{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,31]],"date-time":"2025-03-31T01:40:13Z","timestamp":1743385213491,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":17,"publisher":"Springer Nature Singapore","isbn-type":[{"value":"9789819628636","type":"print"},{"value":"9789819628643","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,1,1]],"date-time":"2025-01-01T00:00:00Z","timestamp":1735689600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-981-96-2864-3_28","type":"book-chapter","created":{"date-parts":[[2025,3,31]],"date-time":"2025-03-31T01:15:51Z","timestamp":1743383751000},"page":"351-362","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A Large-Scale Study of\u00a0Abnormal Recursive DNS"],"prefix":"10.1007","author":[{"given":"Anlei","family":"Hu","sequence":"first","affiliation":[]},{"given":"Liangyi","family":"Gong","sequence":"additional","affiliation":[]},{"given":"Jieling","family":"Xie","sequence":"additional","affiliation":[]},{"given":"Yufu","family":"Li","sequence":"additional","affiliation":[]},{"given":"Gaogang","family":"Xie","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,3,29]]},"reference":[{"key":"28_CR1","unstructured":"K\u00fchrer, M., Hupperich, T., Rossow, C., Holz, T.: Exit from hell? reducing the impact of amplification DDoS attacks. In: Proceedings of USENIX Security Symposium, San Diego, CA, pp. 111\u2013125. USENIX Association (2014)"},{"key":"28_CR2","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: Proceedings of NDSS (2011)"},{"key":"28_CR3","doi-asserted-by":"crossref","unstructured":"Ghafir, I., Prenosil, V.: DNS traffic analysis for malicious domains detection. In: Proceedings of SPIN, pp. 613\u2013918. IEEE (2015)","DOI":"10.1109\/SPIN.2015.7095337"},{"issue":"1","key":"28_CR4","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/TNET.2021.3105599","volume":"30","author":"J Park","year":"2021","unstructured":"Park, J., Jang, R., Mohaisen, M., Mohaisen, D.: A large-scale behavioral analysis of the open DNS resolvers on the internet. IEEE\/ACM Trans. Network. 30(1), 76\u201389 (2021)","journal-title":"IEEE\/ACM Trans. Network."},{"issue":"4","key":"28_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3191329","volume":"51","author":"Y Zhauniarovich","year":"2018","unstructured":"Zhauniarovich, Y., Khalil, I., Ting, Yu., Dacier, M.: A survey on malicious domains detection through dns data analysis. ACM Comput. Surv. (CSUR) 51(4), 1\u201336 (2018)","journal-title":"ACM Comput. Surv. (CSUR)"},{"issue":"1","key":"28_CR6","first-page":"6510381","volume":"2018","author":"Z Liu","year":"2018","unstructured":"Liu, Z., Zeng, Y., Zhang, P., Xue, J., Zhang, J., Liu, J.: An imbalanced malicious domains detection method based on passive dns traffic analysis. Secur. Commun. Netw. 2018(1), 6510381 (2018)","journal-title":"Secur. Commun. Netw."},{"issue":"1","key":"28_CR7","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1016\/j.comnet.2011.07.018","volume":"56","author":"H Choi","year":"2012","unstructured":"Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Comput. Netw. 56(1), 20\u201333 (2012)","journal-title":"Comput. Netw."},{"issue":"6","key":"28_CR8","first-page":"2389","volume":"22","author":"E Soltanaghaei","year":"2015","unstructured":"Soltanaghaei, E., Kharrazi, M.: Detection of fast-flux botnets through DNS traffic analysis. Scientia Iranica 22(6), 2389\u20132400 (2015)","journal-title":"Scientia Iranica"},{"key":"28_CR9","doi-asserted-by":"crossref","unstructured":"Ma, X., Li, J., Tao, J., Guan, X.: Towards active measurement for DNS query behavior of botnets. In: Proceedings of IEEE GLOBECOM, pp. 845\u2013849. IEEE (2012)","DOI":"10.1109\/GLOCOM.2012.6503218"},{"key":"28_CR10","unstructured":"Jeitner, P., Shulman, H.: Injection attacks reloaded: tunnelling malicious payloads over DNS. In: Proceedings of USENIX Security, pp. 3165\u20133182 (2021)"},{"key":"28_CR11","unstructured":"Jerabek, K., Rysavy, O., Burgetova, I.: Measurement and characterization of DNS over HTTPS traffic (2022)"},{"key":"28_CR12","doi-asserted-by":"crossref","unstructured":"Wang, Q., et al.: HANDOM: heterogeneous attention network model for malicious domain detection. Comput. Secur. (2023)","DOI":"10.1016\/j.cose.2022.103059"},{"key":"28_CR13","doi-asserted-by":"crossref","unstructured":"Alzighaibi, A.R.: Detection of DoH traffic tunnels using deep learning for encrypted traffic classification. Computers 12(3) (2023)","DOI":"10.3390\/computers12030047"},{"key":"28_CR14","doi-asserted-by":"crossref","unstructured":"Ghafir, I., Prenosil, V.: DNS traffic analysis for malicious domains detection. In: Proceedings of International Conference on Signal Processing and Integrated Networks (2015)","DOI":"10.1109\/SPIN.2015.7095337"},{"key":"28_CR15","doi-asserted-by":"crossref","unstructured":"Nguyen, T.Q., Laborde, R., Benzekri, A., Oglaza, A., Mounsif, M.: AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels. Springer, Cham (2022)","DOI":"10.1007\/978-3-031-23098-1_8"},{"key":"28_CR16","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"302","DOI":"10.1007\/978-3-642-17313-4_30","volume-title":"Advanced Data Mining and Applications","author":"X Yuchi","year":"2010","unstructured":"Yuchi, X., Wang, X., Lee, X., Yan, B.: A new statistical approach to DNS traffic anomaly detection. In: Cao, L., Zhong, J., Feng, Y. (eds.) ADMA 2010. LNCS (LNAI), vol. 6441, pp. 302\u2013313. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-17313-4_30"},{"key":"28_CR17","doi-asserted-by":"crossref","unstructured":"Yuchi, X., Wang, X., Li, X., Yan, B.: DNS measurements at the. CN TLD servers. In: Proceedings of International Conference on Fuzzy Systems and Knowledge Discovery, vol. 7, pp. 540\u2013545. IEEE (2009)","DOI":"10.1109\/FSKD.2009.12"}],"container-title":["Lecture Notes in Computer Science","Network and Parallel Computing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-96-2864-3_28","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,31]],"date-time":"2025-03-31T01:16:09Z","timestamp":1743383769000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-96-2864-3_28"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025]]},"ISBN":["9789819628636","9789819628643"],"references-count":17,"URL":"https:\/\/doi.org\/10.1007\/978-981-96-2864-3_28","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025]]},"assertion":[{"value":"29 March 2025","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"NPC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"IFIP International Conference on Network and Parallel Computing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Haikou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"7 December 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 December 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"npc2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}