{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,7]],"date-time":"2026-03-07T13:07:03Z","timestamp":1772888823553,"version":"3.50.1"},"reference-count":49,"publisher":"Elsevier BV","issue":"3","license":[{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-017"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-012"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2022,5,1]],"date-time":"2022-05-01T00:00:00Z","timestamp":1651363200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-004"}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information Processing &amp; Management"],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1016\/j.ipm.2022.102930","type":"journal-article","created":{"date-parts":[[2022,3,25]],"date-time":"2022-03-25T13:51:57Z","timestamp":1648216317000},"page":"102930","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":29,"title":["DNS tunnels detection via DNS-images"],"prefix":"10.1016","volume":"59","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7164-5736","authenticated-orcid":false,"given":"Gianni","family":"D\u2019Angelo","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7991-2410","authenticated-orcid":false,"given":"Arcangelo","family":"Castiglione","sequence":"additional","affiliation":[]},{"given":"Francesco","family":"Palmieri","sequence":"additional","affiliation":[]}],"member":"78","reference":[{"issue":"4","key":"10.1016\/j.ipm.2022.102930_b1","doi-asserted-by":"crossref","first-page":"592","DOI":"10.1093\/jigpal\/jzs029","article-title":"Performance assessment and analysis of DNS tunneling tools","volume":"21","author":"Aiello","year":"2013","journal-title":"Logic Journal of the IGPL"},{"key":"10.1016\/j.ipm.2022.102930_b2","series-title":"International joint conference SOCO\u201914-CISIS\u201914-ICEUTE\u201914","first-page":"463","article-title":"Supervised learning approaches with majority voting for DNS tunneling detection","author":"Aiello","year":"2014"},{"issue":"14","key":"10.1016\/j.ipm.2022.102930_b3","doi-asserted-by":"crossref","first-page":"1987","DOI":"10.1002\/dac.2836","article-title":"DNS tunneling detection through statistical fingerprints of protocol messages and machine learning","volume":"28","author":"Aiello","year":"2015","journal-title":"International Journal of Communication Systems"},{"key":"10.1016\/j.ipm.2022.102930_b4","doi-asserted-by":"crossref","first-page":"37","DOI":"10.26636\/jtit.2011.1.1132","article-title":"Tunneling activities detection using machine learning techniques","author":"Allard","year":"2011","journal-title":"Journal of Telecommunications and Information Technology"},{"key":"10.1016\/j.ipm.2022.102930_b5","doi-asserted-by":"crossref","DOI":"10.1155\/2018\/6137098","article-title":"DNS tunneling detection method based on multilabel support vector machine","volume":"2018","author":"Almusawi","year":"2018","journal-title":"Security and Communication Networks"},{"key":"10.1016\/j.ipm.2022.102930_b6","series-title":"Identifying DNS-tunneled traffic with predictive models","author":"Berg","year":"2019"},{"key":"10.1016\/j.ipm.2022.102930_b7","series-title":"Detecting DNS tunnels using character frequency analysis","author":"Born","year":"2010"},{"key":"10.1016\/j.ipm.2022.102930_b8","series-title":"Proceedings of the 11th annual cyber and information security research conference","article-title":"Detection of tunnels in PCAP data by random forests","author":"Buczak","year":"2016"},{"key":"10.1016\/j.ipm.2022.102930_b9","series-title":"pcapng: PCAP next generation file format specification","author":"commit 3c35b6a","year":"2021"},{"key":"10.1016\/j.ipm.2022.102930_b10","series-title":"scikit-learn","author":"Cournapeau","year":"2007"},{"issue":"11","key":"10.1016\/j.ipm.2022.102930_b11","doi-asserted-by":"crossref","first-page":"1680","DOI":"10.1002\/int.22268","article-title":"Discovering genomic patterns in SARS-CoV-2 variants","volume":"35","author":"D\u2019Angelo","year":"2020","journal-title":"International Journal of Intelligent Systems"},{"key":"10.1016\/j.ipm.2022.102930_b12","doi-asserted-by":"crossref","first-page":"633","DOI":"10.1016\/j.future.2019.09.007","article-title":"Knowledge elicitation based on genetic programming for non destructive testing of critical aerospace systems","volume":"102","author":"D\u2019Angelo","year":"2020","journal-title":"Future Generation Computer Systems"},{"key":"10.1016\/j.ipm.2022.102930_b13","doi-asserted-by":"crossref","DOI":"10.1016\/j.jnca.2020.102890","article-title":"Network traffic classification using deep convolutional recurrent autoencoder neural networks for spatial\u2013temporal features extraction","volume":"173","author":"D\u2019Angelo","year":"2021","journal-title":"Journal of Network and Computer Applications"},{"issue":"3","key":"10.1016\/j.ipm.2022.102930_b14","doi-asserted-by":"crossref","first-page":"786","DOI":"10.1080\/09540091.2021.1889977","article-title":"Effective classification of android malware families through dynamic features and neural networks","volume":"33","author":"D\u2019Angelo","year":"2021","journal-title":"Connection Science"},{"key":"10.1016\/j.ipm.2022.102930_b15","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1016\/j.ins.2019.07.067","article-title":"A data-driven approximate dynamic programming approach based on association rule learning: Spacecraft autonomy as a case study","volume":"504","author":"D\u2019Angelo","year":"2019","journal-title":"Information Sciences"},{"key":"10.1016\/j.ipm.2022.102930_b16","series-title":"Smart wheelchairs and brain-computer interfaces","first-page":"1","article-title":"Chapter 1 - Introduction","author":"Diez","year":"2018"},{"key":"10.1016\/j.ipm.2022.102930_b17","series-title":"DNSCAP","author":"DNS-OARC","year":"2021"},{"issue":"1","key":"10.1016\/j.ipm.2022.102930_b18","doi-asserted-by":"crossref","first-page":"81","DOI":"10.1016\/j.comnet.2008.09.010","article-title":"Tunnel hunter: Detecting application-layer tunnels with statistical fingerprinting","volume":"53","author":"Dusi","year":"2009","journal-title":"Computer Networks"},{"key":"10.1016\/j.ipm.2022.102930_b19","series-title":"IFIP international conference on autonomous infrastructure, management and security","first-page":"124","article-title":"Flow-based detection of DNS tunnels","author":"Ellens","year":"2013"},{"key":"10.1016\/j.ipm.2022.102930_b20","series-title":"Deep learning with Keras","author":"Gulli","year":"2017"},{"key":"10.1016\/j.ipm.2022.102930_b21","series-title":"Annual ADFSL conference on digital forensics, security and law","article-title":"Harnessing predictive models for assisting network forensic investigations of DNS tunnels","author":"Homem","year":"2017"},{"key":"10.1016\/j.ipm.2022.102930_b22","series-title":"Entropy-based prediction of network protocols in the forensic analysis of DNS tunnels","author":"Homem","year":"2017"},{"key":"10.1016\/j.ipm.2022.102930_b23","series-title":"IFIP international conference on digital forensics","first-page":"127","article-title":"Information-entropy-based DNS tunnel prediction","author":"Homem","year":"2018"},{"issue":"03","key":"10.1016\/j.ipm.2022.102930_b24","doi-asserted-by":"crossref","first-page":"90","DOI":"10.1109\/MCSE.2007.55","article-title":"Matplotlib: A 2D graphics environment","volume":"9","author":"Hunter","year":"2007","journal-title":"Computing in Science & Engineering"},{"key":"10.1016\/j.ipm.2022.102930_b25","series-title":"Deep learning with Python","first-page":"97","article-title":"Introduction to Keras","author":"Ketkar","year":"2017"},{"key":"10.1016\/j.ipm.2022.102930_b26","doi-asserted-by":"crossref","first-page":"214","DOI":"10.1016\/j.jnca.2016.03.005","article-title":"Network forensics: Review, taxonomy, and open challenges","volume":"66","author":"Khan","year":"2016","journal-title":"Journal of Network and Computer Applications"},{"key":"10.1016\/j.ipm.2022.102930_b27","doi-asserted-by":"crossref","unstructured":"Khodjaeva, Y., & Zincir-Heywood, N. (2021). Network flow entropy for identifying malicious behaviours in DNS tunnels. In The 16th international conference on availability, reliability and security (pp. 1\u20137).","DOI":"10.1145\/3465481.3470089"},{"key":"10.1016\/j.ipm.2022.102930_b28","doi-asserted-by":"crossref","unstructured":"Lai, C., Huang, B., Huang, S., Mao, C., & Lee, H. (2018). Detection of DNS tunneling by feature-free mechanism. In 2018 IEEE conference on dependable and secure computing (pp. 1\u20132).","DOI":"10.1109\/DESEC.2018.8625166"},{"key":"10.1016\/j.ipm.2022.102930_b29","series-title":"2019 IEEE 38th international performance computing and communications conference","first-page":"1","article-title":"A byte-level CNN method to detect DNS tunnels","author":"Liu","year":"2019"},{"key":"10.1016\/j.ipm.2022.102930_b30","series-title":"Deep learning with applications using python","first-page":"31","article-title":"Understanding and working with Keras","author":"Manaswi","year":"2018"},{"issue":"9","key":"10.1016\/j.ipm.2022.102930_b31","first-page":"1","article-title":"pandas: A foundational Python library for data analysis and statistics","volume":"14","author":"McKinney","year":"2011","journal-title":"Python for High Performance and Scientific Computing"},{"key":"10.1016\/j.ipm.2022.102930_b32","doi-asserted-by":"crossref","first-page":"36","DOI":"10.1016\/j.cose.2018.09.006","article-title":"Detection of malicious and low throughput data exfiltration over the DNS protocol","volume":"80","author":"Nadler","year":"2019","journal-title":"Computers & Security"},{"issue":"8","key":"10.1016\/j.ipm.2022.102930_b33","article-title":"Cognitive security paradigm for cloud computing applications","volume":"32","author":"Ogiela","year":"2020","journal-title":"Concurrency Computations: Practice and Experience"},{"key":"10.1016\/j.ipm.2022.102930_b34","series-title":"International conference on broadband and wireless computing, communication and applications","first-page":"193","article-title":"Predictive intelligence approaches for security technologies","author":"Ogiela","year":"2021"},{"key":"10.1016\/j.ipm.2022.102930_b35","series-title":"2016 10th international conference on innovative mobile and internet services in ubiquitous computing","first-page":"198","article-title":"Efficiency of strategic data sharing and management protocols","author":"Ogiela","year":"2016"},{"key":"10.1016\/j.ipm.2022.102930_b36","series-title":"A guide to NumPy: Vol. 1","author":"Oliphant","year":"2006"},{"key":"10.1016\/j.ipm.2022.102930_b37","series-title":"DNS tunneling: A deep learning based lexicographical detection approach","author":"Palau","year":"2020"},{"issue":"22","key":"10.1016\/j.ipm.2022.102930_b38","first-page":"12762","article-title":"Comparative analysis for detecting DNS tunneling using machine learning techniques","volume":"12","author":"Sammour","year":"2017","journal-title":"International Journal of Applied Engineering Research"},{"issue":"4","key":"10.1016\/j.ipm.2022.102930_b39","doi-asserted-by":"crossref","first-page":"2429","DOI":"10.1109\/COMST.2021.3105741","article-title":"Thirty years of DNS insecurity: Current issues and perspectives","volume":"23","author":"Schmid","year":"2021","journal-title":"IEEE Communications Surveys & Tutorials"},{"key":"10.1016\/j.ipm.2022.102930_b40","series-title":"Network and system security","first-page":"112","article-title":"Detecting DNS tunneling using ensemble learning","author":"Shafieian","year":"2017"},{"key":"10.1016\/j.ipm.2022.102930_b41","article-title":"Packet analysis for network forensics: A comprehensive survey","volume":"32","author":"Sikos","year":"2020","journal-title":"Forensic Science International: Digital Investigation"},{"key":"10.1016\/j.ipm.2022.102930_b42","series-title":"PCAP","author":"The Tcpdump\u00a0Group","year":"2021"},{"issue":"4","key":"10.1016\/j.ipm.2022.102930_b43","doi-asserted-by":"crossref","first-page":"3389","DOI":"10.1109\/COMST.2018.2849614","article-title":"Detecting internet abuse by analyzing passive DNS traffic: A survey of implemented systems","volume":"20","author":"Torabi","year":"2018","journal-title":"IEEE Communications Surveys & Tutorials"},{"issue":"3","key":"10.1016\/j.ipm.2022.102930_b44","doi-asserted-by":"crossref","first-page":"261","DOI":"10.1038\/s41592-019-0686-2","article-title":"SciPy 1.0: Fundamental algorithms for scientific computing in Python","volume":"17","author":"Virtanen","year":"2020","journal-title":"Nature Methods"},{"key":"10.1016\/j.ipm.2022.102930_b45","doi-asserted-by":"crossref","DOI":"10.1016\/j.comnet.2021.108322","article-title":"A comprehensive survey on DNS tunnel detection","volume":"197","author":"Wang","year":"2021","journal-title":"Computer Networks"},{"key":"10.1016\/j.ipm.2022.102930_b46","series-title":"DSC","author":"Wessels","year":"2021"},{"issue":"3","key":"10.1016\/j.ipm.2022.102930_b47","doi-asserted-by":"crossref","first-page":"143","DOI":"10.1109\/TDSC.2013.10","article-title":"DNS for massive-scale command and control","volume":"10","author":"Xu","year":"2013","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"10.1016\/j.ipm.2022.102930_b48","first-page":"284","article-title":"Behavior analysis based DNS tunneling detection and classification with big data technologies","volume":"Vol. 1","author":"Yu","year":"2016"},{"key":"10.1016\/j.ipm.2022.102930_b49","series-title":"International conference on network and system security","first-page":"520","article-title":"A DNS tunneling detection method based on deep learning models to prevent data exfiltration","author":"Zhang","year":"2019"}],"container-title":["Information Processing &amp; Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0306457322000528?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0306457322000528?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,10,5]],"date-time":"2025-10-05T18:21:10Z","timestamp":1759688470000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0306457322000528"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5]]},"references-count":49,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,5]]}},"alternative-id":["S0306457322000528"],"URL":"https:\/\/doi.org\/10.1016\/j.ipm.2022.102930","relation":{},"ISSN":["0306-4573"],"issn-type":[{"value":"0306-4573","type":"print"}],"subject":[],"published":{"date-parts":[[2022,5]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"DNS tunnels detection via DNS-images","name":"articletitle","label":"Article Title"},{"value":"Information Processing & Management","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.ipm.2022.102930","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2022 Elsevier Ltd. All rights reserved.","name":"copyright","label":"Copyright"}],"article-number":"102930"}}