{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,21]],"date-time":"2026-06-21T05:49:06Z","timestamp":1782020946673,"version":"3.54.5"},"reference-count":81,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/legalcode"}],"funder":[{"DOI":"10.13039\/100009532","name":"Ministry of Interior of the Czech Republic","doi-asserted-by":"publisher","award":["VJ02010024"],"award-info":[{"award-number":["VJ02010024"]}],"id":[{"id":"10.13039\/100009532","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100007655","name":"Grant Agency of the Czech Technical University in Prague (CTU) through Ministry of Education Youth and Sports (MEYS) of the Czech Republic","doi-asserted-by":"publisher","award":["SGS20\/210\/OHK3\/3T\/18"],"award-info":[{"award-number":["SGS20\/210\/OHK3\/3T\/18"]}],"id":[{"id":"10.13039\/100007655","id-type":"DOI","asserted-by":"publisher"}]},{"name":"European Union\u2019s Horizon 2020 Research and Innovation Program","award":["833418"],"award-info":[{"award-number":["833418"]}]},{"name":"Avast Software s.r.o"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2022]]},"DOI":"10.1109\/access.2022.3175497","type":"journal-article","created":{"date-parts":[[2022,5,16]],"date-time":"2022-05-16T20:23:08Z","timestamp":1652732588000},"page":"54668-54680","source":"Crossref","is-referenced-by-count":44,"title":["Summary of DNS Over HTTPS Abuse"],"prefix":"10.1109","volume":"10","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8281-618X","authenticated-orcid":false,"given":"Karel","family":"Hynek","sequence":"first","affiliation":[{"name":"Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6287-9039","authenticated-orcid":false,"given":"Dmitrii","family":"Vekshin","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0879-0054","authenticated-orcid":false,"given":"Jan","family":"Luxemburk","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7794-9511","authenticated-orcid":false,"given":"Tomas","family":"Cejka","sequence":"additional","affiliation":[{"name":"Faculty of Information Technology, Czech Technical University in Prague (CTU), Prague, Czech Republic"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2052-1343","authenticated-orcid":false,"given":"Armin","family":"Wasicek","sequence":"additional","affiliation":[{"name":"Avast Software s.r.o, Prague, Czech Republic"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8484"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.17487\/rfc1035"},{"key":"ref3","article-title":"Covert channels and poor decisions: The tale of dnsmessenger","author":"Brumaghin","year":"2017","journal-title":"Talos Intell. Group Comprehensive Threat Intell."},{"key":"ref4","volume-title":"Here\u2019s How to Enable DoH in Each Browser, ISPs be Damned","author":"Cimpanu","year":"2020"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8427"},{"key":"ref6","article-title":"Large scale measurement on the adoption of encrypted DNS","author":"Garc\u00eda","year":"2021","journal-title":"arXiv:2107.04436"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/IEMCON51383.2020.9284864"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3427563"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-54328-4_13"},{"key":"ref10","volume-title":"Firefox Nightly Secure DNS Experimental Results \u2014 Firefox Nightly News","author":"McManus","year":"2018"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355575"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-72582-2_26"},{"key":"ref13","article-title":"Measurement and characterization of DNS over HTTPS traffic","author":"Jerabek","year":"2022","journal-title":"arXiv:2204.03975"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3487552.3487849"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/3366423.3380139"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-70572-5_18"},{"key":"ref17","volume-title":"Windows Insiders Can Now Test DNS Over HTTPS","author":"Jensen","year":"2020"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/3359989.3365435"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9076"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/2665943.2665959"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7830"},{"key":"ref22","article-title":"Encrypted DNS $\\Rightarrow$\n privacy? A traffic analysis perspective","author":"Siby","year":"2020","journal-title":"arXiv:1906.09682"},{"key":"ref23","article-title":"Padding Ain\u2019t enough: Assessing the privacy guarantees of encrypted DNS","author":"Bushart","year":"2019","journal-title":"arXiv:1907.01317"},{"key":"ref24","first-page":"1","article-title":"A comprehensive study of DNS-over-HTTPS downgrade attack","volume-title":"Proc. 10th USENIX Workshop Free Open Commun. Internet (FOCI)","author":"Huang"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.17487\/RFC8310"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2021-0085"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.17487\/RFC9230"},{"key":"ref28","article-title":"DNS over HTTPS (DoH) considerations for operator networks","author":"Fidler","year":"2019"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1109\/ICICT50521.2020.00085"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-75354-2_24"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3409192"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.12691\/jcsa-8-2-2"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1109\/3ICT51146.2020.9312004"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom53373.2021.00113"},{"key":"ref36","first-page":"1903","article-title":"Generalized classification of DNS over HTTPS traffic with deep learning","volume-title":"Proc. Asia\u2013Pacific Signal Inf. Process. Assoc. Annu. Summit Conf. (APSIPA ASC)","author":"Casanova"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP51992.2021.00026"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/3473604.3474563"},{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/ISPA-BDCloud-SocialCom-SustainCom52081.2021.00056"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3113294"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI50451.2021.9660136"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2022.3183390"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2022.108919"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.16"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.10"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/NTMS.2014.6814008"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-38998-6_16"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2013.05.109"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/CAMAD.2014.7033254"},{"key":"ref50","first-page":"267","article-title":"Detection of DNS based covert channels","volume-title":"Proc. Eur. Conf. Cyber Warfare Secur.","author":"Sheridan"},{"key":"ref51","article-title":"A deep learning approach to detecting covert channels in the domain name system","author":"Pe\u00f1a","year":"2020"},{"key":"ref52","volume-title":"Cisco 2016 Annual Cybersecurity Report","year":"2020"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2016.76"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2008.4690854"},{"key":"ref55","volume-title":"An Analysis of Godlua Backdoor","author":"Alex","year":"2019"},{"key":"ref56","volume-title":"DNS Amplification Attacks","author":"Vaughn","year":"2006"},{"key":"ref57","volume-title":"PsiXBot Now Using Google DNS Over HTTPS and Possible New Sexploitation Module: Proofpoint US","year":"2020"},{"key":"ref58","volume-title":"FluBot Malware\u2013All You Need to Know &; to Act Now","author":"Winter","year":"2021"},{"key":"ref59","volume-title":"Hiding in Plain Sight || Part 2","author":"Hammond","year":"2020"},{"key":"ref60","volume-title":"Pink, a Botnet That Competed With the Vendor to Control the Massive Infected Devices","year":"2021"},{"key":"ref61","volume-title":"Illicit Cryptomining Threat actor Rocke Changes Tactics, Now More Difficult to Detect","author":"Threat","year":"2020"},{"key":"ref62","volume-title":"Waiting for Godoh","author":"Leon","year":"2020"},{"key":"ref63","volume-title":"Spiderlabs\/DoHC2","year":"2020"},{"key":"ref64","volume-title":"Arno0x\/Dnsexfiltrator","year":"2020"},{"key":"ref65","volume-title":"In & Out\u2014The Network Data Exfiltration Techniques Training","year":"2020"},{"key":"ref66","volume-title":"Downloading Executables Over DNS: Capture Files","author":"Stevens","year":"2020"},{"key":"ref67","doi-asserted-by":"publisher","DOI":"10.1080\/23738871.2020.1722191"},{"key":"ref68","volume-title":"Sensepost\/Godoh","year":"2020"},{"key":"ref69","volume-title":"Dnstt \u2014 DoH- and DoT-capable DNS tunnel","author":"Fifield","year":"2020"},{"key":"ref70","volume-title":"Iranian Hacker Group Becomes First Known APT to Weaponize DNS-Over-HTTPS (DoH)","author":"Cimpanu","year":"2020"},{"key":"ref71","volume-title":"Yarrick\/Iodine","author":"Ekman"},{"key":"ref72","volume-title":"DNScat","author":"Pietraszek","year":"2020"},{"key":"ref73","volume-title":"Dec. 2020. Lnussbaum\/Tuns","author":"Nussbaum"},{"key":"ref74","article-title":"Performance of iodine over DNS-over-HTTPS","author":"Neef","year":"2019"},{"key":"ref75","doi-asserted-by":"publisher","DOI":"10.17487\/rfc9505"},{"key":"ref76","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/7617.001.0001"},{"key":"ref77","article-title":"TechNation: Pitango launches seventh venture fund with projected $175 million","author":"Rubin","year":"2016"},{"key":"ref78","doi-asserted-by":"publisher","DOI":"10.1145\/2317307.2317311"},{"issue":"2","key":"ref79","first-page":"122","article-title":"Gambling in Russia: Policies, markets, and research","volume":"9","author":"Marionneau","year":"2020","journal-title":"Int. J. Russian Stud."},{"key":"ref80","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2015-0009"},{"key":"ref81","article-title":"Domain fronting: Making backdoor access look like Google requests","author":"Johnson","year":"2018"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9668973\/09775718.pdf?arnumber=9775718","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,22]],"date-time":"2024-01-22T22:20:29Z","timestamp":1705962029000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9775718\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"references-count":81,"URL":"https:\/\/doi.org\/10.1109\/access.2022.3175497","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022]]}}}