{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T05:13:56Z","timestamp":1779167636468,"version":"3.51.4"},"publisher-location":"Singapore","reference-count":28,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819568567","type":"print"},{"value":"9789819568574","type":"electronic"}],"license":[{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2026,1,1]],"date-time":"2026-01-01T00:00:00Z","timestamp":1767225600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2026]]},"DOI":"10.1007\/978-981-95-6857-4_22","type":"book-chapter","created":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T04:52:35Z","timestamp":1779166355000},"page":"293-304","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["IoT Botnet Detection Based on\u00a0the\u00a0Behaviors of\u00a0DNS over\u00a0TLS Queries"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9247-251X","authenticated-orcid":false,"given":"Cheng-Han","family":"Shie","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yu-Chun","family":"Tseng","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7512-1291","authenticated-orcid":false,"given":"Chun-I","family":"Fan","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2026,5,1]]},"reference":[{"key":"22_CR1","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: Domain names: Concepts and facilities (RFC Editor, 1987, 11). https:\/\/www.rfc-editor.org\/rfc\/rfc1034.txt","DOI":"10.17487\/rfc1034"},{"key":"22_CR2","doi-asserted-by":"crossref","unstructured":"Mockapetris, P.: Domain names: Implementation and specification (RFC Editor, 1987, 11). https:\/\/www.rfc-editor.org\/rfc\/rfc1035.txt","DOI":"10.17487\/rfc1035"},{"key":"22_CR3","doi-asserted-by":"crossref","unstructured":"Hu, Z., Zhu, L., Heidemann, J., Mankin, A., Wessels, D., Hoffman, P.: Specification for DNS over Transport Layer Security (TLS) (RFC Editor, 2016, 5). https:\/\/www.rfc-editor.org\/rfc\/rfc7858.txt","DOI":"10.17487\/RFC7858"},{"key":"22_CR4","doi-asserted-by":"crossref","unstructured":"Hoffman, P., McManus, P.: DNS queries over HTTPS (DoH) (RFC Editor, 2018, 10). https:\/\/www.rfc-editor.org\/rfc\/rfc8484.txt","DOI":"10.17487\/RFC8484"},{"key":"22_CR5","doi-asserted-by":"crossref","unstructured":"Damas, J., Graff, M., Vixie, P.: Extension mechanisms for DNS (EDNS(0)) (RFC Editor, 2013, 4). https:\/\/www.rfc-editor.org\/rfc\/rfc6891.txt","DOI":"10.17487\/rfc6891"},{"key":"22_CR6","doi-asserted-by":"crossref","unstructured":"Mayrhofer, A.: The EDNS(0) padding option (RFC Editor, 2016, 5). https:\/\/www.rfc-editor.org\/rfc\/rfc7830.txt","DOI":"10.17487\/RFC7830"},{"key":"22_CR7","doi-asserted-by":"crossref","unstructured":"Mayrhofer, A. Padding policies for extension mechanisms for DNS (EDNS(0)) (RFC Editor, 2018, 10)","DOI":"10.17487\/RFC8467"},{"key":"22_CR8","doi-asserted-by":"crossref","unstructured":"Siby, S., Juarez, M., Diaz, C., Vallina-Rodriguez, N., Troncoso, C.: Encrypted DNS $$\\Rightarrow $$ privacy? A traffic analysis perspective. In: Network And Distributed System Security Symposium (NDSS) (2019)","DOI":"10.14722\/ndss.2020.24301"},{"key":"22_CR9","doi-asserted-by":"crossref","unstructured":"Houser, R., Li, Z., Cotton, C., Wang, H.: An investigation on information leakage of DNS over TLS. In: Proceedings Of The 15th International Conference On Emerging Networking Experiments And Technologies, pp. 123\u2013137 (2019)","DOI":"10.1145\/3359989.3365429"},{"key":"22_CR10","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.101614","volume":"88","author":"C Patsakis","year":"2020","unstructured":"Patsakis, C., Casino, F., Katos, V.: Encrypted and covert DNS queries for botnets: challenges and countermeasures. Comput. Secur. 88, 101614 (2020)","journal-title":"Comput. Secur."},{"key":"22_CR11","doi-asserted-by":"crossref","unstructured":"Herrmann, D., Wendolsky, R., Federrath, H.: Website fingerprinting: attacking popular privacy enhancing technologies with the multinomial na\u00efve-bayes classifier. In: Proceedings of the 2009 ACM Workshop on Cloud Computing Security, pp. 31\u201342 (2009)","DOI":"10.1145\/1655008.1655013"},{"key":"22_CR12","unstructured":"Wagner, D., Schneier, B.: Analysis of the SSL 3.0 protocol. Second USENIX Workshop Electron. Commerce Proc. 1, 29\u201340 (1996)"},{"key":"22_CR13","doi-asserted-by":"crossref","unstructured":"Panchenko, A., Niessen, L., Zinnen, A., Engel, T.: Website fingerprinting in onion routing based anonymization networks. In: Proceedings of the 10th Annual ACM Workshop on Privacy in the Electronic Society, pp. 103\u2013114 (2011)","DOI":"10.1145\/2046556.2046570"},{"key":"22_CR14","doi-asserted-by":"crossref","unstructured":"Juarez, M., Afroz, S., Acar, G., Diaz, C., Greenstadt, R.: A critical evaluation of website fingerprinting attacks. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 263\u2013274 (2014)","DOI":"10.1145\/2660267.2660368"},{"key":"22_CR15","doi-asserted-by":"crossref","unstructured":"Panchenko, A., Lanze, F., Pennekamp, J., Engel, T., Zinnen, A., Henze, M., Wehrle, K.: Website fingerprinting at Internet scale. In: Network and Distributed System Security Symposium (NDSS) (2016)","DOI":"10.14722\/ndss.2016.23477"},{"key":"22_CR16","doi-asserted-by":"crossref","unstructured":"Sirinam, P., Imani, M., Juarez, M., Wright, M.: Deep fingerprinting: undermining website fingerprinting defenses with deep learning. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1928\u20131943 (2018)","DOI":"10.1145\/3243734.3243768"},{"key":"22_CR17","unstructured":"Luo, X., Zhou, P., Chan, E., Lee, W., Chang, R., Perdisci, R.: HTTPOS: sealing information leaks with browser-side obfuscation of encrypted flows. In: Network and Distributed System Security Symposium (NDSS), vol. 11 (2011)"},{"key":"22_CR18","doi-asserted-by":"crossref","unstructured":"Dyer, K., Coull, S., Ristenpart, T., Shrimpton, T.: Peek-a-boo, I still see you: why efficient traffic analysis countermeasures fail. In: 2012 IEEE Symposium on Security and Privacy, pp. 332\u2013346 (2012)","DOI":"10.1109\/SP.2012.28"},{"key":"22_CR19","doi-asserted-by":"crossref","unstructured":"Hounsel, A., Schmitt, P., Borgolte, K., Feamster, N.: Can encrypted DNS be fast? In: International Conference on Passive and Active Network Measurement, pp. 444\u2013459 (2021)","DOI":"10.1007\/978-3-030-72582-2_26"},{"key":"22_CR20","doi-asserted-by":"crossref","unstructured":"MontazeriShatoori, M., Davidson, L., Kaur, G., Lashkari, A.: Detection of DoH tunnels using time-series classification of encrypted traffic. In: The 5th IEEE Cyber Science and Technology Congress, pp. 63\u201370 (2020)","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"key":"22_CR21","unstructured":"Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczy\u0144ski, M., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: Network And Distributed System Security Symposium (NDSS) (2019)"},{"key":"22_CR22","doi-asserted-by":"publisher","first-page":"1745","DOI":"10.1109\/TMC.2018.2866249","volume":"18","author":"A Sivanathan","year":"2018","unstructured":"Sivanathan, A., Gharakheili, H., Loi, F., Radford, A., Wijenayake, C., Vishwanath, A., Sivaraman, V.: Classifying IoT devices in smart environments using network traffic characteristics. IEEE Trans. Mob. Comput. 18, 1745\u20131759 (2018)","journal-title":"IEEE Trans. Mob. Comput."},{"key":"22_CR23","unstructured":"Bushart, J., Rossow, C.: Padding ain\u2019t enough: assessing the privacy guarantees of encrypted DNS. In: 10th USENIX Workshop on Free and Open Communications on the Internet (FOCI 20) (2020)"},{"key":"22_CR24","doi-asserted-by":"publisher","first-page":"195","DOI":"10.1007\/s11416-017-0306-6","volume":"14","author":"B Anderson","year":"2018","unstructured":"Anderson, B., Paul, S., McGrew, D.: Deciphering malware\u2019s use of TLS (without decryption). J. Comput. Virol. Hacking Tech. 14, 195\u2013211 (2018)","journal-title":"J. Comput. Virol. Hacking Tech."},{"key":"22_CR25","doi-asserted-by":"crossref","unstructured":"Deri, L., Sartiano, D.: Monitoring IoT encrypted traffic with deep packet inspection and statistical analysis. In: 2020 15th International Conference for Internet Technology and Secured Transactions (ICITST), pp. 1\u20136 (2020)","DOI":"10.23919\/ICITST51030.2020.9351330"},{"key":"22_CR26","unstructured":"Team Stubby. GitHub Repository. https:\/\/github.com\/getdnsapi\/stubby"},{"key":"22_CR27","unstructured":"DGA. 360 Netlab. https:\/\/data.netlab.360.com\/dga\/"},{"key":"22_CR28","unstructured":"DGA. Bambenek Consulting. https:\/\/osint.bambenekconsulting.com\/feeds\/"}],"container-title":["Lecture Notes in Computer Science","Information Security Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-95-6857-4_22","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,5,19]],"date-time":"2026-05-19T04:52:45Z","timestamp":1779166365000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-95-6857-4_22"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026]]},"ISBN":["9789819568567","9789819568574"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-981-95-6857-4_22","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026]]},"assertion":[{"value":"1 May 2026","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"WISA 2025","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security Applications","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Jeju Island","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Korea (Republic of)","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2025","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 August 2025","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"22 August 2025","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"wisa2025","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/www.wisa.or.kr\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}