{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,10]],"date-time":"2026-04-10T16:05:53Z","timestamp":1775837153850,"version":"3.50.1"},"reference-count":26,"publisher":"Springer Science and Business Media LLC","issue":"3-4","license":[{"start":{"date-parts":[[2024,3,22]],"date-time":"2024-03-22T00:00:00Z","timestamp":1711065600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,3,22]],"date-time":"2024-03-22T00:00:00Z","timestamp":1711065600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Ann. Telecommun."],"published-print":{"date-parts":[[2025,4]]},"DOI":"10.1007\/s12243-024-01025-5","type":"journal-article","created":{"date-parts":[[2024,3,22]],"date-time":"2024-03-22T06:42:16Z","timestamp":1711089736000},"page":"227-249","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels"],"prefix":"10.1007","volume":"80","author":[{"ORCID":"https:\/\/orcid.org\/0009-0002-4263-2850","authenticated-orcid":false,"given":"Thi Quynh","family":"Nguyen","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Romain","family":"Laborde","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Abdelmalek","family":"Benzekri","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arnaud","family":"Oglaza","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mehdi","family":"Mounsif","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,3,22]]},"reference":[{"key":"1025_CR1","doi-asserted-by":"publisher","unstructured":"Nguyen TQ, Laborde R, Benzekri A, Qu\u2019hen B (2020) Detecting abnormal DNS traffic using unsupervised machine learning. In: 2020 4th Cyber Security in Networking Conference (CSNet), pp 1\u20138. https:\/\/doi.org\/10.1109\/CSNet50428.2020.9265466","DOI":"10.1109\/CSNet50428.2020.9265466"},{"key":"1025_CR2","doi-asserted-by":"publisher","unstructured":"Nguyen TQ, Laborde R, Benzekri A et al (2022) AutoRoC-DBSCAN: automatic tuning of DBSCAN to detect malicious DNS tunnels. In: Chen J, He D, Lu R (eds) Emerging information security and applications. Springer Nature, Switzerland, Cham, pp 126\u2013144. https:\/\/doi.org\/10.1007\/978-3-031-23098-1_8","DOI":"10.1007\/978-3-031-23098-1_8"},{"key":"1025_CR3","doi-asserted-by":"publisher","unstructured":"Habibi Lashkari A, Seo A, Gil G, Ghorbani A (2017) CIC-AB: online ad blocker for browsers, pp 1\u20137. https:\/\/doi.org\/10.1109\/CCST.2017.8167846","DOI":"10.1109\/CCST.2017.8167846"},{"key":"1025_CR4","unstructured":"DBSCAN clustering algorithm in machine learning. In: KDnuggets. https:\/\/www.kdnuggets.com\/dbscan-clustering-algorithm-in-machine-learning.html\/. Accessed 1 Jul 2020"},{"key":"1025_CR5","doi-asserted-by":"publisher","unstructured":"Cunningham P, Delany S (2007) k-Nearest neighbour classifiers. Mult Classif Syst 54. https:\/\/doi.org\/10.1145\/3459665","DOI":"10.1145\/3459665"},{"key":"1025_CR6","unstructured":"scipy.signal.find_peaks \u2014 SciPy v1.8.0 Manual. https:\/\/docs.scipy.org\/doc\/scipy-1.8.0\/html-scipyorg\/reference\/generated\/scipy.signal.find_peaks.html#scipy.signal.find_peaks. Accessed 8 Feb 2022"},{"key":"1025_CR7","unstructured":"DoHBrw 2020 | Datasets | Research | Canadian Institute for Cybersecurity | UNB. https:\/\/www.unb.ca\/cic\/datasets\/dohbrw-2020.html. Accessed 16 Sep 2021"},{"key":"1025_CR8","unstructured":"Applications | Research | Canadian Institute for Cybersecurity | UNB. https:\/\/www.unb.ca\/cic\/research\/applications.html. Accessed 24 Aug 2021"},{"key":"1025_CR9","doi-asserted-by":"publisher","unstructured":"Liu FT, Ting K, Zhou Z-H (2009) Isolation forest, pp 413\u2013422 https:\/\/doi.org\/10.1109\/ICDM.2008.17","DOI":"10.1109\/ICDM.2008.17"},{"key":"1025_CR10","unstructured":"Sch\u00f6lkopf B, Williamson R, Smola A et al (1999) Support vector method for novelty detection, pp 582\u2013588"},{"key":"1025_CR11","unstructured":"Breunig MM, Kriegel H-P, Ng RT, Sander J. LOF Identifying density-based local outliers, p 12"},{"key":"1025_CR12","doi-asserted-by":"publisher","first-page":"209","DOI":"10.2478\/jaiscr-2020-0014","volume":"10","author":"A Starczewski","year":"2020","unstructured":"Starczewski A, Goetzen P, Er MJ (2020) A new method for automatic determining of the DBSCAN parameters. J Artif Intell Soft Comput Res 10:209\u2013221. https:\/\/doi.org\/10.2478\/jaiscr-2020-0014","journal-title":"J Artif Intell Soft Comput Res"},{"key":"1025_CR13","unstructured":"Falahiazar Z, Bagheri A, Reshadi M (2021) Determining the parameters of DBSCAN automatically using the multi-objective genetic algorithm. J Inf Sci Eng"},{"key":"1025_CR14","doi-asserted-by":"publisher","first-page":"1","DOI":"10.5120\/15890-5059","volume":"91","author":"A Karami","year":"2014","unstructured":"Karami A, Johansson R (2014) Choosing DBSCAN parameters automatically using differential evolution. Int J Comput Appl 91:1\u201311. https:\/\/doi.org\/10.5120\/15890-5059","journal-title":"Int J Comput Appl"},{"key":"1025_CR15","unstructured":"Miglani J, Thorpe C (2021) Employing machine learning paradigms for detecting DNS tunnelling"},{"key":"1025_CR16","unstructured":"Palau F, Catania C, Guerra J, et al (2020) DNS tunneling: a deep learning based lexicographical detection approach. ArXiv200606122 Cs"},{"key":"1025_CR17","doi-asserted-by":"publisher","unstructured":"MontazeriShatoori M, Davidson L, Kaur G, Lashkari AH (2020) Detection of DoH tunnels using time-series classification of encrypted traffic. In: 2020 IEEE International Conference on Dependable, Autonomic and Secure Computing, International Conference on Pervasive Intelligence and Computing, International Conference on Cloud and Big Data Computing, International Conference on Cyber Science and Technology Congress (DASC\/PiCom\/CBDCom\/CyberSciTech), pp 63\u201370. https:\/\/doi.org\/10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"key":"1025_CR18","doi-asserted-by":"publisher","first-page":"46","DOI":"10.12691\/jcsa-8-2-2","volume":"8","author":"Y Banadaki","year":"2020","unstructured":"Banadaki Y, Robert S (2020) Detecting malicious DNS over HTTPS traffic in domain name system using machine learning classifiers. J Comput Sci Appl 8:46\u201355. https:\/\/doi.org\/10.12691\/jcsa-8-2-2","journal-title":"J Comput Sci Appl"},{"key":"1025_CR19","doi-asserted-by":"publisher","unstructured":"Singh SK, Roy PK (2020) Detecting malicious DNS over HTTPS traffic using machine learning. In: 2020 international conference on innovation and intelligence for informatics, computing and technologies (3ICT), pp 1\u20136. https:\/\/doi.org\/10.1109\/3ICT51146.2020.9312004","DOI":"10.1109\/3ICT51146.2020.9312004"},{"key":"1025_CR20","doi-asserted-by":"publisher","first-page":"441","DOI":"10.1007\/978-3-030-24907-6_33","volume-title":"Security, privacy, and anonymity in computation, communication, and storage","author":"H Lin","year":"2019","unstructured":"Lin H, Liu G, Yan Z (2019) Detection of application-layer tunnels with rules and machine learning. In: Wang G, Feng J, Bhuiyan MZA, Lu R (eds) Security, privacy, and anonymity in computation, communication, and storage. Springer International Publishing, Cham, pp 441\u2013455"},{"key":"1025_CR21","unstructured":"Berg A, Forsberg D (2019) Identifying DNS-tunneled traffic with predictive models. ArXiv190611246 Cs"},{"key":"1025_CR22","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1155\/2018\/6137098","volume":"2018","author":"A Almusawi","year":"2018","unstructured":"Almusawi A, Amintoosi H (2018) DNS tunneling detection method based on multilabel support vector machine. Secur Commun Netw 2018:1\u20139. https:\/\/doi.org\/10.1155\/2018\/6137098","journal-title":"Secur Commun Netw"},{"key":"1025_CR23","unstructured":"Homem I, Papapetrou P (2017) Harnessing predictive models for assisting network forensic investigations of DNS tunnels. 12"},{"key":"1025_CR24","doi-asserted-by":"publisher","unstructured":"Do VT, Engelstad P, Feng B, van Do T (2017) Detection of DNS tunneling in mobile networks using machine learning. In: Kim K, Joukov N (eds) Information science and applications 2017. Springer Singapore, Singapore, pp 221\u2013230. https:\/\/doi.org\/10.1007\/978-981-10-4154-9_26","DOI":"10.1007\/978-981-10-4154-9_26"},{"key":"1025_CR25","doi-asserted-by":"publisher","unstructured":"Buczak AL, Hanke PA, Cancro GJ et al (2016) Detection of tunnels in PCAP data by random forests. In: Proceedings of the 11th annual cyber and information security research conference. ACM, Oak Ridge, pp 1\u20134. https:\/\/doi.org\/10.1145\/2897795.2897804","DOI":"10.1145\/2897795.2897804"},{"key":"1025_CR26","doi-asserted-by":"publisher","first-page":"1987","DOI":"10.1002\/dac.2836","volume":"28","author":"M Aiello","year":"2015","unstructured":"Aiello M, Mongelli M, Papaleo G (2015) DNS tunneling detection through statistical fingerprints of protocol messages and machine learning: DNS tunneling detection. Int J Commun Syst 28:1987\u20132002. https:\/\/doi.org\/10.1002\/dac.2836","journal-title":"Int J Commun Syst"}],"container-title":["Annals of Telecommunications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01025-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12243-024-01025-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12243-024-01025-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,11]],"date-time":"2025-03-11T06:59:03Z","timestamp":1741676343000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12243-024-01025-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,3,22]]},"references-count":26,"journal-issue":{"issue":"3-4","published-print":{"date-parts":[[2025,4]]}},"alternative-id":["1025"],"URL":"https:\/\/doi.org\/10.1007\/s12243-024-01025-5","relation":{},"ISSN":["0003-4347","1958-9395"],"issn-type":[{"value":"0003-4347","type":"print"},{"value":"1958-9395","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,3,22]]},"assertion":[{"value":"2 May 2023","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"11 March 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"22 March 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}}]}}