{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,3]],"date-time":"2025-08-03T04:22:25Z","timestamp":1754194945397},"publisher-location":"Cham","reference-count":20,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319134871"},{"type":"electronic","value":"9783319134888"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-13488-8_20","type":"book-chapter","created":{"date-parts":[[2014,12,12]],"date-time":"2014-12-12T02:50:48Z","timestamp":1418352648000},"page":"215-226","source":"Crossref","is-referenced-by-count":2,"title":["Detection of DNS Traffic Anomalies in Large Networks"],"prefix":"10.1007","author":[{"given":"Milan","family":"\u010cerm\u00e1k","sequence":"first","affiliation":[]},{"given":"Pavel","family":"\u010celeda","sequence":"additional","affiliation":[]},{"given":"Jan","family":"Vykopal","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,12,13]]},"reference":[{"unstructured":"Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: USENIX Security Symposium, pp. 273\u2013290 (2010)","key":"20_CR1"},{"doi-asserted-by":"crossref","unstructured":"Begleiter, R., Elovici, Y., Hollander, Y., Mendelson, O., Rokach, L., Saltzman, R.: A fast and scalable method for threat detection in large-scale DNS logs. In: 2013 IEEE International Conference on Big Data, pp. 738\u2013741 (Oct 2013)","key":"20_CR2","DOI":"10.1109\/BigData.2013.6691646"},{"issue":"4","key":"20_CR3","doi-asserted-by":"publisher","first-page":"14:1","DOI":"10.1145\/2584679","volume":"16","author":"L Bilge","year":"2014","unstructured":"Bilge, L., Sen, S., Balzarotti, D., Kirda, E., Kruegel, C.: Exposure: a passive DNS analysis service to detect and report malicious domains. ACM Trans. Inf. Syst. Secur. 16(4), 14:1\u201314:28 (2014). http:\/\/doi.acm.org\/10.1145\/2584679","journal-title":"ACM Trans. Inf. Syst. Secur."},{"issue":"1","key":"20_CR4","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1016\/j.comnet.2011.07.018","volume":"56","author":"H Choi","year":"2012","unstructured":"Choi, H., Lee, H.: Identifying botnets by capturing group activities in dns traffic. Comput. Netw. 56(1), 20\u201333 (2012)","journal-title":"Comput. Netw."},{"doi-asserted-by":"crossref","unstructured":"Ellens, W., \u017buraniewski, P., Sperotto, A., Schotanus, H., Mandjes, M., Meeuwissen, E.: Flow-based detection of DNS tunnels. In: Emerging Management Mechanisms for the Future Internet, pp. 124\u2013135. Springer (2013)","key":"20_CR5","DOI":"10.1007\/978-3-642-38998-6_16"},{"doi-asserted-by":"publisher","unstructured":"Hofstede, R., \u010celeda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., Pras, A.: Flow monitoring explained: from packet capture to data analysis with netFlow and IPFIX. IEEE Communications Surveys & Tutorials (2014). doi: 10.1109\/COMST.2014.2321898","key":"20_CR6","DOI":"10.1109\/COMST.2014.2321898"},{"doi-asserted-by":"crossref","unstructured":"Karasaridis, A., Meier-Hellstern, K., Hoeflin, D.: Detection of DNS anomalies using flow data analysis. In: Global Telecommunications Conference, 2006. GLOBECOM\u201906. IEEE. pp. 1\u20136. IEEE (2006)","key":"20_CR7","DOI":"10.1109\/GLOCOM.2006.280"},{"unstructured":"Kov\u00e1\u010dik, M.: DNS plugin (2014). https:\/\/www.liberouter.org\/technologies\/dns-plugin\/","key":"20_CR8"},{"unstructured":"Ko\u0161ata, B., \u010cerm\u00e1k, J., Sur\u00fd, O., Filip, O.: DSCng: DNS server monitoring program (2013). http:\/\/www.dscng.cz\/","key":"20_CR9"},{"issue":"1","key":"20_CR10","first-page":"97","volume":"6","author":"AM Manasrah","year":"2009","unstructured":"Manasrah, A.M., Hasan, A., Abouabdalla, O.A., Ramadass, S.: Detecting botnet activities based on abnormal DNS traffic. Int. J. Comput. Sci. Inf. Secur. 6(1), 97\u2013104 (2009)","journal-title":"Int. J. Comput. Sci. Inf. Secur."},{"doi-asserted-by":"crossref","unstructured":"Marchal, S., Francois, J., Wagner, C., State, R., Dulaunoy, A., Engel, T., Festor, O.: DNSSM: a large scale passive DNS security monitoring framework. In: Network Operations and Management Symposium (NOMS), 2012 IEEE, pp. 988\u2013993 (Apr 2012)","key":"20_CR11","DOI":"10.1109\/NOMS.2012.6212019"},{"issue":"23\u201324","key":"20_CR12","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23\u201324), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"issue":"5","key":"20_CR13","first-page":"714","volume":"9","author":"R Perdisci","year":"2012","unstructured":"Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive DNS traffic analysis. IEEE Trans. Depend. Secur. Comput. 9(5), 714\u2013726 (2012)","journal-title":"IEEE Trans. Depend. Secur. Comput."},{"unstructured":"Qu, J., Sztoch, P.: Dnsgraph (2003). http:\/\/dnsgraph.sourceforge.net\/","key":"20_CR14"},{"unstructured":"Schonewille, A., van Helmond, D.J.: The domain name service as an IDS. Research Project for the Master System-and Network Engineering at the University of Amsterdam (2006)","key":"20_CR15"},{"doi-asserted-by":"crossref","unstructured":"Snyder, M., Sundaram, R., Thakur, M.: Preprocessing DNS log data for effective data mining. In: IEEE International Conference on Communications, 2009. ICC \u201909, pp. 1\u20135 (June 2009)","key":"20_CR16","DOI":"10.1109\/ICC.2009.5199359"},{"unstructured":"\u010cerm\u00e1k, M.: DNSAnomDet (2014). https:\/\/is.muni.cz\/publication\/1131184","key":"20_CR17"},{"unstructured":"Weimer, F.: Passive dns replication. In: FIRST Conference on Computer Security Incident (2005)","key":"20_CR18"},{"unstructured":"Wessels, D.: Dnstop: Stay on top of your DNS traffic (2013). http:\/\/dns.measurement-factory.com\/tools\/dnstop\/","key":"20_CR19"},{"key":"20_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"129","DOI":"10.1007\/978-3-540-73614-1_8","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"B Zdrnja","year":"2007","unstructured":"Zdrnja, B., Brownlee, N., Wessels, D.: Passive monitoring of DNS anomalies. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol. 4579, pp. 129\u2013139. Springer, Heidelberg (2007)"}],"container-title":["Lecture Notes in Computer Science","Advances in Communication Networking"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-13488-8_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,18]],"date-time":"2019-08-18T07:16:52Z","timestamp":1566112612000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-13488-8_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319134871","9783319134888"],"references-count":20,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-13488-8_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}