{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T21:12:35Z","timestamp":1770153155160,"version":"3.49.0"},"publisher-location":"Singapore","reference-count":51,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819564187","type":"print"},{"value":"9789819564194","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-6419-4_1","type":"book-chapter","created":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T08:57:58Z","timestamp":1770109078000},"page":"1-20","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Make It Easy: Enhanced Detection of\u00a0DNS Tunneling Tools over DoH Using Standard Flow Features"],"prefix":"10.1007","author":[{"given":"Farhan","family":"Ahmad","sequence":"first","affiliation":[]},{"given":"Muhammad Mansoor","family":"Alam","sequence":"additional","affiliation":[]},{"given":"Muhammad","family":"Salman","sequence":"additional","affiliation":[]},{"given":"Komal","family":"Batool","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,4]]},"reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"R. van Rijswijk-Deij, A. Sperotto, and A. Pras, \u201cDnssec and its potential for ddos attacks: a comprehensive measurement study,\u201d in Proceedings of the 2014 Conference on Internet Measurement Conference, 2014, pp. 449\u2013460","DOI":"10.1145\/2663716.2663731"},{"key":"1_CR2","doi-asserted-by":"publisher","first-page":"694","DOI":"10.1016\/j.cose.2018.01.018","volume":"77","author":"C Grothoff","year":"2018","unstructured":"Grothoff, C., Wachs, M., Ermert, M., Appelbaum, J.: Toward secure name resolution on the internet. Computers & Security 77, 694\u2013708 (2018)","journal-title":"Computers & Security"},{"key":"1_CR3","doi-asserted-by":"crossref","unstructured":"K. Hynek, D. Vekshin, J. Luxemburk, T. Cejka, and A. Wasicek, \u201cSummary of dns over https abuse,\u201d IEEE Access, vol. 10, pp. 54 66854 680, 2022","DOI":"10.1109\/ACCESS.2022.3175497"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"K. Bumanglag and H. Kettani, \u201cOn the impact of dns over https paradigm on cyber systems,\u201d in 2020 3rd International Conference on Information and Computer Technologies (ICICT). IEEE, 2020, pp. 494\u2013499","DOI":"10.1109\/ICICT50521.2020.00085"},{"key":"1_CR5","doi-asserted-by":"publisher","first-page":"604","DOI":"10.1016\/j.future.2020.06.012","volume":"112","author":"Z Yan","year":"2020","unstructured":"Yan, Z., Lee, J.-H.: The road to dns privacy. Futur. Gener. Comput. Syst. 112, 604\u2013611 (2020)","journal-title":"Futur. Gener. Comput. Syst."},{"key":"1_CR6","unstructured":"V. Paxson, M. Christodorescu, M. Javed, J. Rao, R. Sailer, D. L. Schales, M. Stoecklin, K. Thomas, W. Venema, and N. Weaver, \u201cPractical comprehensive bounds on surreptitious communication over DNS,\u201d in 22nd USENIX Security Symposium (USENIX Security 13), 2013, pp. 17\u201332"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"S. Garcia, J. Bogado, K. Hynek, D. Vekshin, T. Cejka, and A. Wasicek, \u201cLarge scale analysis of doh deployment on the internet,\u201d in European Symposium on Research in Computer Security. Springer, 2022, pp. 145\u2013165","DOI":"10.1007\/978-3-031-17143-7_8"},{"key":"1_CR8","doi-asserted-by":"crossref","unstructured":"R. Mitsuhashi, Y. Jin, K. Iida, T. Shinagawa, and Y. Takai, \u201cMalicious dns tunnel tool recognition using persistent doh traffic analysis,\u201d IEEE Transactions on Network and Service Management, 2022","DOI":"10.1109\/TNSM.2022.3215681"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"S. K. Singh and P. K. Roy, \u201cDetecting malicious dns over https traffic using machine learning,\u201d in 2020 International Conference on Innovation and Intelligence for Informatics, Computing and Technologies (3ICT). IEEE, 2020, pp. 1\u20136","DOI":"10.1109\/3ICT51146.2020.9312004"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"D. Vekshin, K. Hynek, and T. Cejka, \u201cDoh insight: Detecting dns over https by machine learning,\u201d in Proceedings of the 15th International Conference on Availability, Reliability and Security, 2020, pp. 1\u20138","DOI":"10.1145\/3407023.3409192"},{"issue":"2","key":"1_CR11","doi-asserted-by":"publisher","first-page":"46","DOI":"10.12691\/jcsa-8-2-2","volume":"8","author":"YM Banadaki","year":"2020","unstructured":"Banadaki, Y.M., Robert, S.: Detecting malicious dns over https traffic in domain name system using machine learning classifiers. Journal of Computer Sciences and Applications 8(2), 46\u201355 (2020)","journal-title":"Journal of Computer Sciences and Applications"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"K. Jerabek, K. Hynek, O. Rysavy, and I. Burgetova, \u201cDns over https detection using standard flow telemetry,\u201d IEEE Access, 2023","DOI":"10.1109\/ACCESS.2023.3275744"},{"key":"1_CR13","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108322","volume":"197","author":"Y Wang","year":"2021","unstructured":"Wang, Y., Zhou, A., Liao, S., Zheng, R., Hu, R., Zhang, L.: A comprehensive survey on dns tunnel detection. Comput. Netw. 197, 108322 (2021)","journal-title":"Comput. Netw."},{"issue":"10","key":"1_CR14","doi-asserted-by":"publisher","first-page":"183","DOI":"10.23919\/JCC.2020.10.013","volume":"17","author":"P Yang","year":"2020","unstructured":"Yang, P., Li, Y., Zang, Y.: Detecting dns covert channels using stacking model. China Communications 17(10), 183\u2013194 (2020)","journal-title":"China Communications"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"A. L. Buczak, P. A. Hanke, G. J. Cancro, M. K. Toma, L. A. Watkins, and J. S. Chavis, \u201cDetection of tunnels in pcap data by random forests,\u201d in Proceedings of the 11th Annual Cyber and Information Security Research Conference, 2016, pp. 1\u20134","DOI":"10.1145\/2897795.2897804"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"K. Borgolte, T. Chattopadhyay, N. Feamster, M. Kshirsagar, J. Holland, A. Hounsel, and P. Schmitt, \u201cHow dns over https is reshaping privacy, performance, and policy in the internet ecosystem,\u201d in TPRC47: The 47th Research Conference on Communication, Information and Internet Policy, 2019","DOI":"10.2139\/ssrn.3427563"},{"key":"1_CR17","unstructured":"J. Bushart and C. Rossow, \u201cPadding ain\u2019t enough: Assessing the privacy guarantees of encrypted DNS,\u201d in 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20), 2020"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"MontazeriShatoori, M., Davidson, L., Kaur, G., Lashkari, A.H., \u201cDetection of doh tunnels using time-series classification of encrypted traffic,\u201d in,: IEEE Intl Conf on Dependable, Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech). IEEE 2020, 63\u201370 (2020)","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Alenezi, R., Ludwig, S.A., \u201cClassifying dns tunneling tools for malicious doh traffic,\u201d in,: IEEE Symposium Series on Computational Intelligence (SSCI). IEEE 2021, 1\u20139 (2021)","DOI":"10.1109\/SSCI50451.2021.9660136"},{"key":"1_CR20","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2023.109910","volume":"234","author":"M Moure-Garrido","year":"2023","unstructured":"Moure-Garrido, M., Campo, C., Garcia-Rubio, C.: Real time detection of malicious doh traffic using statistical analysis. Comput. Netw. 234, 109910 (2023)","journal-title":"Comput. Netw."},{"key":"1_CR21","unstructured":"M. Konopa, J. Fesl, J. Jel\u00ednek, M. Feslov\u00e1, J. Ceh\u00e1k, J. Jane\u010dek, and F. Drd\u00e1k, \u201cUsing machine learning for dns over https detection,\u201d in Proc. 19th Eur. Conf. Cyber Warfare, 2020, p. 205"},{"issue":"4","key":"1_CR22","doi-asserted-by":"publisher","first-page":"2037","DOI":"10.1109\/COMST.2014.2321898","volume":"16","author":"R Hofstede","year":"2014","unstructured":"Hofstede, R., \u010celeda, P., Trammell, B., Drago, I., Sadre, R., Sperotto, A., Pras, A.: Flow monitoring explained: From packet capture to data analysis with netflow and ipfix. IEEE Communications Surveys & Tutorials 16(4), 2037\u20132064 (2014)","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"1_CR23","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2022.109467","volume":"220","author":"J Luxemburk","year":"2023","unstructured":"Luxemburk, J., \u010cejka, T.: Fine-grained tls services classification with reject option. Comput. Netw. 220, 109467 (2023)","journal-title":"Comput. Netw."},{"key":"1_CR24","unstructured":"G. Ke, Q. Meng, T. Finley, T. Wang, W. Chen, W. Ma, Q. Ye, and T.Y. Liu, \u201cLightgbm: A highly efficient gradient boosting decision tree,\u201d Advances in neural information processing systems, vol. 30, 2017"},{"issue":"1","key":"1_CR25","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1016\/j.dcan.2022.10.004","volume":"9","author":"D Mishra","year":"2023","unstructured":"Mishra, D., Naik, B., Nayak, J., Souri, A., Dash, P.B., Vimal, S.: Light gradient boosting machine with optimized hyperparameters for identification of malicious access in iot network. Digital Communications and Networks 9(1), 125\u2013137 (2023)","journal-title":"Digital Communications and Networks"},{"key":"1_CR26","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1023\/A:1010933404324","volume":"45","author":"L Breiman","year":"2001","unstructured":"Breiman, L.: Random forests. Mach. Learn. 45, 5\u201332 (2001)","journal-title":"Mach. Learn."},{"key":"1_CR27","unstructured":"S. Wali and I. Khan, \u201cExplainable ai and random forest based reliable intrusion detection system,\u201d Authorea Preprints, 2023"},{"key":"1_CR28","doi-asserted-by":"publisher","DOI":"10.1016\/j.ins.2023.119512","volume":"647","author":"N Wei","year":"2023","unstructured":"Wei, N., Yin, L., Zhou, X., Ruan, C., Wei, Y., Luo, X., Chang, Y., Li, Z.: A feature enhancement-based model for the malicious traffic detection with small-scale imbalanced dataset. Inf. Sci. 647, 119512 (2023)","journal-title":"Inf. Sci."},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"T. Chen and C. Guestrin, \u201cXgboost: Reliable large-scale tree boosting system,\u201d in Proceedings of the 22nd SIGKDD Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, 2015, pp. 13-17","DOI":"10.1145\/2939672.2939785"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"S. Sheikhi and P. Kostakos, \u201cSafeguarding cyberspace: Enhancing malicious website detection with pso-optimized xgboost and firefly-based feature selection,\u201d Computers & Security, p. 103885, 2024","DOI":"10.1016\/j.cose.2024.103885"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"T. Anande and M. Leeson, \u201cSynthetic network traffic data generation and classification of advanced persistent threat samples: A case study with gans and xgboost,\u201d in International Conference on Deep Learning Theory and Applications. Springer, 2023, pp. 1\u201318","DOI":"10.1007\/978-3-031-39059-3_1"},{"key":"1_CR32","unstructured":"K. O\u2019shea and R. Nash, \u201cAn introduction to convolutional neural networks,\u201d arXiv preprint arXiv:1511.08458, 2015"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"T. Anitha, S. Aanjankumar, S. Poonkuntran, and A. Nayyar, \u201cA novel methodology for malicious traffic detection in smart devices using bi-lstm\u2013cnn-dependent deep learning methodology,\u201d Neural Computing and Applications, vol. 35, no. 27, pp. 20 319\u201320 338, 2023","DOI":"10.1007\/s00521-023-08818-0"},{"key":"1_CR34","doi-asserted-by":"crossref","unstructured":"M. Salman, M. Ikram, and M. A. Kaafar, \u201cInvestigating evasive techniques in sms spam filtering: A comparative analysis of machine learning models,\u201d IEEE Access, 2024","DOI":"10.1109\/ACCESS.2024.3364671"},{"issue":"8","key":"1_CR35","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735\u20131780 (1997)","journal-title":"Neural Comput."},{"issue":"5","key":"1_CR36","doi-asserted-by":"publisher","first-page":"821","DOI":"10.3390\/e25050821","volume":"25","author":"Z Shi","year":"2023","unstructured":"Shi, Z., Luktarhan, N., Song, Y., Yin, H.: Tsfn: a novel malicious traffic classification method using bert and lstm. Entropy 25(5), 821 (2023)","journal-title":"Entropy"},{"issue":"60","key":"1_CR37","first-page":"1","volume":"18","author":"KP Murphy","year":"2006","unstructured":"Murphy, K.P., et al.: Naive bayes classifiers. University of British Columbia 18(60), 1\u20138 (2006)","journal-title":"University of British Columbia"},{"key":"1_CR38","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.107515","volume":"128","author":"B Babayigit","year":"2024","unstructured":"Babayigit, B., Abubaker, M.: Towards a generalized hybrid deep learning model with optimized hyperparameters for malicious traffic detection in the industrial internet of things. Eng. Appl. Artif. Intell. 128, 107515 (2024)","journal-title":"Eng. Appl. Artif. Intell."},{"issue":"1","key":"1_CR39","doi-asserted-by":"publisher","first-page":"21","DOI":"10.11113\/ijic.v13n1.384","volume":"13","author":"YZ Wei","year":"2023","unstructured":"Wei, Y.Z., Md-Arshad, M., Samad, A.A., Ithnin, N.: Comparing malware attack detection using machine learning techniques in iot network traffic. International Journal of Innovative Computing 13(1), 21\u201327 (2023)","journal-title":"International Journal of Innovative Computing"},{"key":"1_CR40","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2021.108719","volume":"204","author":"Z Aouini","year":"2022","unstructured":"Aouini, Z., Pekar, A.: Nfstream: A flexible network data analysis framework. Comput. Netw. 204, 108719 (2022)","journal-title":"Comput. Netw."},{"key":"1_CR41","doi-asserted-by":"crossref","unstructured":"M. Wang, B. Li, and Z. Li, \u201csflow: Towards resource-efficient and agile service federation in service overlay networks,\u201d in 24th International Conference on Distributed Computing Systems, 2004. Proceedings. IEEE, 2004, pp. 628\u2013635","DOI":"10.1109\/ICDCS.2004.1281630"},{"key":"1_CR42","doi-asserted-by":"crossref","unstructured":"H.T. Vo, T. N. Hoang, and L.D. Quach, \u201cAn approach to hyperparameter tuning in transfer learning for driver drowsiness detection based on bayesian optimization and random search,\u201d International Journal of Advanced Computer Science and Applications, vol. 14, no. 4, 2023","DOI":"10.14569\/IJACSA.2023.0140492"},{"key":"1_CR43","doi-asserted-by":"crossref","unstructured":"C. Kwan, P. Janiszewski, S. Qiu, C. Wang, and C. Bocovich, \u201cExploring simple detection techniques for DNS-over-HTTPS tunnels,\u201d in Proceedings of the ACM SIGCOMM 2021 Workshop on Free and Open Communications on the Internet, pp. 37\u201342, 2021","DOI":"10.1145\/3473604.3474563"},{"key":"1_CR44","unstructured":"Q. Huang, D. Chang, and Z. Li, \u201cA comprehensive study of DNS-over-HTTPS downgrade attack,\u201d in Proceedings of the 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20), 2020"},{"key":"1_CR45","unstructured":"A. Riekenberg, \"rust-doh-proxy,\" GitHub repository. [Online]. Available: https:\/\/github.com\/aaronriekenberg\/rust-doh-proxy [Accessed: 25 Dec, 2024]"},{"key":"1_CR46","unstructured":"V. Jacobson, C. Leres, and S. McCanne, \"tcpdump,\" Lawrence Berkeley National Labs, 1989. [Online]. Available: ftp:\/\/ftp.ee.lbl.gov\/. [Accessed: Dec. 25, 2024]"},{"key":"1_CR47","unstructured":"J. Wendroth and B. Jaeger, \"A Brief Overview on HTTP,\" Network, vol. 59, 2022"},{"key":"1_CR48","doi-asserted-by":"crossref","unstructured":"Jerabek, K., Rysavy, O., Burgetova, I., \u201cAnalysis of well-known DNS over HTTPS resolvers,\u201d in Proc.: IEEE 13th Annu. Comput. Commun. Workshop Conf. (CCWC) 2023, 516\u2013524 (2023)","DOI":"10.1109\/CCWC57344.2023.10099347"},{"key":"1_CR49","doi-asserted-by":"crossref","unstructured":"M. Salman, B. Z. H. Zhao, H. J. Asghar, M. Ikram, S. Kaushik, and M. A. Kaafar, \"On the robustness of malware detectors to adversarial samples,\" arXiv preprint arXiv:2408.02310, 2024","DOI":"10.1007\/978-3-031-82362-6_10"},{"key":"1_CR50","doi-asserted-by":"crossref","unstructured":"Z. Ding, Z. Wang, Y. Zhang, Y. Cao, Y. Liu, X. Shen, Y. Tian, and J. Dai, \u201cEfficient or powerful? Trade-offs between machine learning and deep learning for mental illness detection on social media,\u201d arXiv preprint arXiv:2503.01082, 2025","DOI":"10.1038\/s41598-025-99167-6"},{"key":"1_CR51","doi-asserted-by":"publisher","first-page":"24306","DOI":"10.1109\/ACCESS.2024.3364671","volume":"12","author":"M Salman","year":"2024","unstructured":"Salman, M., Ikram, M., Kaafar, M.A.: Investigating evasive techniques in SMS spam filtering: A comparative analysis of machine learning models. IEEE Access 12, 24306\u201324324 (2024)","journal-title":"IEEE Access"}],"container-title":["Lecture Notes in Computer Science","Network and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-6419-4_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,3]],"date-time":"2026-02-03T08:58:06Z","timestamp":1770109086000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-6419-4_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9789819564187","9789819564194"],"references-count":51,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-6419-4_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"4 February 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NSS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Network and System Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Wuhan","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"5 December 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"19","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"nss2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/nsclab.org\/nss-socialsec2025\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}