{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,31]],"date-time":"2025-03-31T01:34:58Z","timestamp":1743384898101,"version":"3.40.3"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031230974"},{"type":"electronic","value":"9783031230981"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-031-23098-1_8","type":"book-chapter","created":{"date-parts":[[2023,1,3]],"date-time":"2023-01-03T14:04:12Z","timestamp":1672754652000},"page":"126-144","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["AutoRoC-DBSCAN: Automatic Tuning of DBSCAN to Detect Malicious DNS Tunnels"],"prefix":"10.1007","author":[{"given":"Thi Quynh","family":"Nguyen","sequence":"first","affiliation":[]},{"given":"Romain","family":"Laborde","sequence":"additional","affiliation":[]},{"given":"Abdelmalek","family":"Benzekri","sequence":"additional","affiliation":[]},{"given":"Arnaud","family":"Oglaza","sequence":"additional","affiliation":[]},{"given":"Mehdi","family":"Mounsif","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,1,4]]},"reference":[{"key":"8_CR1","unstructured":"Anatomy of an APT attack: Step by step approach, Infosec Resources. https:\/\/resources.infosecinstitute.com\/topic\/anatomy-of-an-apt-attack-step-by-step-approach\/. Accessed 24 Aug 2021"},{"key":"8_CR2","doi-asserted-by":"publisher","unstructured":"Benzekri, A., Laborde, R., Oglaza, A., Rammal, D., Barrere, F.: Dynamic security management driven by situations: an exploratory analysis of logs for the identification of security situations. In: 3rd Cyber Security in Networking Conference (CSNet 2019), Quito, Ecuador, p. 66 (2019). https:\/\/doi.org\/10.1109\/CSNet47905.2019.9108976","DOI":"10.1109\/CSNet47905.2019.9108976"},{"key":"8_CR3","doi-asserted-by":"publisher","unstructured":"Nguyen, T.Q., Laborde, R., Benzekri, A., Qu\u2019hen, B.: Detecting abnormal DNS traffic using unsupervised machine learning. In: 2020 4th Cyber Security in Networking Conference (CSNet), pp. 1\u20138 (2020). https:\/\/doi.org\/10.1109\/CSNet50428.2020.9265466","DOI":"10.1109\/CSNet50428.2020.9265466"},{"key":"8_CR4","unstructured":"New Wekby Attacks Use DNS Requests As Command and Control Mechanism, Unit42, 24 May 2016. https:\/\/unit42.paloaltonetworks.com\/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism\/. Accessed 18 Jan 2022"},{"key":"8_CR5","unstructured":"Ron: Introduction, 24 August 2021. https:\/\/github.com\/iagox86\/dnscat2. Accessed 25 Aug 2021."},{"key":"8_CR6","unstructured":"dns2tcp|Kali Linux Tools, Kali Linux. https:\/\/www.kali.org\/tools\/dns2tcp\/. Accessed 07 Feb 2022"},{"key":"8_CR7","doi-asserted-by":"publisher","unstructured":"Habibi Lashkari, A., Seo, A., Gil, G., Ghorbani, A.: CIC-AB: online ad blocker for browsers, pp. 1\u20137 (2017). https:\/\/doi.org\/10.1109\/CCST.2017.8167846","DOI":"10.1109\/CCST.2017.8167846"},{"key":"8_CR8","unstructured":"DBSCAN Clustering Algorithm in Machine Learning, KDnuggets. https:\/\/www.kdnuggets.com\/dbscan-clustering-algorithm-in-machine-learning.html\/. Accessed 01 July 2020"},{"key":"8_CR9","doi-asserted-by":"publisher","unstructured":"Cunningham, P., Delany, S.: k-Nearest neighbour classifiers. Mult. Classif. Syst. 54 (2007). https:\/\/doi.org\/10.1145\/3459665","DOI":"10.1145\/3459665"},{"key":"8_CR10","unstructured":"scipy.signal.find_peaks\u2014SciPy v1.8.0 Manual. https:\/\/docs.scipy.org\/doc\/scipy-1.8.0\/html-scipyorg\/reference\/generated\/scipy.signal.find_peaks.html#scipy.signal.find_peaks. Accessed 08 Feb 2022"},{"key":"8_CR11","unstructured":"Hieu, L.: cicflowmeter: CICFlowMeter V3 Python Implementation. https:\/\/gitlab.com\/hieulw\/cicflowmeter. Accessed 24 Aug 2021"},{"key":"8_CR12","doi-asserted-by":"publisher","unstructured":"Liu, F.T., Ting, K., Zhou, Z.-H.: Isolation forest, pp. 413\u2013422 (2009). https:\/\/doi.org\/10.1109\/ICDM.2008.17","DOI":"10.1109\/ICDM.2008.17"},{"key":"8_CR13","unstructured":"Sch\u00f6lkopf, B., Williamson, R., Smola, A., Shawe-Taylor, J., Platt, J.: Support vector method for novelty detection, vol. 12, pp. 582\u2013588 (1999)"},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"Breunig, M.M., Kriegel, H.-P., Ng, R.T., Sander, J.: LOF: identifying density-based local outliers, p. 12 (2000)","DOI":"10.1145\/342009.335388"},{"issue":"7","key":"8_CR15","doi-asserted-by":"publisher","first-page":"1145","DOI":"10.1016\/S0031-3203(96)00142-2","volume":"30","author":"AP Bradley","year":"1997","unstructured":"Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognit. 30(7), 1145\u20131159 (1997). https:\/\/doi.org\/10.1016\/S0031-3203(96)00142-2","journal-title":"Pattern Recognit."},{"issue":"3","key":"8_CR16","doi-asserted-by":"publisher","first-page":"209","DOI":"10.2478\/jaiscr-2020-0014","volume":"10","author":"A Starczewski","year":"2020","unstructured":"Starczewski, A., Goetzen, P., Er, M.J.: A new method for automatic determining of the DBSCAN parameters. J. Artif. Intell. Soft Comput. Res. 10(3), 209\u2013221 (2020). https:\/\/doi.org\/10.2478\/jaiscr-2020-0014","journal-title":"J. Artif. Intell. Soft Comput. Res."},{"key":"8_CR17","first-page":"157","volume":"37","author":"Z Falahiazar","year":"2021","unstructured":"Falahiazar, Z., Bagheri, A., Reshadi, M.: Determining the parameters of DBSCAN automatically using the multi-objective genetic algorithm. J. Inf. Sci. Eng. 37, 157\u2013183 (2021)","journal-title":"J. Inf. Sci. Eng."},{"issue":"7","key":"8_CR18","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5120\/15890-5059","volume":"91","author":"A Karami","year":"2014","unstructured":"Karami, A., Johansson, R.: Choosing DBSCAN parameters automatically using differential evolution. Int. J. Comput. Appl. 91(7), 1\u201311 (2014). https:\/\/doi.org\/10.5120\/15890-5059","journal-title":"Int. J. Comput. Appl."},{"key":"8_CR19","unstructured":"Miglani, J., Thorpe, C.: Employing machine learning paradigms for detecting DNS tunneling (2021)"},{"key":"8_CR20","doi-asserted-by":"publisher","unstructured":"Singh, M., Singh, M., Kaur, S.: 10 Days DNS Network Traffic from April-May, 2016, vol. 2, May 2019. https:\/\/doi.org\/10.17632\/zh3wnddzxy.2","DOI":"10.17632\/zh3wnddzxy.2"},{"key":"8_CR21","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2018\/6137098","volume":"2018","author":"A Almusawi","year":"2018","unstructured":"Almusawi, A., Amintoosi, H.: DNS tunneling detection method based on multilabel support vector machine. Secur. Commun. Netw. 2018, 1\u20139 (2018). https:\/\/doi.org\/10.1155\/2018\/6137098","journal-title":"Secur. Commun. Netw."},{"key":"8_CR22","unstructured":"Palau, F., Catania, C., Guerra, J., Garcia, S., Rigaki, M.: DNS tunneling: a deep learning based lexicographical detection approach (2020). http:\/\/arxiv.org\/abs\/2006.06122. Accessed 24 Aug 2021"}],"container-title":["Communications in Computer and Information Science","Emerging Information Security and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-23098-1_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,3]],"date-time":"2023-01-03T16:10:06Z","timestamp":1672762206000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-23098-1_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783031230974","9783031230981"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-23098-1_8","relation":{},"ISSN":["1865-0929","1865-0937"],"issn-type":[{"type":"print","value":"1865-0929"},{"type":"electronic","value":"1865-0937"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"4 January 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"EISA","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Symposium on Emerging Information Security and Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2022","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29 October 2022","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"30 October 2022","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"eisa2022","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/eisa.compute.dtu.dk\/2022\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"35","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"13","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"0","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"37% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Due to COVID-19, EISA 2022 was held fully online.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}