ca\/~cybermatics\/2019\/spaccs\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}