{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T12:28:00Z","timestamp":1763641680369},"publisher-location":"Berlin, Heidelberg","reference-count":14,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642389979"},{"type":"electronic","value":"9783642389986"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-38998-6_16","type":"book-chapter","created":{"date-parts":[[2013,6,20]],"date-time":"2013-06-20T01:24:39Z","timestamp":1371691479000},"page":"124-135","source":"Crossref","is-referenced-by-count":32,"title":["Flow-Based Detection of DNS Tunnels"],"prefix":"10.1007","author":[{"given":"Wendy","family":"Ellens","sequence":"first","affiliation":[]},{"given":"Piotr","family":"\u017buraniewski","sequence":"additional","affiliation":[]},{"given":"Anna","family":"Sperotto","sequence":"additional","affiliation":[]},{"given":"Harm","family":"Schotanus","sequence":"additional","affiliation":[]},{"given":"Michel","family":"Mandjes","sequence":"additional","affiliation":[]},{"given":"Erik","family":"Meeuwissen","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"16_CR1","unstructured":"Cisco.com: Cisco ios netflow configuration guide, release 12.4. (September 2010), \n                    \n                      http:\/\/www.cisco.com"},{"key":"16_CR2","doi-asserted-by":"crossref","unstructured":"Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP Flow Information Export (IPFIX). RFC 3917, Informational (2004)","DOI":"10.17487\/rfc3917"},{"issue":"3","key":"16_CR3","doi-asserted-by":"publisher","first-page":"343","DOI":"10.1109\/SURV.2010.032210.00054","volume":"12","author":"A. Sperotto","year":"2010","unstructured":"Sperotto, A., Schaffrath, G., Sadre, R., Morariu, C., Pras, A., Stiller, B.: An overview of ip flow-based intrusion detection. IEEE Communications Surveys & Tutorials\u00a012(3), 343\u2013356 (2010)","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"16_CR4","doi-asserted-by":"publisher","first-page":"128","DOI":"10.1109\/TNSM.2012.031512.110146","volume":"9","author":"A. Sperotto","year":"2012","unstructured":"Sperotto, A., Mandjes, M.R.H., Sadre, R., de Boer, P.T., Pras, A.: Autonomic parameter tuning of anomaly-based idss: an ssh case study. IEEE Transactions on Network and Service Management\u00a09, 128\u2013141 (2012)","journal-title":"IEEE Transactions on Network and Service Management"},{"issue":"6","key":"16_CR5","doi-asserted-by":"publisher","first-page":"507","DOI":"10.1016\/j.peva.2011.01.008","volume":"68","author":"M. Mandjes","year":"2011","unstructured":"Mandjes, M., \u017buraniewski, P.: M\/G\/\u2009\u221e transience, and its applications to overload detection. Performance Evaluation\u00a068(6), 507\u2013527 (2011)","journal-title":"Performance Evaluation"},{"key":"16_CR6","series-title":"IFIP AICT","doi-asserted-by":"publisher","first-page":"51","DOI":"10.1007\/978-3-642-01244-0_5","volume-title":"Emerging Challenges for Security, Privacy and Trust","author":"L. Nussbaum","year":"2009","unstructured":"Nussbaum, L., Neyron, P., Richard, O.: On Robust Covert Channels Inside DNS. In: Gritzalis, D., Lopez, J. (eds.) SEC 2009. IFIP AICT, vol.\u00a0297, pp. 51\u201362. Springer, Heidelberg (2009)"},{"key":"16_CR7","doi-asserted-by":"crossref","unstructured":"Aiello, M., Merlo, A., Papaleo, G.: Performance assessment and analysis of DNS tunneling tools. Logic Journal of IGPL (2012)","DOI":"10.1093\/jigpal\/jzs029"},{"key":"16_CR8","doi-asserted-by":"crossref","unstructured":"Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Detecting HTTP Tunnels with Statistical Mechanisms. In: IEEE International Conference on Communications (ICC 2007), pp. 6162\u20136168 (June 2007)","DOI":"10.1109\/ICC.2007.1020"},{"issue":"1","key":"16_CR9","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1016\/j.comnet.2008.09.010","volume":"53","author":"M. Dusi","year":"2009","unstructured":"Dusi, M., Crotti, M., Gringoli, F., Salgarelli, L.: Tunnel Hunter: Detecting application-layer tunnels with statistical fingerprinting. Computer Networks\u00a053(1), 81\u201397 (2009)","journal-title":"Computer Networks"},{"key":"16_CR10","doi-asserted-by":"crossref","unstructured":"Marchal, S., Francois, J., Wagner, C., State, R., Dulaunoy, A., Engel, T., Festor, O.: DNSSM: A large scale passive DNS security monitoring framework. In: IEEE Network Operations and Management Symposium (NOMS 2012), pp. 988\u2013993 (2012)","DOI":"10.1109\/NOMS.2012.6212019"},{"key":"16_CR11","doi-asserted-by":"crossref","unstructured":"Karasaridis, A., Meier-Hellstern, K., Hoeflin, D.: NIS04-2: Detection of DNS Anomalies using Flow Data Analysis. In: IEEE International Conference on Global Telecommunications Conference (GLOBECOM 2006), pp. 1\u20136 (December 2006)","DOI":"10.1109\/GLOCOM.2006.280"},{"key":"16_CR12","doi-asserted-by":"crossref","unstructured":"Callegari, C., Coluccia, A., D\u2019Alconzo, A., Ellens, W., Giordano, S., Mandjes, M., Pagano, M., Pepe, T., Ricciato, F., \u017buraniewski, P.: A methodological overview on anomaly detection. COST-TMA Book chapter (to appear, 2013)","DOI":"10.1007\/978-3-642-36784-7_7"},{"key":"16_CR13","doi-asserted-by":"crossref","unstructured":"Brodsky, B., Darkhovsky, B.: Nonparametric methods in change-point problems. Mathematics and Its Applications, vol.\u00a0243. Springer (1993)","DOI":"10.1007\/978-94-015-8163-9"},{"key":"16_CR14","unstructured":"Kolmogorov, A.: On the empirical determination of a distribution law (1933). In: Shiryayev, A. (ed.) Selected Works of A.N. Kolmogorov. Probability Theory and Mathematical Statistics, vol.\u00a0II, pp. 139\u2013146. Springer Netherlands (1992)"}],"container-title":["Lecture Notes in Computer Science","Emerging Management Mechanisms for the Future Internet"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-38998-6_16","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,20]],"date-time":"2019-05-20T01:38:06Z","timestamp":1558316286000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-38998-6_16"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642389979","9783642389986"],"references-count":14,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-38998-6_16","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}