{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T02:29:54Z","timestamp":1771468194247,"version":"3.50.1"},"publisher-location":"Cham","reference-count":28,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319647005","type":"print"},{"value":"9783319647012","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-64701-2_9","type":"book-chapter","created":{"date-parts":[[2017,7,25]],"date-time":"2017-07-25T08:56:55Z","timestamp":1500973015000},"page":"112-127","source":"Crossref","is-referenced-by-count":23,"title":["Detecting DNS Tunneling Using Ensemble Learning"],"prefix":"10.1007","author":[{"given":"Saeed","family":"Shafieian","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Smith","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammad","family":"Zulkernine","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2017,7,26]]},"reference":[{"key":"9_CR1","unstructured":"Detecting DNS tunneling. https:\/\/www.sans.org\/reading-room\/whitepapers\/dns\/detecting-dns-tunneling-34152 . Last accessed 14 Apr 2017"},{"key":"9_CR2","unstructured":"DNS root servers. https:\/\/www.iana.org\/domains\/root\/servers . Last accessed 14 Apr 2017"},{"key":"9_CR3","unstructured":"Dnscat2 DNS tunneling tool. https:\/\/github.com\/iagox86\/dnscat2 . Last accessed 14 Apr 2017"},{"key":"9_CR4","unstructured":"Infoblox security assessment report. https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-security-assessment-report-2016q2.pdf . Last accessed 14 Apr 2017"},{"key":"9_CR5","unstructured":"Iodine DNS tunneling tool. http:\/\/code.kryo.se\/iodine . Last accessed 14 Apr 2017"},{"key":"9_CR6","unstructured":"One-hot encoding. https:\/\/en.wikipedia.org\/wiki\/One-hot . Last accessed 14 Apr 2017"},{"key":"9_CR7","unstructured":"Ozyman DNS tunneling tool. https:\/\/www.splitbrain.org\/blog\/2008-11\/02-dns_tunneling_made_simple . Last accessed 14 Apr 2017"},{"key":"9_CR8","unstructured":"Pearson correlation coefficient. https:\/\/en.wikipedia.org\/wiki\/Pearson_product-moment_correlation_coefficient . Last accessed 14 Apr 2017"},{"key":"9_CR9","unstructured":"Proxy bypassing by DNS tunneling. http:\/\/resources.infosecinstitute.com\/dns-tunnelling\/ . Last accessed 8 June 2017"},{"key":"9_CR10","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-319-07995-0_46","volume-title":"International Joint Conference SOCO\u201914-CISIS\u201914-ICEUTE\u201914","author":"M Aiello","year":"2014","unstructured":"Aiello, M., Mongelli, M., Papaleo, G.: Supervised learning approaches with majority voting for DNS tunneling detection. In: Puerta, J.G., Ferreira, I.G., Bringas, P.G., Klett, F., Abraham, A., Carvalho, A.C.P.L.F., Herrero, \u00c1., Baruque, B., Quinti\u00e1n, H., Corchado, E. (eds.) International Joint Conference SOCO\u201914-CISIS\u201914-ICEUTE\u201914. AISC, vol. 299, pp. 463\u2013472. Springer, Cham (2014). doi: 10.1007\/978-3-319-07995-0_46"},{"key":"9_CR11","doi-asserted-by":"crossref","unstructured":"Allard, F., Dubois, R., Gompel, P., Morel, M.: Tunneling activities detection using machine learning techniques. Technical report, DTIC Document (2010)","DOI":"10.26636\/jtit.2011.1.1132"},{"key":"9_CR12","unstructured":"Born, K., Gustafson, D.: Detecting DNS tunnels using character frequency analysis (2010). arXiv preprint: arXiv:1004.4358"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Buczak, A.L., Hanke, P.A., Cancro, G.J., Toma, M.K., Watkins, L.A., Chavis, J.S.: Detection of tunnels in PCAP data by random forests. In: Proceedings of the 11th Annual Cyber and Information Security Research Conference, p. 16. ACM (2016)","DOI":"10.1145\/2897795.2897804"},{"key":"9_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/3-540-45014-9_1","volume-title":"Multiple Classifier Systems","author":"TG Dietterich","year":"2000","unstructured":"Dietterich, T.G.: Ensemble methods in machine learning. In: Kittler, J., Roli, F. (eds.) MCS 2000. LNCS, vol. 1857, pp. 1\u201315. Springer, Heidelberg (2000). doi: 10.1007\/3-540-45014-9_1"},{"key":"9_CR15","first-page":"731","volume-title":"Incremental Learning","author":"X Geng","year":"2009","unstructured":"Geng, X., Smith-Miles, K.: Incremental Learning, pp. 731\u2013735. Springer, Boston (2009)"},{"key":"9_CR16","series-title":"Advances in Intelligent Systems and Computing","doi-asserted-by":"publisher","first-page":"691","DOI":"10.1007\/978-81-322-1602-5_74","volume-title":"Proceedings of the Second International Conference on Soft Computing for Problem Solving (SocProS 2012)","author":"VY Kulkarni","year":"2014","unstructured":"Kulkarni, V.Y., Petare, M., Sinha, P.K.: Analyzing random forest classifier with different split measures. In: Babu, B.V., Nagar, A., Deep, K., Pant, M., Bansal, J.C., Ray, K., Gupta, U. (eds.) Proceedings of the Second International Conference on Soft Computing for Problem Solving (SocProS 2012). AISC, vol. 236, pp. 691\u2013699. Springer, New Delhi (2014). doi: 10.1007\/978-81-322-1602-5_74"},{"key":"9_CR17","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"154","DOI":"10.1007\/978-3-642-31537-4_13","volume-title":"Machine Learning and Data Mining in Pattern Recognition","author":"TM Oshiro","year":"2012","unstructured":"Oshiro, T.M., Perez, P.S., Baranauskas, J.A.: How many trees in a random forest? In: Perner, P. (ed.) MLDM 2012. LNCS (LNAI), vol. 7376, pp. 154\u2013168. Springer, Heidelberg (2012). doi: 10.1007\/978-3-642-31537-4_13"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"van Rijswijk-Deij, R., Sperotto, A., Pras, A.: Dnssec and its potential for DDoS attacks: a comprehensive measurement study. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 449\u2013460. ACM (2014)","DOI":"10.1145\/2663716.2663731"},{"issue":"4","key":"9_CR19","doi-asserted-by":"crossref","first-page":"3:1","DOI":"10.1147\/JRD.2016.2557639","volume":"60","author":"D Schales","year":"2016","unstructured":"Schales, D., Jang, J., Wang, T., Hu, X., Kirat, D., Wuest, B., Stoecklin, M.P.: Scalable analytics to detect DNS misuse for establishing stealthy communication channels. IBM J. Res. Dev. 60(4), 3:1\u20133:14 (2016)","journal-title":"IBM J. Res. Dev."},{"key":"9_CR20","series-title":"Computer Communications and Networks","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1007\/978-3-319-10530-7_1","volume-title":"Cloud Computing","author":"S Shafieian","year":"2014","unstructured":"Shafieian, S., Zulkernine, M., Haque, A.: Attacks in public clouds: can they hinder the rise of the cloud? In: Mahmood, Z. (ed.) Cloud Computing. Computer Communications and Networks, pp. 3\u201322. Springer, Cham (2014)"},{"issue":"1","key":"9_CR21","doi-asserted-by":"crossref","first-page":"50","DOI":"10.1002\/j.1538-7305.1951.tb01366.x","volume":"30","author":"CE Shannon","year":"1951","unstructured":"Shannon, C.E.: Prediction and entropy of printed english. Bell Syst. Tech. J. 30(1), 50\u201364 (1951)","journal-title":"Bell Syst. Tech. J."},{"key":"9_CR22","series-title":"Studies in Computational Intelligence","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1007\/978-3-540-76280-5_14","volume-title":"Machine Learning in Document Analysis and Recognition","author":"S Tulyakov","year":"2008","unstructured":"Tulyakov, S., Jaeger, S., Govindaraju, V., Doermann, D.: Review of classifier combination methods. In: Marinai, S., Fujisawa, H. (eds.) Machine Learning in Document Analysis and Recognition. SCI, vol. 90, pp. 361\u2013386. Springer, Heidelberg (2008)"},{"key":"9_CR23","unstructured":"Van Leijenhorst, T., Chin, K.W., Lowe, D.: On the viability and performance of DNS tunneling (2008)"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Villamar\u00edn-Salom\u00f3n, R., Brustoloni, J.C.: Identifying botnets using anomaly detection techniques applied to DNS traffic. In: 2008 5th IEEE Consumer Communications and Networking Conference, pp. 476\u2013481. IEEE (2008)","DOI":"10.1109\/ccnc08.2007.112"},{"key":"9_CR25","unstructured":"Wang, Z.: Combating malicious DNS tunnel (2016). arXiv preprint: arXiv:1605.01401"},{"issue":"6","key":"9_CR26","doi-asserted-by":"crossref","first-page":"8","DOI":"10.1109\/MC.1984.1659158","volume":"17","author":"TA Welch","year":"1984","unstructured":"Welch, T.A.: A technique for high-performance data compression. Computer 17(6), 8\u201319 (1984)","journal-title":"Computer"},{"issue":"3","key":"9_CR27","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1109\/TDSC.2013.10","volume":"10","author":"K Xu","year":"2013","unstructured":"Xu, K., Butler, P., Saha, S., Yao, D.: DNS for massive-scale command and control. IEEE Trans. Dependable Secure Comput. 10(3), 143\u2013153 (2013)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"9_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-3-642-17313-4_30","volume-title":"Advanced Data Mining and Applications","author":"X Yuchi","year":"2010","unstructured":"Yuchi, X., Wang, X., Lee, X., Yan, B.: A new statistical approach to DNS traffic anomaly detection. In: Cao, L., Zhong, J., Feng, Y. (eds.) ADMA 2010, Part II. LNCS, vol. 6441, pp. 302\u2013313. Springer, Heidelberg (2010). doi: 10.1007\/978-3-642-17313-4_30"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-64701-2_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T17:45:37Z","timestamp":1750787137000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-64701-2_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319647005","9783319647012"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-64701-2_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}