{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T21:28:44Z","timestamp":1764797324563,"version":"3.28.0"},"reference-count":31,"publisher":"IEEE","license":[{"start":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T00:00:00Z","timestamp":1626566400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,7,18]],"date-time":"2021-07-18T00:00:00Z","timestamp":1626566400000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,7,18]]},"DOI":"10.1109\/ijcnn52387.2021.9534276","type":"proceedings-article","created":{"date-parts":[[2021,9,22]],"date-time":"2021-09-22T20:32:37Z","timestamp":1632342757000},"page":"1-7","source":"Crossref","is-referenced-by-count":8,"title":["Identifying DNS Exfiltration based on Lexical Attributes of Query Name"],"prefix":"10.1109","author":[{"given":"Iram","family":"Jawad","sequence":"first","affiliation":[{"name":"Deakin University,School of Information Technology,Geelong,Australia"}]},{"given":"Jawad","family":"Ahmed","sequence":"additional","affiliation":[{"name":"University of New South Wales,School of Electrical Engineering and Telecommunications,Sydney,Australia"}]},{"given":"Imran","family":"Razzak","sequence":"additional","affiliation":[{"name":"Deakin University,School of Information Technology,Geelong,Australia"}]},{"given":"Robin","family":"Doss","sequence":"additional","affiliation":[{"name":"Deakin University,School of Information Technology,Geelong,Australia"}]}],"member":"263","reference":[{"journal-title":"Detecting DNS Data Exfiltration","year":"0","author":"lee","key":"ref31"},{"journal-title":"DNS EXfiltration Dataset","year":"0","key":"ref30"},{"key":"ref10","first-page":"1","article-title":"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis","author":"bilge","year":"2011","journal-title":"Proc USENIX Network and Distributed System Security Symposium (NDSS)"},{"key":"ref11","first-page":"18","article-title":"Building a Dynamic Reputation System for DNS","author":"antonakakis","year":"2010","journal-title":"Proc Usenix Security Symposium"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068842"},{"key":"ref13","first-page":"265","article-title":"Monitoring Enterprise DNS Queries for Detecting Data Exfiltration from Internal Hosts","volume":"17","author":"ahmed","year":"2019","journal-title":"IEEE TNSM"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-36938-5_32"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.102095"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"ref17","first-page":"27","article-title":"Detecting malware domains at the upper dns hierarchy","author":"antonakakis","year":"2011","journal-title":"Proc Usenix Security Symposium"},{"key":"ref18","article-title":"An Internet-Wide View into DNS Lookup Patterns","author":"hao","year":"2010","journal-title":"VeriSign Labs"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ICIN48450.2020.9059472"},{"key":"ref28","article-title":"Detection of Malicious and Low Throughput Data Exfiltration Over the DNS Protocol","author":"nadler","year":"2017","journal-title":"CoRR"},{"journal-title":"New FrameworkPOS variant exfiltrates data via DNS requests","year":"0","author":"rascagneres","key":"ref4"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.00-71"},{"journal-title":"BernhardPOS - New POS Malware","year":"0","author":"vault","key":"ref3"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.16"},{"journal-title":"DET (extensible) Data Exfiltration Toolkit","year":"0","author":"qasim","key":"ref29"},{"journal-title":"Feederbot&#x2014;A Bot Using DNS as Carrier for Its CNC","year":"0","author":"dietrich","key":"ref5"},{"journal-title":"Wekby apt gang using DNS tunneling for command and control","year":"0","author":"spring","key":"ref8"},{"journal-title":"Morto Worm Sets A (DNS) Record","year":"0","author":"mullaney","key":"ref7"},{"journal-title":"Multigrain-point of sale attackers make an unhealthy addition to the pantry","year":"0","author":"lynch","key":"ref2"},{"key":"ref9","first-page":"17","article-title":"Practical Comprehensive Bounds on Surreptitious Communication over DNS","author":"paxson","year":"2013","journal-title":"Proc Usenix Security Symposium"},{"journal-title":"The Global DNS Threat Survey","year":"0","key":"ref1"},{"key":"ref20","first-page":"1","article-title":"A practical machine learning-based framework to detect dns covert communication in enterprises","author":"tang","year":"2020","journal-title":"International Conference on Security and Privacy in Communication Systems"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2009.48"},{"key":"ref21","first-page":"729","article-title":"A Tool to Detect and Visualize Malicious DNS Queries for Enterprise Networks","author":"ahmed","year":"2019","journal-title":"Proc IFIP\/IEEE im"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2007.4317620"},{"key":"ref23","first-page":"649","article-title":"Real-Time Detection of DNS Exfiltration and Tunneling from Enterprise Networks","author":"ahmed","year":"2019","journal-title":"Proc Integrated Network and Service Management (IM)"},{"key":"ref26","first-page":"24","article-title":"From throw-away traffic to bots: Detecting the rise of dga-based malware","author":"antonakakis","year":"2012","journal-title":"Proc Usenix Security Symposium"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/3191329"}],"event":{"name":"2021 International Joint Conference on Neural Networks (IJCNN)","start":{"date-parts":[[2021,7,18]]},"location":"Shenzhen, China","end":{"date-parts":[[2021,7,22]]}},"container-title":["2021 International Joint Conference on Neural Networks (IJCNN)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/9533266\/9533267\/09534276.pdf?arnumber=9534276","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,2]],"date-time":"2022-08-02T23:33:03Z","timestamp":1659483183000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9534276\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,18]]},"references-count":31,"URL":"https:\/\/doi.org\/10.1109\/ijcnn52387.2021.9534276","relation":{},"subject":[],"published":{"date-parts":[[2021,7,18]]}}}