{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T12:40:56Z","timestamp":1763642456199,"version":"3.40.3"},"publisher-location":"Cham","reference-count":23,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319992761"},{"type":"electronic","value":"9783319992778"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99277-8_8","type":"book-chapter","created":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T01:58:12Z","timestamp":1535594292000},"page":"127-140","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Information-Entropy-Based DNS Tunnel Prediction"],"prefix":"10.1007","author":[{"given":"Irvin","family":"Homem","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Panagiotis","family":"Papapetrou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Spyridon","family":"Dosis","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,8,30]]},"reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"R. Alshammari and A. Zincir-Heywood, Machine learning based encrypted traffic classification: Identifying SSH and Skype, Proceedings of the IEEE Symposium on Computational Intelligence in Security and Defense Applications, 2009.","DOI":"10.1109\/CISDA.2009.5356534"},{"key":"8_CR2","doi-asserted-by":"crossref","unstructured":"R. Alshammari and A. Zincir-Heywood, Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Computer Networks, vol. 55(6), pp. 1326\u20131350, 2011.","DOI":"10.1016\/j.comnet.2010.12.002"},{"key":"8_CR3","doi-asserted-by":"crossref","unstructured":"L. Bernaille and R. Teixeira, Early recognition of encrypted applications, Proceedings of the Eighth International Conference on Passive and Active Network Measurement, pp. 165\u2013175, 2007.","DOI":"10.1007\/978-3-540-71617-4_17"},{"key":"8_CR4","doi-asserted-by":"crossref","unstructured":"D. Bonfiglio, M. Mellia, M. Meo, D. Rossi and P. Tofanelli, Revealing Skype traffic: When randomness plays with you, ACM SIGCOMM Computer Communication Review, vol. 37(4), pp. 37\u201348, 2007.","DOI":"10.1145\/1282427.1282386"},{"key":"8_CR5","unstructured":"K. Born, PSUDP: A passive approach to network-wide covert communications, presented at Black Hat USA, 2010."},{"key":"8_CR6","unstructured":"K. Born and D. Gustafson, Detecting DNS tunnels using character frequency analysis, Proceedings of the Ninth Annual Security Conference, 2010."},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"M. Crotti, M. Dusi, F. Gringoli and L. Salgarelli, Detecting HTTP tunnels with statistical mechanisms, Proceedings of the IEEE International Conference on Communications, pp. 6162\u20136168, 2007.","DOI":"10.1109\/ICC.2007.1020"},{"key":"8_CR8","unstructured":"S. Davidoff and J. Ham, Network Forensics: Tracking Hackers through Cyberspace, Pearson Education, Upper Saddle River, New Jersey, 2012."},{"key":"8_CR9","doi-asserted-by":"crossref","unstructured":"C. Dietrich, C. Rossow, F. Freiling, H. Bos, M. van Steen and N. Pohlmann, On botnets that use DNS for command and control, Proceedings of the Seventh European Conference on Computer Network Defense, pp. 9\u201316, 2011.","DOI":"10.1109\/EC2ND.2011.16"},{"key":"8_CR10","doi-asserted-by":"crossref","unstructured":"M. Dusi, M. Crotti, F. Gringoli and L. Salgarelli, Detection of encrypted tunnels across network boundaries, Proceedings of the IEEE International Conference on Communications, pp. 1738\u20131744, 2008.","DOI":"10.1109\/ICC.2008.334"},{"key":"8_CR11","doi-asserted-by":"crossref","unstructured":"M. Dusi, M. Crotti, F. Gringoli and L. Salgarelli, Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting, Computer Networks, vol. 53(1), pp. 81\u201397, 2009.","DOI":"10.1016\/j.comnet.2008.09.010"},{"key":"8_CR12","unstructured":"E. Ekman and B. Andersson, Iodine Tunneling Protocol Documentation v502 (github.com\/yarrick\/iodine), 2014."},{"key":"8_CR13","unstructured":"G. Farnham, Detecting DNS Tunneling, InfoSec Reading Room, SANS Institute, Bethesda, Maryland, 2013."},{"key":"8_CR14","doi-asserted-by":"crossref","unstructured":"N. Hands, B. Yang and R. Hansen, A study on botnets utilizing DNS, Proceedings of the Fourth Annual ACM Conference on Research in Information Technology, pp. 23\u201328, 2015.","DOI":"10.1145\/2808062.2808070"},{"key":"8_CR15","unstructured":"E. Hjelmvik and W. John, Breaking and Improving Protocol Obfuscation, Technical Report No. 2010-05, Department of Computer Science and Engineering, Chalmers University of Technology, Goteborg, Sweden, 2010."},{"key":"8_CR16","unstructured":"I. Homem, TunnelStatsTests (github.com\/irvinhomem\/TunnelStatsTests), 2016."},{"key":"8_CR17","unstructured":"Mandiant, M-Trends 2014 Annual Threat Report: Beyond the Breach, Alexandria, Virginia, 2014."},{"key":"8_CR18","unstructured":"OpenDNS, OpenDNS Security Talk: The Role of DNS in Botnet Command and Control, San Francisco, California, 2011."},{"key":"8_CR19","unstructured":"O. Santos, Network Security with NetFlow and IPFIX: Big Data Analytics for Information Security, Cisco Press, Indianapolis, Indiana, 2016."},{"key":"8_CR20","unstructured":"D. Song, D. Wagner and X. Tian, Timing analysis of keystrokes and timing attacks on SSH, Proceedings of the Tenth USENIX Security Symposium, article no. 25, 2001."},{"key":"8_CR21","doi-asserted-by":"crossref","unstructured":"M. Stevanovic, J. Pedersen, A. D\u2019Alconzo, S. Ruehrup and A. Berger, On the ground truth problem of malicious DNS traffic analysis, Computers and Security, vol. 55, pp. 142\u2013158, 2015.","DOI":"10.1016\/j.cose.2015.09.004"},{"key":"8_CR22","unstructured":"I. Valenzuela, Game Changer: Identifying and defending against data exfiltration attempts, presented at the SANS Cyber Defense Summit, 2015."},{"key":"8_CR23","doi-asserted-by":"crossref","unstructured":"K. Xu, P. Butler, S. Saha and D. Yao, DNS for massive-scale command and control, IEEE Transactions on Dependable and Secure Computing, vol. 10(3), pp. 143\u2013153, 2013.","DOI":"10.1109\/TDSC.2013.10"}],"container-title":["IFIP Advances in Information and Communication Technology","Advances in Digital Forensics XIV"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99277-8_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,29]],"date-time":"2022-08-29T00:02:59Z","timestamp":1661731379000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-99277-8_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319992761","9783319992778"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99277-8_8","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2018]]},"assertion":[{"value":"30 August 2018","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"DigitalForensics","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Digital Forensics","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"New Delhi","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"India","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2018","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 January 2018","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 January 2018","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"digitalforensics2018","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.ifip119.org\/Conferences\/WG11-9-CFP-2018.pdf","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}