{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,10,29]],"date-time":"2024-10-29T14:21:24Z","timestamp":1730211684047,"version":"3.28.0"},"reference-count":35,"publisher":"IEEE","license":[{"start":{"date-parts":[[2024,9,2]],"date-time":"2024-09-02T00:00:00Z","timestamp":1725235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,9,2]],"date-time":"2024-09-02T00:00:00Z","timestamp":1725235200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024,9,2]]},"DOI":"10.1109\/csr61664.2024.10679388","type":"proceedings-article","created":{"date-parts":[[2024,9,24]],"date-time":"2024-09-24T17:21:51Z","timestamp":1727198511000},"page":"303-308","source":"Crossref","is-referenced-by-count":0,"title":["A Time-Series and Density-Based Filter for DNS Log Reduction and Analysis"],"prefix":"10.1109","author":[{"given":"Taylor","family":"Perkins","sequence":"first","affiliation":[{"name":"Cyber and Strategic Risk Deloitte,Canada"}]},{"given":"Brian","family":"Lachine","sequence":"additional","affiliation":[{"name":"Royal Military College of Canada,Department of Electrical and Computer Engineering,Canada"}]}],"member":"263","reference":[{"issue":"1","key":"ref1","first-page":"34","article-title":"A survey of domain name system vulnerabilities and attacks","volume-title":"Journal of Surveillance, Security and Safety","volume":"1","author":"Kim","year":"2020"},{"key":"ref2","first-page":"226","article-title":"A density-based al-gorithm for discovering clusters in large spatial databases with noise","volume-title":"Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, ser. KDD96","author":"Ester"},{"issue":"6","key":"ref3","first-page":"1865","article-title":"DNS exfiltration detection in the presence of adversarial attacks and modified exfiltrator behaviour","volume-title":"International Journal of Information Security","volume":"22","author":"Ziza","year":"2023"},{"key":"ref4","doi-asserted-by":"crossref","DOI":"10.17487\/rfc1034","article-title":"Domain names - concepts and facilities","volume-title":"RFC 1034","author":"Mockapetris","year":"1987"},{"key":"ref5","doi-asserted-by":"crossref","DOI":"10.17487\/rfc1035","article-title":"Domain names - implementation and specification","volume-title":"RFC 1035","author":"Mockapetri","year":"1987"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/eCrime47957.2019.9037595"},{"volume-title":"Understanding dns tunneling traffic in the wild","author":"Duan","key":"ref7"},{"issue":"5","key":"ref8","doi-asserted-by":"crossref","first-page":"2760","DOI":"10.3390\/s23052760","article-title":"DNS Tunnelling, Exfiltration and Detection over Cloud Environments","volume":"23","author":"Salat","year":"2023","journal-title":"Sensors"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/ICSIP55141.2022.9886602"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM55135.2022.10017626"},{"key":"ref11","first-page":"295","article-title":"Rough Logs: A Data Reduction Approach for Log Files","volume-title":"SCITEPRESS","volume":"3","author":"Meinig","year":"2019"},{"volume-title":"Introducing logslash and the end of traditional logging","year":"2023","key":"ref12"},{"volume-title":"Logslash","year":"2023","author":"Althouse","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-67380-6_26"},{"key":"ref15","first-page":"108322","article-title":"A comprehensive survey on DNS tunnel detection","volume-title":"Computer Networks","volume":"197","author":"Wang","year":"2021"},{"issue":"3.20","key":"ref16","first-page":"1","article-title":"DNS Tunneling: a Review on Features","volume-title":"International Journal of Engineering & Technology","volume":"7","author":"Sammour","year":"2018"},{"key":"ref17","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1109\/ISCC50000.2020.9219547","article-title":"Towards Comprehensive Detection of DNS Tunnels","volume-title":"2020 IEEE Symposium on Computers and Communications (ISCC)","author":"Luo","year":"2020"},{"key":"ref18","first-page":"469","article-title":"Detecting credential spearphishing in enterprise settings","volume-title":"26th USENIX Security Symposium (USENIX Security 17)","author":"Ho"},{"key":"ref19","first-page":"36","article-title":"Detection of malicious and low throughput data exfiltration over the DNS protocol","volume-title":"Computers & Security","volume":"80","author":"Nadler","year":"2019"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/j.jksuci.2022.03.001"},{"issue":"1","key":"ref21","first-page":"5","volume":"45","author":"Breiman","journal-title":"Random forests"},{"key":"ref22","first-page":"785","article-title":"XGBoost: A scalable tree boosting system","volume-title":"Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, ser. KDD 16","author":"Chen"},{"key":"ref23","first-page":"479","article-title":"BAYWATCH: Robust Beaconing Detection to Identify Infected Hosts in Large-Scale Enterprise Networks","volume-title":"2016 46th Annual IEEEIIFIP International Conference on Dependable Systems and Networks (DSN)","author":"Hu","year":"2016"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/3231053.3231082"},{"issue":"6","key":"ref25","doi-asserted-by":"crossref","first-page":"1467","DOI":"10.3390\/electronics12061467","article-title":"Real-Time Detection System for Data Exfiltration over DNS Tunneling Using Machine Learning","volume":"12","author":"Abualghanam","year":"2023","journal-title":"Electronics"},{"key":"ref26","doi-asserted-by":"crossref","first-page":"29","DOI":"10.1109\/ICCS56273.2022.9987983","article-title":"APT Attack Detection Method Based on Traffic Log Features","volume-title":"2022 IEEE 2nd International Conference on Computer Systems (ICCS)","author":"Huang","year":"2022"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/NFV-SDN.2018.8725640"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36938-5_32"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-62223-7_12"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102095"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2021.3078428"},{"volume-title":"Dns exfiltration dataset","author":"Ziza","key":"ref32"},{"volume-title":"Cloudfare radar domain rankings","year":"2024","author":"Cloudflare","key":"ref33"},{"article-title":"Faster dbscan via subsampled similarity queries","volume-title":"Proceedings of the 34th International Conference on Neural Information Processing Systems, ser. NIPS 20","author":"Jiang","key":"ref34"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.22214\/ijraset.2022.43067"}],"event":{"name":"2024 IEEE International Conference on Cyber Security and Resilience (CSR)","start":{"date-parts":[[2024,9,2]]},"location":"London, United Kingdom","end":{"date-parts":[[2024,9,4]]}},"container-title":["2024 IEEE International Conference on Cyber Security and Resilience (CSR)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx8\/10679369\/10679342\/10679388.pdf?arnumber=10679388","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,25]],"date-time":"2024-09-25T04:57:47Z","timestamp":1727240267000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10679388\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,9,2]]},"references-count":35,"URL":"https:\/\/doi.org\/10.1109\/csr61664.2024.10679388","relation":{},"subject":[],"published":{"date-parts":[[2024,9,2]]}}}