{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,18]],"date-time":"2026-04-18T16:39:32Z","timestamp":1776530372575,"version":"3.51.2"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783030913557","type":"print"},{"value":"9783030913564","type":"electronic"}],"license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021]]},"DOI":"10.1007\/978-3-030-91356-4_13","type":"book-chapter","created":{"date-parts":[[2021,11,26]],"date-time":"2021-11-26T06:01:25Z","timestamp":1637906485000},"page":"238-256","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Identifying Malicious DNS Tunnel Tools from DoH Traffic Using Hierarchical Machine Learning Classification"],"prefix":"10.1007","author":[{"given":"Rikima","family":"Mitsuhashi","sequence":"first","affiliation":[]},{"given":"Akihiro","family":"Satoh","sequence":"additional","affiliation":[]},{"given":"Yong","family":"Jin","sequence":"additional","affiliation":[]},{"given":"Katsuyoshi","family":"Iida","sequence":"additional","affiliation":[]},{"given":"Takahiro","family":"Shinagawa","sequence":"additional","affiliation":[]},{"given":"Yoshiaki","family":"Takai","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2021,11,27]]},"reference":[{"key":"13_CR1","unstructured":"Amazon Alexa Voice AI. https:\/\/developer.amazon.com\/en-US\/alexa\/. Accessed 17 July 2021"},{"key":"13_CR2","unstructured":"CatBoost Documentation - Parameters. https:\/\/catboost.ai\/docs\/concepts\/python-reference_parameters-list.html. Accessed 16 June 2021"},{"key":"13_CR3","unstructured":"CIRA-CIC-DoHBrw-2020. https:\/\/www.unb.ca\/cic\/datasets\/dohbrw-2020.html. Accessed 15 June 2021"},{"key":"13_CR4","unstructured":"cloudflared. https:\/\/developers.cloudflare.com\/cloudflare-one\/connections\/connect-apps. Accessed 10 July 2021"},{"key":"13_CR5","unstructured":"DNS Queries over HTTPS (DoH) - Request For Comments 8484. https:\/\/tools.ietf.org\/html\/rfc8484. Accessed 15 June 2021"},{"key":"13_CR6","unstructured":"dns2tcp. https:\/\/github.com\/alex-sector\/dns2tcp. Accessed 3 July 2021"},{"key":"13_CR7","unstructured":"dnscat2. https:\/\/github.com\/iagox86\/dnscat2. Accessed 3 July 2021"},{"key":"13_CR8","unstructured":"dnscrypt-proxy. https:\/\/github.com\/DNSCrypt. Accessed 10 July 2021"},{"key":"13_CR9","unstructured":"doh-client. https:\/\/docs.rs\/crate\/doh-client\/1.1.5. Accessed 10 July 2021"},{"key":"13_CR10","unstructured":"doh-proxy. https:\/\/github.com\/facebookexperimental\/doh-proxy. Accessed 10 July 2021"},{"key":"13_CR11","unstructured":"First-ever malware strain spotted abusing new DoH (DNS over HTTPS) protocol. https:\/\/www.zdnet.com\/article\/first-ever-malware-strain-spotted-abusing-new-doh-dns-over-https-protocol\/. Accessed 10 July 2021"},{"key":"13_CR12","unstructured":"iodine. https:\/\/code.kryo.se\/iodine\/. Accessed 3 July 2021"},{"key":"13_CR13","unstructured":"Kaggle. https:\/\/www.kaggle.com\/. Accessed 16 June 2021"},{"key":"13_CR14","unstructured":"LightGBM Documentation - Parameters. https:\/\/lightgbm.readthedocs.io\/en\/latest\/Parameters.html. Accessed 16 June 2021"},{"key":"13_CR15","unstructured":"Windows Insiders can now test DNS over HTTPS. https:\/\/techcommunity.microsoft.com\/t5\/networking-blog\/windows-insiders-can-now-test-dns-over-https\/ba-p\/1381282. Accessed 10 July 2021"},{"key":"13_CR16","unstructured":"Windows Insiders gain new DNS over HTTPS controls. https:\/\/techcommunity.microsoft.com\/t5\/networking-blog\/windows-insiders-gain-new-dns-over-https-controls\/ba-p\/2494644. Accessed 10 July 2021"},{"key":"13_CR17","unstructured":"XGBoost Documentation - Xgboost Parameters. https:\/\/xgboost.readthedocs.io\/en\/latest\/parameter.html. Accessed 16 June 2021"},{"key":"13_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"360","DOI":"10.1007\/978-3-030-30215-3_18","volume-title":"Information Security","author":"A Acar","year":"2019","unstructured":"Acar, A., Lu, L., Uluagac, A.S., Kirda, E.: An analysis of malware trends in enterprise networks. In: Lin, Z., Papamanthou, C., Polychronakis, M. (eds.) ISC 2019. LNCS, vol. 11723, pp. 360\u2013380. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-30215-3_18"},{"issue":"2","key":"13_CR19","doi-asserted-by":"publisher","first-page":"445","DOI":"10.1109\/TNSM.2019.2899085","volume":"16","author":"G Aceto","year":"2019","unstructured":"Aceto, G., Ciuonzo, D., Montieri, A., Pescap\u00e9, A.: Mobile encrypted traffic classification using deep learning: experimental evaluation, lessons learned, and challenges. IEEE Trans. Netw. Serv. Manag. 16(2), 445\u2013458 (2019)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"13_CR20","doi-asserted-by":"crossref","unstructured":"Ajmera, S., Pattanshetti, T.: A survey report on identifying different machine learning algorithms in detecting domain generation algorithms within enterprise network. In: Proceedings of 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT), pp. 1\u20135 (2020)","DOI":"10.1109\/ICCCNT49239.2020.9225357"},{"key":"13_CR21","doi-asserted-by":"crossref","unstructured":"Buczak, A.L., Hanke, P.A., Cancro, G.J., Toma, M.K., Watkins, L.A., Chavis, J.S.: Detection of tunnels in PCAP data by random forests. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference (2016)","DOI":"10.1145\/2897795.2897804"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Chen, Y., Li, X.: A high accuracy DNS tunnel detection method without feature engineering. In: Proceedings of 2020 16th International Conference on Computational Intelligence and Security (CIS), pp. 374\u2013377 (2020)","DOI":"10.1109\/CIS52066.2020.00086"},{"key":"13_CR23","doi-asserted-by":"crossref","unstructured":"Chowdhary, A., Bhowmik, M., Rudra, B.: DNS tunneling detection using machine learning and cache miss properties. In: Proceedings of 2021 5th International Conference on Intelligent Computing and Control Systems (ICICCS), pp. 1225\u20131229 (2021)","DOI":"10.1109\/ICICCS51141.2021.9432279"},{"issue":"1","key":"13_CR24","doi-asserted-by":"publisher","first-page":"70","DOI":"10.1587\/transcom.2017ITP0009","volume":"E101","author":"H Ichise","year":"2018","unstructured":"Ichise, H., Jin, Y., Iida, K.: Analysis of DNS TXT record usage and consideration of botnet communication detection. IEICE Trans. Commun. E101(1), 70\u201379 (2018). https:\/\/doi.org\/10.1587\/transcom.2017ITP0009","journal-title":"IEICE Trans. Commun."},{"key":"13_CR25","doi-asserted-by":"publisher","first-page":"112","DOI":"10.2197\/ipsjjip.28.112","volume":"28","author":"H Ichise","year":"2020","unstructured":"Ichise, H., Jin, Y., Iida, K., Takai, Y.: NS record history based abnormal DNS traffic detection considering adaptive botnet communication blocking. IPSJ J. Inf. Process. 28, 112\u2013122 (2020). https:\/\/doi.org\/10.2197\/ipsjjip.28.112","journal-title":"IPSJ J. Inf. Process."},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Iuchi, Y., Jin, Y., Ichise, H., Iida, K., Takai, Y.: Detection and blocking of DGA-based bot infected computers by monitoring NXDOMAIN responses. In: Proceedings of 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)\/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), pp. 82\u201387 (2020)","DOI":"10.1109\/CSCloud-EdgeCom49738.2020.00023"},{"key":"13_CR27","unstructured":"Ke, G., et al.: LightGBM: a highly efficient gradient boosting decision tree. In: Proceedings of Advances in Neural Information Processing Systems, vol. 30 (2017)"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Lambion, D., Josten, M., Olumofin, F., De Cock, M.: Malicious DNS tunneling detection in real-traffic DNS data. In: Proceedings of 2020 IEEE International Conference on Big Data (Big Data), pp. 5736\u20135738 (2020)","DOI":"10.1109\/BigData50022.2020.9378418"},{"key":"13_CR29","doi-asserted-by":"crossref","unstructured":"MontazeriShatoori, M., Davidson, L., Kaur, G., Habibi Lashkari, A.: Detection of DoH tunnels using time-series classification of encrypted traffic. In: Proceedings of 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech), pp. 63\u201370 (2020)","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"issue":"2","key":"13_CR30","doi-asserted-by":"publisher","first-page":"1988","DOI":"10.1109\/COMST.2018.2883147","volume":"21","author":"F Pacheco","year":"2019","unstructured":"Pacheco, F., Exposito, E., Gineste, M., Baudoin, C., Aguilar, J.: Towards the deployment of machine learning solutions in network traffic classification: a systematic survey. IEEE Commun. Surv. Tutor. 21(2), 1988\u20132014 (2019)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"13_CR31","unstructured":"Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A.V., Gulin, A.: CatBoost: unbiased boosting with categorical features. In: Proceedings of Advances in Neural Information Processing Systems, vol. 31 (2018)"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Shyam, R., Ayachit, S.S., Patil, V., Singh, A.: Competitive analysis of the top gradient boosting machine learning algorithms. In: Proceedings of 2020 2nd International Conference on Advances in Computing, Communication Control and Networking (ICACCCN), pp. 191\u2013196 (2020)","DOI":"10.1109\/ICACCCN51052.2020.9362840"},{"key":"13_CR33","unstructured":"Siby, S., Juarez, M., Diaz, C., Vallina-Rodriguez, N., Troncoso, C.: Encrypted DNS $$\\rightarrow $$ privacy? In: Proceedings of Network and Distributed Systems Security (NDSS) Symposium 2020 (2020)"},{"key":"13_CR34","doi-asserted-by":"crossref","unstructured":"Singh, S.K., Roy, P.K.: Detecting malicious DNS over HTTPS traffic using machine learning. In: Proceedings of 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies, pp. 1\u20136 (2020)","DOI":"10.1109\/3ICT51146.2020.9312004"},{"key":"13_CR35","unstructured":"Tianqi, C., Carlos, G.: XGBoost: a scalable tree boosting system. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 785\u2013794 (2016)"},{"key":"13_CR36","doi-asserted-by":"crossref","unstructured":"Vekshin, D., Hynek, K., Cejka, T.: DoH insight: detecting DNS over HTTPS by machine learning. In: Proceedings of the 15th International Conference on Availability, Reliability and Security (2020)","DOI":"10.1145\/3407023.3409192"},{"key":"13_CR37","doi-asserted-by":"crossref","unstructured":"Wu, K., Zhang, Y., Yin, T.: FTPB: a three-stage DNS tunnel detection method based on character feature extraction. In: Proceedings of 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 250\u2013258 (2020)","DOI":"10.1109\/TrustCom50675.2020.00044"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Yang, P., Wan, X., Shi, G., Qu, H., Li, J., Yang, L.: Naruto: DNS covert channels detection based on stacking model. In: Proceedings of the 2020 2nd World Symposium on Software Engineering, pp. 109\u2013115 (2020)","DOI":"10.1145\/3425329.3425336"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-91356-4_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,13]],"date-time":"2024-09-13T01:22:34Z","timestamp":1726190554000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-91356-4_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"ISBN":["9783030913557","9783030913564"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-91356-4_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]},"assertion":[{"value":"27 November 2021","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2021","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"9 November 2021","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"13 November 2021","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2021","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/isc2021.petra.ac.id\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"87","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"21","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"24% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}