{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T04:32:51Z","timestamp":1773117171415,"version":"3.50.1"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319288642","type":"print"},{"value":"9783319288659","type":"electronic"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-28865-9_19","type":"book-chapter","created":{"date-parts":[[2016,1,23]],"date-time":"2016-01-23T03:40:02Z","timestamp":1453520402000},"page":"348-366","source":"Crossref","is-referenced-by-count":15,"title":["You Are How You Query: Deriving Behavioral Fingerprints from DNS Traffic"],"prefix":"10.1007","author":[{"given":"Dae Wook","family":"Kim","sequence":"first","affiliation":[]},{"given":"Junjie","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"19_CR1","unstructured":"Shaikh, A., Tewari, R., Agrawal, M.: On the effectiveness of dns-based server selection. In: INFOCOM (2001)"},{"issue":"6","key":"19_CR2","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1109\/MIC.2003.1250586","volume":"7","author":"A Vakali","year":"2003","unstructured":"Vakali, A., Pallis, G.: Content delivery networks: Status and trends. IEEE Internet Computing 7(6), 68\u201374 (2003)","journal-title":"IEEE Internet Computing"},{"key":"19_CR3","unstructured":"Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: NDSS (2008)"},{"key":"19_CR4","unstructured":"Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou II, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of dga-based malware. In: USENIX Security Symposium (2012)"},{"key":"19_CR5","unstructured":"Paxson, V., Christodorescu, M., Javed, M., Rao, J.R., Sailer, R., Schales, D.L., Stoecklin, M.P., Thomas, K., Venema, W., Weaver, N.: Practical comprehensive bounds on surreptitious communication over dns. In: USENIX Security (2013)"},{"issue":"5","key":"19_CR6","doi-asserted-by":"publisher","first-page":"589","DOI":"10.1109\/TNET.2002.803905","volume":"10","author":"J Jung","year":"2002","unstructured":"Jung, J., Sit, E., Balakrishnan, H., Morris, R.: Dns performance and the effectiveness of caching. IEEE\/ACM Transactions on Networking 10(5), 589\u2013603 (2002)","journal-title":"IEEE\/ACM Transactions on Networking"},{"key":"19_CR7","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive dns analysis. In: NDSS (2011)"},{"key":"19_CR8","unstructured":"Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou II, N., Dagon, D.: Detecting malware domains at the upper dns hierarchy. In: USENIX Security Symposium (2011)"},{"key":"19_CR9","unstructured":"Krishnan, S., Monrose, F.: Dns prefetching and its privacy implications: when good things go bad. In: Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More. USENIX Association (2010)"},{"key":"19_CR10","doi-asserted-by":"crossref","unstructured":"Matsunaka, T., Yamada, A., Kubota, A.: Passive os fingerprinting by dns traffic analysis. In: 2013 IEEE 27th International Conference on AINA (2013)","DOI":"10.1109\/AINA.2013.119"},{"key":"19_CR11","unstructured":"Sun, Q., Simon, D.R., Wang, Y.-M., Russell, W., Padmanabhan, V.N., Qiu, L.: Statistical identification of encrypted web browsing traffic. In: Proceedings 2002 IEEE Symposium on Security and Privacy, pp. 19\u201330. IEEE (2002)"},{"key":"19_CR12","doi-asserted-by":"crossref","unstructured":"Liberatore, M., Levine, B.N.: Inferring the source of encrypted http connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006)","DOI":"10.1145\/1180405.1180437"},{"key":"19_CR13","doi-asserted-by":"crossref","unstructured":"Chen, S., Wang, R., Wang, X., Zhang, K.: Side-channel leaks in web applications: a reality today, a challenge tomorrow. In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 191\u2013206. IEEE (2010)","DOI":"10.1109\/SP.2010.20"},{"key":"19_CR14","unstructured":"Wright, C.V., Ballard, L., Monrose, F., Masson, G.M.: Language identification of encrypted voip traffic: Alejandra y roberto or alice and bob. In: Proceedings of USENIX Security Symposium (2007)"},{"key":"19_CR15","doi-asserted-by":"crossref","unstructured":"Wright, C.V., Ballard, L., Coull, S.E., Monrose, F., Masson, G.M.: Spot me if you can: uncovering spoken phrases in encrypted voip conversations. In: IEEE Symposium on Security and Privacy, SP 2008. IEEE (2008)","DOI":"10.1109\/SP.2008.21"},{"key":"19_CR16","doi-asserted-by":"crossref","unstructured":"Zhang, F., He, W., Liu, X., Bridges, P.G.: Inferring users\u2019 online activities through traffic analysis. In: Proceedings of WiSec (2011)","DOI":"10.1145\/1998412.1998425"},{"key":"19_CR17","doi-asserted-by":"crossref","unstructured":"Pang, J., Greenstein, B., Gummadi, R., Seshan, S., Wetherall, D.: 802.11 user fingerprinting. In: MobiCom (2007)","DOI":"10.1145\/1287853.1287866"},{"key":"19_CR18","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1016\/j.cose.2013.03.012","volume":"39","author":"D Herrmann","year":"2013","unstructured":"Herrmann, D., Banse, C., Federrath, H.: Behavior-based tracking: Exploiting characteristic patterns in dns traffic. Computers & Security 39, 17\u201333 (2013)","journal-title":"Computers & Security"},{"key":"19_CR19","unstructured":"Coull, S.E., Wright, C.V., Keromytis, A.D., Monrose, F., Reiter, M.K.: Taming the devil: techniques for evaluating anonymized network data. In: Proceedings Network and Distributed System Security Symposium 2008, February, 10\u201313, San Diego, California, pp. 125\u2013135. Internet Society 2008 (2008)"},{"key":"19_CR20","doi-asserted-by":"crossref","unstructured":"Wondracek, G., Holz, T., Kirda, E., Kruegel, C.: A practical attack to de-anonymize social network users. In: 2010 IEEE Symposium on Security and Privacy (SP) (2010)","DOI":"10.1109\/SP.2010.21"},{"key":"19_CR21","doi-asserted-by":"crossref","unstructured":"Narayanan, A., Shmatikov, V.: De-anonymizing social networks. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 173\u2013187, May 2009","DOI":"10.1109\/SP.2009.22"},{"issue":"1","key":"19_CR22","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1145\/1327452.1327492","volume":"51","author":"J Dean","year":"2008","unstructured":"Dean, J., Ghemawat, S.: Mapreduce: simplified data processing on large clusters. Communications of the ACM 51(1), 107\u2013113 (2008)","journal-title":"Communications of the ACM"},{"key":"19_CR23","doi-asserted-by":"crossref","unstructured":"Shafiq, M.Z., Ji, L., Liu, A.X., Wang, J.: Characterizing and modeling internet traffic dynamics of cellular devices. In: ACM SIGMETRICS (2011)","DOI":"10.1145\/1993744.1993776"},{"key":"19_CR24","unstructured":"Dagon, D., Zou, C., Lee, W.: Modeling botnet propagation using time zones. In: NDSS (2006)"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-28865-9_19","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,1]],"date-time":"2019-06-01T07:21:22Z","timestamp":1559373682000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-28865-9_19"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319288642","9783319288659"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-28865-9_19","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015]]}}}