{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:33:28Z","timestamp":1772120008025,"version":"3.50.1"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"6","license":[{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,10,1]],"date-time":"2025-10-01T00:00:00Z","timestamp":1759276800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"name":"the National Key Research and Development Program of China","award":["No.2019YFB2101704"],"award-info":[{"award-number":["No.2019YFB2101704"]}]},{"name":"the National Key Research and Development Program of China","award":["No.2019YFB2101704"],"award-info":[{"award-number":["No.2019YFB2101704"]}]},{"name":"the National Key Research and Development Program of China","award":["No.2019YFB2101704"],"award-info":[{"award-number":["No.2019YFB2101704"]}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Peer-to-Peer Netw. Appl."],"published-print":{"date-parts":[[2025,10]]},"DOI":"10.1007\/s12083-025-02122-5","type":"journal-article","created":{"date-parts":[[2025,10,7]],"date-time":"2025-10-07T10:18:51Z","timestamp":1759832331000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["ITransformer_CNN: a malicious DNS detection method with flexible feature extraction"],"prefix":"10.1007","volume":"18","author":[{"given":"Wenyue","family":"Zhang","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6248-1298","authenticated-orcid":false,"given":"Wei","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Zhen","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Fan","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Lifa","family":"Wu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,10,7]]},"reference":[{"key":"2122_CR1","doi-asserted-by":"crossref","unstructured":"Man K, Qian Z, Wang Z, Zheng X, Huang Y, Duan H (2020) DNS cache poisoning attack reloaded: Revolutions with side channels. In: Proceedings of the 2020 ACM conference on computer and communications security(CCS), pp 1337\u20131350","DOI":"10.1145\/3372297.3417280"},{"key":"2122_CR2","doi-asserted-by":"crossref","unstructured":"Spooren J, Preuveneers D, Desmet L, Janssen P, Joosen W (2019) Detection of algorithmically generated domain names used by botnets: a dual arms race. In: Proceedings of the 34th ACM\/SIGAPP symposium on applied computing, pp 1916\u20131923","DOI":"10.1145\/3297280.3297467"},{"key":"2122_CR3","doi-asserted-by":"crossref","unstructured":"Dan K, Kitagawa N, Sakuraba S, Yamai N (2019) Spam domain detection method using active DNS data and e-mail reception log. In: 2019 IEEE 43rd Annual computer software and applications conference (COMPSAC). IEEE, volume 1, pp 896\u2013899","DOI":"10.1109\/COMPSAC.2019.00133"},{"key":"2122_CR4","doi-asserted-by":"crossref","unstructured":"Mitsuhashi R, Satoh A, Jin Y, Iida K, Shinagawa T, Takai Y (2021) Identifying malicious dns tunnel tools from doh traffic using hierarchical machine learning classification. In: International conference on information security, Springer, pp 238\u2013256","DOI":"10.1007\/978-3-030-91356-4_13"},{"issue":"3","key":"2122_CR5","doi-asserted-by":"publisher","first-page":"64","DOI":"10.1109\/MSP.2011.154","volume":"10","author":"R Amin","year":"2012","unstructured":"Amin R, Ryan J, van Dorp J (2012) Detecting targeted malicious email. IEEE Security Privacy 10(3):64\u201371","journal-title":"IEEE Security Privacy"},{"key":"2122_CR6","doi-asserted-by":"crossref","unstructured":"SophosLabs Research Team et al (2019) Emotet exposed: looking inside highly destructive malware. Netw Secur 2019(6):6\u201311","DOI":"10.1016\/S1353-4858(19)30071-6"},{"key":"2122_CR7","unstructured":"Fouchereau R (2021) 2021 Global DNS Threat Report"},{"key":"2122_CR8","unstructured":"WhoisXML API (2023) Dissecting 1m+ malicious domains under the dns lens"},{"key":"2122_CR9","doi-asserted-by":"crossref","unstructured":"Man K, Zhou X, Qian Z 2021 Dns cache poisoning attack: Resurrections with side channels. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS \u201921, page 3400\u20133414, New York, NY, USA. Association for Computing Machinery","DOI":"10.1145\/3460120.3486219"},{"issue":"18","key":"2122_CR10","doi-asserted-by":"publisher","first-page":"6266","DOI":"10.1002\/sec.1674","volume":"9","author":"G Varshney","year":"2016","unstructured":"Varshney G, Misra M, Atrey PK (2016) A survey and classification of web phishing detection schemes. Secur Commun Netw 9(18):6266\u20136284","journal-title":"Secur Commun Netw"},{"key":"2122_CR11","doi-asserted-by":"crossref","unstructured":"Kang JM, Lee DH (2007) Advanced white list approach for preventing access to phishing sites. In: 2007 International conference on convergence information technology (ICCIT 2007), IEEE, pp 491\u2013496","DOI":"10.1109\/ICCIT.2007.50"},{"key":"2122_CR12","doi-asserted-by":"publisher","DOI":"10.7717\/peerj-cs.640","volume":"7","author":"S Al-Mashhadi","year":"2021","unstructured":"Al-Mashhadi S, Anbar M, Hasbullah I, Alamiedy TA (2021) Hybrid rule-based botnet detection approach using machine learning for analysing dns traffic. PeerJ Comput Sci 7:e640","journal-title":"PeerJ Comput Sci"},{"key":"2122_CR13","doi-asserted-by":"crossref","unstructured":"Curtin RR, Gardner AB, Grzonkowski S, Kleymenov A, Mosquera A (2019) Detecting dga domains with recurrent neural networks and side information. In: Proceedings of the 14th international conference on availability, reliability and security, pp 1\u201310","DOI":"10.1145\/3339252.3339258"},{"issue":"3","key":"2122_CR14","doi-asserted-by":"publisher","first-page":"1816","DOI":"10.1007\/s12083-020-01041-x","volume":"14","author":"F Yang","year":"2021","unstructured":"Yang F, Li F, Zhang K, Zhang W, Li S (2021) Influencing factors analysis in pear disease recognition using deep learning. Peer-to-Peer Netw Appl 14(3):1816\u20131828","journal-title":"Peer-to-Peer Netw Appl"},{"key":"2122_CR15","doi-asserted-by":"publisher","first-page":"4","DOI":"10.1016\/j.pmcj.2018.01.007","volume":"45","author":"T Meng","year":"2018","unstructured":"Meng T, Wolter K, Wu H, Wang Q (2018) A secure and cost-efficient offloading policy for mobile cloud computing against timing attacks. Pervasive Mob Comput 45:4\u201318","journal-title":"Pervasive Mob Comput"},{"key":"2122_CR16","doi-asserted-by":"crossref","unstructured":"Weber N, Shekhar L, Balasubramanian N (2018) The fine line between linguistic generalization and failure in seq2seq-attention models. arXiv:1805.01445","DOI":"10.18653\/v1\/W18-1004"},{"key":"2122_CR17","unstructured":"Vaswani A, Shazeer N, Parmar N, Uszkoreit J, Jones L, Gomez AN, Kaiser \u0141, Polosukhin I (2017) Attention is all you need. Adv Neural Inform Process Syst 30"},{"key":"2122_CR18","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1016\/j.cose.2019.04.015","volume":"85","author":"C Xu","year":"2019","unstructured":"Xu C, Shen J, Du X (2019) Detection method of domain names generated by dgas based on semantic representation and deep neural network. Comput Secur 85:77\u201388","journal-title":"Comput Secur"},{"key":"2122_CR19","doi-asserted-by":"crossref","unstructured":"Sun X, Wang Z, Yang J, Liu X (2020) Deepdom: malicious domain detection with scalable and heterogeneous graph convolutional networks. Comput Secur 99:102057","DOI":"10.1016\/j.cose.2020.102057"},{"key":"2122_CR20","unstructured":"Sch\u00fcppen S, Teubert D, Herrmann P, Meyer U (2018) FANCI: Feature-based automated NXDomain classification and intelligence. In: 27th USENIX Security symposium (USENIX Security 18), pp 1165\u20131181"},{"key":"2122_CR21","doi-asserted-by":"crossref","unstructured":"Sivakorn S, Jee K, Sun Y, Korts-P\u00e4rn L, Li Z, Lumezanu C, Wu Z, Tang L-A, Li D (2019) Countering malicious processes with process-DNS association. In: NDSS","DOI":"10.14722\/ndss.2019.23012"},{"issue":"6","key":"2122_CR22","first-page":"1263","volume":"56","author":"C Peng","year":"2019","unstructured":"Peng C, Yun X, Zhang Y, Li S (2019) Detecting malicious domains using co-occurrence relation between dns query. J Comput Res Dev 56(6):1263","journal-title":"J Comput Res Dev"},{"key":"2122_CR23","doi-asserted-by":"crossref","unstructured":"Yang L, Liu G, Wang J, Bai H, Zhai J, Dai Y (2021) Fast3ds: a real-time full-convolutional malicious domain name detection system. J Inform Secur Appl 61:102933","DOI":"10.1016\/j.jisa.2021.102933"},{"key":"2122_CR24","doi-asserted-by":"crossref","unstructured":"Chen S, Lang B, Liu H, Li D, Gao C (2021) Dns covert channel detection method using the lstm model. Comput Secur 104:102095","DOI":"10.1016\/j.cose.2020.102095"},{"key":"2122_CR25","doi-asserted-by":"crossref","unstructured":"Ding S, Zhang D, Ge J, Yuan X, Du X (2021) Encrypt dns traffic: Automated feature learning method for detecting dns tunnels. In: 2021 IEEE Intl Conf on Parallel & distributed processing with applications, big data & cloud computing, sustainable computing & communications, social computing & networking (ISPA\/BDCloud\/SocialCom\/SustainCom), IEEE, pp 352\u2013359","DOI":"10.1109\/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00056"},{"key":"2122_CR26","unstructured":"Gustavsson V (2019) Machine learning for a network-based intrusion detection system: An application using zeek and the cicids2017 dataset"},{"key":"2122_CR27","doi-asserted-by":"crossref","unstructured":"Haas S, Sommer R, Fischer M (2020) Zeek-osquery: Host-network correlation for advanced monitoring and intrusion detection. In: IFIP International Conference on ICT Systems Security and Privacy Protection. Springer, pp 248\u2013262","DOI":"10.1007\/978-3-030-58201-2_17"},{"key":"2122_CR28","first-page":"5899","volume-title":"ICASSP 2021\u20132021 IEEE International conference on acoustics","author":"M Xu","year":"2021","unstructured":"Xu M, Li S, Zhang X-L (2021) Transformer-based end-to-end speech recognition with local dense synthesizer attention. ICASSP 2021\u20132021 IEEE International conference on acoustics. Speech and Signal Processing (ICASSP), IEEE, pp 5899\u20135903"},{"key":"2122_CR29","unstructured":"Hinton GE, Srivastava N, Krizhevsky A, Sutskever I, Salakhutdinov RR (2012) Improving neural networks by preventing co-adaptation of feature detectors. arXiv:1207.0580"},{"key":"2122_CR30","first-page":"60","volume-title":"2021 IEEE Intl Conf on Dependable","author":"S Mahdavifar","year":"2021","unstructured":"Mahdavifar S, Maleki N, Lashkari AH, Broda M, Razavi AH (2021) Classifying malicious domains using dns traffic analysis. 2021 IEEE Intl Conf on Dependable. Autonomic and Secure Computing, Intl Conf on Pervasive Intelligence and Computing, Intl Conf on Cloud and Big Data Computing, Intl Conf on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech), IEEE, pp 60\u201367"},{"key":"2122_CR31","doi-asserted-by":"publisher","first-page":"6706","DOI":"10.1609\/aaai.v33i01.33016706","volume":"33","author":"N Li","year":"2019","unstructured":"Li N, Liu S, Liu Y, Zhao S, Liu M (2019) Neural speech synthesis with transformer network. Proceedings of the AAAI conference on artificial intelligence 33:6706\u20136713","journal-title":"Proceedings of the AAAI conference on artificial intelligence"},{"key":"2122_CR32","unstructured":"Woodbridge J, Anderson HS, Ahuja A, Grant D (2016) Predicting domain generation algorithms with long short-term memory networks. arXiv:1611.00791"}],"container-title":["Peer-to-Peer Networking and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-025-02122-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12083-025-02122-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-025-02122-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,13]],"date-time":"2025-12-13T10:37:10Z","timestamp":1765622230000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12083-025-02122-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10]]},"references-count":32,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2025,10]]}},"alternative-id":["2122"],"URL":"https:\/\/doi.org\/10.1007\/s12083-025-02122-5","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-2103771\/v1","asserted-by":"object"}]},"ISSN":["1936-6442","1936-6450"],"issn-type":[{"value":"1936-6442","type":"print"},{"value":"1936-6450","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10]]},"assertion":[{"value":"26 September 2022","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"12 September 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"7 October 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"This work does not contain any studies with human participants or animals performed by any of the authors.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical Approval"}},{"value":"I declare that the authors have no competing interests as defined by Springer, or other interests that might be perceived to influence the results and\/or discussion reported in this paper.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflicts of Interest"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"294"}}