{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,20]],"date-time":"2025-11-20T18:50:55Z","timestamp":1763664655840,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":31,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,8,17]],"date-time":"2021-08-17T00:00:00Z","timestamp":1629158400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,8,17]]},"DOI":"10.1145\/3465481.3470089","type":"proceedings-article","created":{"date-parts":[[2021,8,16]],"date-time":"2021-08-16T17:57:21Z","timestamp":1629136641000},"page":"1-7","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":11,"title":["Network Flow Entropy for Identifying Malicious Behaviours in DNS Tunnels"],"prefix":"10.1145","author":[{"given":"Yulduz","family":"Khodjaeva","sequence":"first","affiliation":[{"name":"Dalhousie University, CA"}]},{"given":"Nur","family":"Zincir-Heywood","sequence":"additional","affiliation":[{"name":"Dalhousie University, CA"}]}],"member":"320","published-online":{"date-parts":[[2021,8,17]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2000-2011. Argus. Retrieved September 2020 from https:\/\/openargus.org\/using-argus"},{"key":"e_1_3_2_1_2_1","unstructured":"2019. DoHlyzer. Retrieved October 2020 from https:\/\/github.com\/ahlashkari\/DoHlyzer"},{"key":"e_1_3_2_1_3_1","unstructured":"2019. DoHMeter. Retrieved October 2020 from https:\/\/github.com\/ahlashkari\/DOHlyzer\/tree\/master\/DoHMeter"},{"key":"e_1_3_2_1_4_1","unstructured":"2019. IMPACT. Retrieved March 6 2021 from https:\/\/www.impactcybertrust.org"},{"key":"e_1_3_2_1_5_1","unstructured":"2019. Tranalyzer. Retrieved September 2020 from https:\/\/tranalyzer.com"},{"key":"e_1_3_2_1_6_1","volume-title":"IFIP\/IEEE International Symposium on Integrated Network Management, IM 2019","author":"Ahmed Jawad","year":"2019","unstructured":"Jawad Ahmed, Hassan\u00a0Habibi Gharakheili, Qasim Raza, Craig Russell, and Vijay Sivaraman. 2019. Real-Time Detection of DNS Exfiltration and Tunneling from Enterprise Networks. In IFIP\/IEEE International Symposium on Integrated Network Management, IM 2019, Washington, DC, USA, April 09-11, 2019, Joe Betser, Carol\u00a0J. Fung, Alex Clemm, J\u00e9r\u00f4me Fran\u00e7ois, and Shingo Ata (Eds.). IFIP, 649\u2013653. http:\/\/ieeexplore.ieee.org\/document\/8717806"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-07013-1_5"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-71617-4_17"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355575"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI.2016.7849909"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI47803.2020.9308499"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICMLA.2017.00-71"},{"volume-title":"Real-Time Detection of Encrypted Traffic based on Entropy Estimation. Master\u2019s thesis","author":"Dorfinger Peter","key":"e_1_3_2_1_13_1","unstructured":"Peter Dorfinger. 2010. Real-Time Detection of Encrypted Traffic based on Entropy Estimation. Master\u2019s thesis. Salzburg University of Applied Sciences."},{"key":"e_1_3_2_1_14_1","volume-title":"Prediction and entropy of printed English. Bell system technical journal 30 (Jan","author":"Shannon Claude","year":"1951","unstructured":"Claude E.Shannon. 1951. Prediction and entropy of printed English. Bell system technical journal 30 (Jan. 1951), 50\u201364. Issue 1."},{"volume-title":"ExFILD: a tool for the detection of data exfiltration using entropy and encryption characteristics of network traffic. Master\u2019s thesis","author":"Fawcett Tyrell","key":"e_1_3_2_1_15_1","unstructured":"Tyrell Fawcett. 2010. ExFILD: a tool for the detection of data exfiltration using entropy and encryption characteristics of network traffic. Master\u2019s thesis. University of Delaware."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSYST.2014.2364743"},{"key":"e_1_3_2_1_17_1","volume-title":"Retrieved","author":"Hjelm Drew","year":"2019","unstructured":"Drew Hjelm. 2019. A New Needle and Haystack: Detecting DNS over HTTPS Usage. Retrieved May 10, 2021 from https:\/\/www.sans.org\/reading-room\/whitepapers\/dns\/needle-haystack-detecting-dns-https-usage-39160"},{"key":"e_1_3_2_1_18_1","unstructured":"Arash Habibi\u00a0Lashkari Iman\u00a0Sharafaldinand Ali\u00a0A. Ghorbani. 2017. CIC-IDS 2017. Retrieved March 5 2021 from https:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.swevo.2017.09.008"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1080091.1080118"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10922-020-09512-5"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SSCI.2016.7850078"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355580"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/DASC-PICom-CBDCom-CyberSciTech49142.2020.00026"},{"volume-title":"Retrieved","year":"2020","key":"e_1_3_2_1_25_1","unstructured":"[Online]. 2020. CIRA-CIC-DoHBrw-2020. Retrieved October 10, 2020 from https:\/\/www.unb.ca\/cic\/datasets\/dohbrw-2020.html"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2018.2883147"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/QoMEX.2019.8743223"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2018.8406156"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.5220\/0006639801080116"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","unstructured":"Sunil\u00a0Kumar Singh and Pradeep\u00a0Kumar Roy. 2020. Detecting Malicious DNS over HTTPS Traffic Using Machine Learning. (2020). https:\/\/doi.org\/10.1109\/3ICT51146.2020.9312004","DOI":"10.1109\/3ICT51146.2020.9312004"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.23721\/102"}],"event":{"name":"ARES 2021: The 16th International Conference on Availability, Reliability and Security","acronym":"ARES 2021","location":"Vienna Austria"},"container-title":["Proceedings of the 16th International Conference on Availability, Reliability and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465481.3470089","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3465481.3470089","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:17:24Z","timestamp":1750191444000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3465481.3470089"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,8,17]]},"references-count":31,"alternative-id":["10.1145\/3465481.3470089","10.1145\/3465481"],"URL":"https:\/\/doi.org\/10.1145\/3465481.3470089","relation":{},"subject":[],"published":{"date-parts":[[2021,8,17]]},"assertion":[{"value":"2021-08-17","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}