{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T06:48:58Z","timestamp":1726037338392},"publisher-location":"Cham","reference-count":34,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030249069"},{"type":"electronic","value":"9783030249076"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-24907-6_37","type":"book-chapter","created":{"date-parts":[[2019,7,10]],"date-time":"2019-07-10T19:02:46Z","timestamp":1562785366000},"page":"490-504","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Approximate String Matching for DNS Anomaly Detection"],"prefix":"10.1007","author":[{"given":"Roni","family":"Mateless","sequence":"first","affiliation":[]},{"given":"Michael","family":"Segal","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,7,11]]},"reference":[{"key":"37_CR1","unstructured":"Security and Stability Advisory Committee (SSAC). SSAC advisory on fast flux hosting and DNS (2008)"},{"key":"37_CR2","doi-asserted-by":"crossref","unstructured":"Nazario, J., Holz, T.: As the net churns: fast-flux botnet observations. In: International Conference on in Malicious and Unwanted Software, pp. 24\u201331 (2008)","DOI":"10.1109\/MALWARE.2008.4690854"},{"key":"37_CR3","doi-asserted-by":"crossref","unstructured":"Villamarn-Salomn, R., Brustoloni, J.C.: Identifying botnets using anomaly detection techniques applied to DNS traffic. In: Consumer Communications and Networking Conference, pp. 476\u2013481 (2008)","DOI":"10.1109\/ccnc08.2007.112"},{"key":"37_CR4","doi-asserted-by":"crossref","unstructured":"Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: IEEE International Conference on Computer and Information Technology, pp. 715\u2013720 (2007)","DOI":"10.1109\/CIT.2007.90"},{"key":"37_CR5","unstructured":"Born, K., Gustafson, D.: Detecting DNS tunnels using character frequency analysis, CoRR, abs\/1004.4358 (2010)"},{"key":"37_CR6","unstructured":"Karasaridis, A.: Detection of DNS Traffic Anomalies, AT&T report (2012)"},{"key":"37_CR7","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-3-642-17313-4_30","volume-title":"Advanced Data Mining and Applications","author":"X Yuchi","year":"2010","unstructured":"Yuchi, X., Wang, X., Lee, X., Yan, B.: A new statistical approach to DNS traffic anomaly detection. In: Cao, L., Zhong, J., Feng, Y. (eds.) ADMA 2010. LNCS (LNAI), vol. 6441, pp. 302\u2013313. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17313-4_30"},{"key":"37_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"215","DOI":"10.1007\/978-3-319-13488-8_20","volume-title":"Advances in Communication Networking","author":"M \u010cerm\u00e1k","year":"2014","unstructured":"\u010cerm\u00e1k, M., \u010celeda, P., Vykopal, J.: Detection of DNS traffic anomalies in large networks. In: Kermarrec, Y. (ed.) EUNICE 2014. LNCS, vol. 8846, pp. 215\u2013226. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-13488-8_20"},{"key":"37_CR9","doi-asserted-by":"crossref","unstructured":"Yarochkin, F., Kropotov, V., Huang, Y., Ni, G.-K., Kuo, S.-Y., Chen, I.-Y.: Investigating DNS traffic anomalies for malicious activities. In: DSN Workshops, pp. 1\u20137 (2013)","DOI":"10.1109\/DSNW.2013.6615506"},{"key":"37_CR10","unstructured":"Krmcek, V.: Inspecting DNS Flow Traffic for Purposes of Botnet Detection, manuscript (2011)"},{"issue":"4","key":"37_CR11","first-page":"85","volume":"5","author":"P Satam","year":"2015","unstructured":"Satam, P., Alipour, H., Al-Nashif, Y., Hariri, S.: Anomaly behavior analysis of DNS protocol. J. Internet Serv. Inf. Secur. 5(4), 85\u201397 (2015)","journal-title":"J. Internet Serv. Inf. Secur."},{"key":"37_CR12","doi-asserted-by":"crossref","unstructured":"Yamada, A., Miyake, Y., Terabe, M., Hashimoto, K., Kato, N.: Anomaly detection for DNS servers using frequent host selection. In: AINA, pp. 853\u2013860 (2009)","DOI":"10.1109\/AINA.2009.93"},{"key":"37_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"351","DOI":"10.1007\/11942634_37","volume-title":"Frontiers of High Performance Computing and Networking \u2013 ISPA 2006 Workshops","author":"Y Wang","year":"2006","unstructured":"Wang, Y., Hu, M.-z., Li, B., Yan, B.-r.: Tracking anomalous behaviors of name servers by mining DNS traffic. In: Min, G., Di Martino, B., Yang, Laurence T., Guo, M., R\u00fcnger, G. (eds.) ISPA 2006. LNCS, vol. 4331, pp. 351\u2013357. Springer, Heidelberg (2006). https:\/\/doi.org\/10.1007\/11942634_37"},{"key":"37_CR14","doi-asserted-by":"crossref","unstructured":"Karasaridis, A., Meier-Hellstern, K., Hoeflin, D.: Nis04-2: detection of DNS anomalies using flow data analysis. In: GLOBECOM, pp. 1\u20136 (2006)","DOI":"10.1109\/GLOCOM.2006.280"},{"key":"37_CR15","doi-asserted-by":"crossref","unstructured":"Gu, Y., McCallum, A., Towsley, D.: Detecting anomalies in network traffic using maximum entropy estimation. In: Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement (2005)","DOI":"10.1145\/1330107.1330148"},{"key":"37_CR16","doi-asserted-by":"publisher","first-page":"2367","DOI":"10.3390\/e17042367","volume":"17","author":"P Berezinski","year":"2015","unstructured":"Berezinski, P., Jasiul, B., Szpyrka, M.: An entropy-based network anomaly detection method. Entropy 17, 2367\u20132408 (2015)","journal-title":"Entropy"},{"key":"37_CR17","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1109\/TSMC.2016.2600405","volume":"48","author":"A AlEroud","year":"2017","unstructured":"AlEroud, A., Karabatis, G.: Queryable semantics to detect cyber-attacks:a flow-based detection approach. IEEE Trans. Syst. Man Cybern. Syst. 48, 207\u2013223 (2017)","journal-title":"IEEE Trans. Syst. Man Cybern. Syst."},{"issue":"4","key":"37_CR18","doi-asserted-by":"publisher","first-page":"217","DOI":"10.1145\/1090191.1080118","volume":"35","author":"A Lakhina","year":"2005","unstructured":"Lakhina, A., Crovella, M., Diot, C.: Mining anomalies using traffic feature distributions. SIGCOMM Comput. Commun. Rev. 35(4), 217\u2013228 (2005)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"key":"37_CR19","doi-asserted-by":"publisher","first-page":"423","DOI":"10.1016\/j.jare.2014.01.001","volume":"5","author":"J Raghuram","year":"2014","unstructured":"Raghuram, J., Miller, D.J., Kesidis, G.: Unsupervised, low latency anomaly detection of algorithmically generated domain names by generative probabilistic modeling. J. Adv. Res. 5, 423\u2013433 (2014)","journal-title":"J. Adv. Res."},{"key":"37_CR20","doi-asserted-by":"crossref","unstructured":"Kirchler, M., Herrmann, D., Lindemann, J., Kloft, M.: Tracked without a trace: linking sessions of users by unsupervised learning of patterns in their DNS traffic. In: AISec@CCS, pp. 23\u201334 (2016)","DOI":"10.1145\/2996758.2996770"},{"key":"37_CR21","doi-asserted-by":"crossref","unstructured":"Erman, J., Arlitt, M., Mahanti, A.: Traffic classification using clustering algorithms. In: MineNet 2006, pp. 281\u2013286 (2006)","DOI":"10.1145\/1162678.1162679"},{"key":"37_CR22","series-title":"Advances in Soft Computing","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-540-88181-0_24","volume-title":"Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS 2008","author":"N Chatzis","year":"2009","unstructured":"Chatzis, N., Popescu-Zeletin, R.: Flow level data mining of DNS query streams for email worm detection. In: Corchado, E., Zunino, R., Gastaldo, P., Herrero, \u00c1. (eds.) Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS 2008. Advances in Soft Computing, vol. 53, pp. 186\u2013194. Springer, Heidelberg (2009). https:\/\/doi.org\/10.1007\/978-3-540-88181-0_24"},{"key":"37_CR23","unstructured":"Moustafa, N., Slay, J.: Creating novel features to anomaly network detection using DARPA-2009 data set. In: Proceedings of the 14th European Conference on Cyber Warfare and Security 2015: ECCWS (2015)"},{"key":"37_CR24","unstructured":"M\u00fcnz, G.: Traffic anomaly detection and cause identification using flow-level measurements. Technical University Munich 2010, pp. 1\u2013228 (2010). ISBN 3-937201-12-2"},{"key":"37_CR25","unstructured":"Hong, L.V.: DNS Traffic Analysis for Network-based Malware Detection. Technical University of Denmark, Informatics and Mathematical Modelling (2012)"},{"key":"37_CR26","volume-title":"Network Service Anomaly Detection","author":"I Nikolaev","year":"2014","unstructured":"Nikolaev, I.: Network Service Anomaly Detection. Czech Technical University, Prague (2014)"},{"key":"37_CR27","unstructured":"Greis, R., Reis, T., Nguyen, C.: Comparing prediction methods in anomaly detection: an industrial evaluation. In: MILETS (2018)"},{"key":"37_CR28","doi-asserted-by":"crossref","unstructured":"Freedman, D.A.: Statistical Models: Theory and Practice. Cambridge University Press, Cambridge (2009)","DOI":"10.1017\/CBO9780511815867"},{"issue":"1","key":"37_CR29","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1111\/j.2517-6161.1996.tb02080.x","volume":"58","author":"R Tibshirani","year":"1996","unstructured":"Tibshirani, R.: Regression shrinkage and selection via the lasso. J. Roy. Stat. Soc.: Ser. B (Methodol.) 58(1), 267\u2013288 (1996)","journal-title":"J. Roy. Stat. Soc.: Ser. B (Methodol.)"},{"key":"37_CR30","unstructured":"Ho, T.K.: Random decision forests. In: Proceedings of the 3rd International Conference on Document Analysis and Recognition, pp. 278\u2013282 (1995)"},{"issue":"3","key":"37_CR31","doi-asserted-by":"crossref","first-page":"175","DOI":"10.1080\/00031305.1992.10475879","volume":"46","author":"NS Altman","year":"1992","unstructured":"Altman, N.S.: An introduction to kernel and nearest-neighbor nonparametric regression. Am. Statist. 46(3), 175\u2013185 (1992)","journal-title":"Am. Statist."},{"issue":"2","key":"37_CR32","doi-asserted-by":"publisher","first-page":"323","DOI":"10.1137\/0206024","volume":"6","author":"DE Knuth","year":"1977","unstructured":"Knuth, D.E., Morris Jr., J.H., Pratt, V.R.: Fast pattern matching in strings. SIAM J. Comput. 6(2), 323\u2013350 (1977)","journal-title":"SIAM J. Comput."},{"key":"37_CR33","unstructured":"Hirani, M., Jones, S., Read, B.: Global DNS Hijacking Campaign: DNS Record Manipulation at Scale. https:\/\/www.fireeye.com\/blog\/threat-research\/2019\/01\/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html . Accessed 9 Jan 2019"},{"key":"37_CR34","unstructured":"https:\/\/www.icann.org\/news\/announcement-2019-02-22-en"}],"container-title":["Lecture Notes in Computer Science","Security, Privacy, and Anonymity in Computation, Communication, and Storage"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-24907-6_37","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T21:16:47Z","timestamp":1721510207000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-24907-6_37"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030249069","9783030249076"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-24907-6_37","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"11 July 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"SpaCCS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Atlanta, GA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2019","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 July 2019","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17 July 2019","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"12","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"spaccs2019","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/cse.stfx.ca\/~cybermatics\/2019\/spaccs\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}