{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,30]],"date-time":"2025-12-30T08:58:00Z","timestamp":1767085080793},"publisher-location":"Berlin, Heidelberg","reference-count":19,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540736134"},{"type":"electronic","value":"9783540736141"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-73614-1_8","type":"book-chapter","created":{"date-parts":[[2007,9,13]],"date-time":"2007-09-13T03:09:45Z","timestamp":1189652985000},"page":"129-139","source":"Crossref","is-referenced-by-count":55,"title":["Passive Monitoring of DNS Anomalies"],"prefix":"10.1007","author":[{"given":"Bojan","family":"Zdrnja","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nevil","family":"Brownlee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Duane","family":"Wessels","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"8_CR1","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.V., Dunlap, K.J.: Development of the Domain Name System. In: ACM Symphosium proceedings on Communications architectures and protocols (SIGCOMM 1988), vol. 18(4) (1998)","DOI":"10.1145\/52325.52338"},{"key":"8_CR2","unstructured":"RUS-CERT: Passive DNS replication, http:\/\/cert.uni-stuttgart.de\/stats\/dns-replication.php"},{"key":"8_CR3","unstructured":"Schonewille, A., Helmond, D.v.: The Domain Name Service as an IDS. Research Project for the Master System- and Network Engineering at the University of Amsterdam (February 2006)"},{"key":"8_CR4","unstructured":"Kristoff, J.: DNSWatch, http:\/\/aharp.ittns.northwestern.edu\/software\/dnswatch"},{"key":"8_CR5","unstructured":"Elton, N., Keel, M.: A Discussion of Bot Networks. EDUCAUSE 2005 (April 2005), http:\/\/www.educause.edu\/ir\/library\/pdf\/SPC0568.pdf"},{"key":"8_CR6","unstructured":"TCPDUMP\/libpcap public repository, http:\/\/www.tcpdump.org"},{"key":"8_CR7","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: Domain Names Implementation and Specification. RFC 1035 (November 1987)","DOI":"10.17487\/rfc1035"},{"key":"8_CR8","unstructured":"Tcpdpriv \u2013 A program for eliminating confidential information from packets collected on a network interface (October 2005), http:\/\/ita.ee.lbl.gov\/html\/contrib\/tcpdpriv.html"},{"issue":"5","key":"8_CR9","doi-asserted-by":"publisher","first-page":"589","DOI":"10.1109\/TNET.2002.803905","volume":"10","author":"J. Jung","year":"2002","unstructured":"Jung, J., Sit, E., Balakrishnan, H., Morris, R.: DNS Performance and the Effectiveness of Caching. ACM Transactions on Networking\u00a010(5), 589\u2013603 (2002)","journal-title":"ACM Transactions on Networking"},{"key":"8_CR10","unstructured":"Wong, M.: Sender Authentication What To Do. A Messaging Anti-Abuse Working Group White Paper (November 2004), http:\/\/www.openspf.org\/whitepaper.pdf"},{"key":"8_CR11","unstructured":"Sequitur IPS: Domain name disputes, cybersquatting and UDRP cases. http:\/\/www.sequitur-ips.com\/domain-name-disputes\/library.html"},{"key":"8_CR12","doi-asserted-by":"crossref","unstructured":"Gavron, E.: A Security Problem and Proposed Correction With Widely Deployed DNS Software. RFC 1535 (October 1993)","DOI":"10.17487\/rfc1535"},{"key":"8_CR13","unstructured":"Wang, Y., Beck, D., Wang, J., Verbowski, C., Daniels, B.: Strider Typo-Patrol: Discovery and Analysis of Systematic Typo-Squatting. Microsoft Research Technical Report (to be submitted to the 2nd Usenix Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI 06)) http:\/\/research.microsoft.com\/URLTracer"},{"key":"8_CR14","unstructured":"Evron, G., Blog, S.: Looking behind the smoke screen of the Internet: DNS recursive attacks, spamvertised domains, phishing, botnet C&Cs, International Infrastructure and you, http:\/\/blogs.securiteam.com\/index.php\/archives\/298"},{"key":"8_CR15","doi-asserted-by":"crossref","unstructured":"Daigle, L.: WHOIS: Protocol Specification. RFC 3912 (September 2004)","DOI":"10.17487\/rfc3912"},{"key":"8_CR16","unstructured":"SURBL Spam URI Realtime Blocklists, http:\/\/www.surbl.org"},{"key":"8_CR17","unstructured":"Weimer, F.: Passive DNS Replication. FIRST 2005 (April 2005)"},{"key":"8_CR18","unstructured":"Internet Engineering Task Force: Requirements for Internet Hosts Application and Support. RFC 1123 (October 1989)"},{"key":"8_CR19","doi-asserted-by":"crossref","unstructured":"Vixie, P.: Extension Mechanisms for DNS (EDNS0). RFC 2671 (August 1999)","DOI":"10.17487\/rfc2671"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-73614-1_8","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,3]],"date-time":"2019-05-03T01:30:53Z","timestamp":1556847053000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-73614-1_8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540736134","9783540736141"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-73614-1_8","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2007]]}}}