{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T06:43:12Z","timestamp":1750488192351,"version":"3.37.3"},"reference-count":43,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836104","61702235"],"award-info":[{"award-number":["U1836104","61702235"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100012226","name":"Fundamental Research Funds for the Central Universities","doi-asserted-by":"publisher","award":["30918012204"],"award-info":[{"award-number":["30918012204"]}],"id":[{"id":"10.13039\/501100012226","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3085500","type":"journal-article","created":{"date-parts":[[2021,6,3]],"date-time":"2021-06-03T03:43:25Z","timestamp":1622691805000},"page":"80639-80653","source":"Crossref","is-referenced-by-count":8,"title":["Application Behavior Identification in DNS Tunnels Based on Spatial-Temporal Information"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8985-6977","authenticated-orcid":false,"given":"Huiwen","family":"Bai","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7353-9136","authenticated-orcid":false,"given":"Weiwei","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4729-7406","authenticated-orcid":false,"given":"Guangjie","family":"Liu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1522-9257","authenticated-orcid":false,"given":"Yuewei","family":"Dai","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3569-7891","authenticated-orcid":false,"given":"Shuhua","family":"Huang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1016\/S0004-3702(03)00079-1"},{"key":"ref38","first-page":"889","article-title":"Average-case analysis of a nearest neighbor algorithm","volume":"93","author":"langley","year":"1993","journal-title":"Proc IJCAI"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2018.2804394"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2019.2901994"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/ICC.2008.334"},{"key":"ref30","first-page":"785","article-title":"A statistical framework for identification of tunnelled applications using machine learning","volume":"12","author":"mujtaba","year":"2015","journal-title":"Int Arab J Inf Technol"},{"key":"ref37","first-page":"48","article-title":"Curse of dimensionality","volume":"29","author":"keogh","year":"2009","journal-title":"Ind Eng Chem"},{"journal-title":"Network Security With NetFlow and IPFIX Big Data Analytics for Information Security","year":"2015","author":"santos","key":"ref36"},{"key":"ref35","first-page":"45","article-title":"Detecting DNS tunnels using session behavior and random forest method","author":"yang","year":"2020","journal-title":"Proc IEEE 5th Int Conf Data Sci Cyberspace (DSC)"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/TNSE.2020.3009832"},{"key":"ref10","article-title":"Detecting DNS tunnels using character frequency analysis","author":"born","year":"2010","journal-title":"arXiv 1004 4358"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1145\/3136625"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852718"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2013.05.109"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.10"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/HST47167.2019.9032913"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.00-71"},{"key":"ref16","first-page":"649","article-title":"Real-time detection of DNS exfiltration and tunneling from enterprise networks","author":"ahmed","year":"2019","journal-title":"Proc IFIP\/IEEE Symp Integr Netw Service Manage (IM)"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/DESEC.2018.8625166"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/IPCCC47392.2019.8958714"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36938-5_32"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71617-4_17"},{"journal-title":"Multigrain-point of sale attackers make an unhealthy addition to the pantry","year":"2019","author":"lynch","key":"ref4"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ISCC50000.2020.9219547"},{"journal-title":"The Six Most Dangerous New Attack Techniques and What&#x2019;s Coming Next","year":"2012","author":"skoudis","key":"ref3"},{"key":"ref6","first-page":"1","article-title":"Harnessing predictive models for assisting network forensic investigations of DNS tunnels","author":"homem","year":"2017","journal-title":"Proc InADFSL Conf Digit Forensics Secur Law"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2010.12.002"},{"key":"ref5","article-title":"Entropy-based prediction of network protocols in the forensic analysis of DNS tunnels","author":"homem","year":"2017","journal-title":"arXiv 1709 06363"},{"journal-title":"The Role of DNS in Botnet Command & Control","first-page":"1","year":"2011","key":"ref8"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1155\/2018\/6137098"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.16"},{"key":"ref9","first-page":"1","article-title":"Game changer: Identifying and defending against data exfiltration attempts","author":"valenzuela","year":"2015","journal-title":"SANS Cyber Defense Summit"},{"key":"ref1","article-title":"Combating malicious DNS tunnel","author":"wang","year":"2016","journal-title":"arXiv 1605 01401"},{"key":"ref20","first-page":"1419","article-title":"Exploring tunneling behaviours in malicious domains with self-organizing maps","author":"campbell","year":"2020","journal-title":"Proc IEEE Symp Ser Comput Intell (SSCI)"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1002\/dac.2836"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38998-6_16"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"1083","DOI":"10.1109\/TNNLS.2013.2287275","article-title":"Global and local structure preservation for feature selection","volume":"25","author":"liu","year":"2014","journal-title":"IEEE Trans Neural Netw Learn Syst"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2897795.2897804"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/s13748-015-0080-y"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.256"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/ICC40277.2020.9149162"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2016.01.006"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09445115.pdf?arnumber=9445115","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:56:23Z","timestamp":1639770983000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9445115\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":43,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3085500","relation":{},"ISSN":["2169-3536"],"issn-type":[{"type":"electronic","value":"2169-3536"}],"subject":[],"published":{"date-parts":[[2021]]}}}