{"id":"https://openalex.org/W4406893053","doi":"https://doi.org/10.1109/csnet64211.2024.10851475","title":"Detecting DNS Tunnelling and Data Exfiltration Using Dynamic Time Warping","display_name":"Detecting DNS Tunnelling and Data Exfiltration Using Dynamic Time Warping","publication_year":2024,"publication_date":"2024-12-04","ids":{"openalex":"https://openalex.org/W4406893053","doi":"https://doi.org/10.1109/csnet64211.2024.10851475"},"language":"en","primary_location":{"id":"doi:10.1109/csnet64211.2024.10851475","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csnet64211.2024.10851475","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 8th Cyber Security in Networking Conference (CSNet)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5027381468","display_name":"Stefan Machmeier","orcid":"https://orcid.org/0000-0002-7028-1755"},"institutions":[{"id":"https://openalex.org/I223822909","display_name":"Heidelberg University","ror":"https://ror.org/038t36y30","country_code":"DE","type":"education","lineage":["https://openalex.org/I223822909"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Stefan Machmeier","raw_affiliation_strings":["Heidelberg University,Engineering Mathematics and Computing Lab (EMCL),Heidelberg,Germany"],"affiliations":[{"raw_affiliation_string":"Heidelberg University,Engineering Mathematics and Computing Lab (EMCL),Heidelberg,Germany","institution_ids":["https://openalex.org/I223822909"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058920681","display_name":"Vincent Heuveline","orcid":"https://orcid.org/0000-0002-2217-7558"},"institutions":[{"id":"https://openalex.org/I223822909","display_name":"Heidelberg University","ror":"https://ror.org/038t36y30","country_code":"DE","type":"education","lineage":["https://openalex.org/I223822909"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Vincent Heuveline","raw_affiliation_strings":["Heidelberg University,Engineering Mathematics and Computing Lab (EMCL),Heidelberg,Germany"],"affiliations":[{"raw_affiliation_string":"Heidelberg University,Engineering Mathematics and Computing Lab (EMCL),Heidelberg,Germany","institution_ids":["https://openalex.org/I223822909"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5027381468"],"corresponding_institution_ids":["https://openalex.org/I223822909"],"apc_list":null,"apc_paid":null,"fwci":1.099,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.80852819,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"83","last_page":"91"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976000189781189,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9922999739646912,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.9873999953269958,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/dynamic-time-warping","display_name":"Dynamic time warping","score":0.7288171052932739},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7174718379974365},{"id":"https://openalex.org/keywords/image-warping","display_name":"Image warping","score":0.42148810625076294},{"id":"https://openalex.org/keywords/quantum-tunnelling","display_name":"Quantum tunnelling","score":0.41722556948661804},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.35934218764305115},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.15378472208976746},{"id":"https://openalex.org/keywords/physics","display_name":"Physics","score":0.12190383672714233},{"id":"https://openalex.org/keywords/optoelectronics","display_name":"Optoelectronics","score":0.06624096632003784}],"concepts":[{"id":"https://openalex.org/C88516994","wikidata":"https://www.wikidata.org/wiki/Q1268863","display_name":"Dynamic time warping","level":2,"score":0.7288171052932739},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7174718379974365},{"id":"https://openalex.org/C157202957","wikidata":"https://www.wikidata.org/wiki/Q1659609","display_name":"Image warping","level":2,"score":0.42148810625076294},{"id":"https://openalex.org/C120398109","wikidata":"https://www.wikidata.org/wiki/Q175751","display_name":"Quantum tunnelling","level":2,"score":0.41722556948661804},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.35934218764305115},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.15378472208976746},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.12190383672714233},{"id":"https://openalex.org/C49040817","wikidata":"https://www.wikidata.org/wiki/Q193091","display_name":"Optoelectronics","level":1,"score":0.06624096632003784}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csnet64211.2024.10851475","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csnet64211.2024.10851475","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 8th Cyber Security in Networking Conference (CSNet)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.4300000071525574,"display_name":"Climate action","id":"https://metadata.un.org/sdg/13"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":31,"referenced_works":["https://openalex.org/W1518716055","https://openalex.org/W1716079485","https://openalex.org/W1828150029","https://openalex.org/W1995875735","https://openalex.org/W2046577372","https://openalex.org/W2078993594","https://openalex.org/W2128160875","https://openalex.org/W2266457910","https://openalex.org/W2617259906","https://openalex.org/W2738194758","https://openalex.org/W2754051771","https://openalex.org/W2754468074","https://openalex.org/W2755886689","https://openalex.org/W2783412901","https://openalex.org/W2808012850","https://openalex.org/W2940883250","https://openalex.org/W2963379686","https://openalex.org/W2992136964","https://openalex.org/W2996378475","https://openalex.org/W3153921846","https://openalex.org/W3185198511","https://openalex.org/W4213362721","https://openalex.org/W4226182343","https://openalex.org/W4226373174","https://openalex.org/W4300559383","https://openalex.org/W4327948860","https://openalex.org/W4389543350","https://openalex.org/W4390481680","https://openalex.org/W4399171723","https://openalex.org/W4399332923","https://openalex.org/W4401567999"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W1670332068","https://openalex.org/W2095618524","https://openalex.org/W2347413598","https://openalex.org/W2330863229","https://openalex.org/W71572444","https://openalex.org/W1997383766","https://openalex.org/W2350336482"],"abstract_inverted_index":{"Browsing":[0],"the":[1,5,28,117,178],"web":[2],"relies":[3],"on":[4],"Domain":[6],"Name":[7],"System":[8],"(DNS)":[9],"protocol.":[10],"In":[11,46,97,166],"short,":[12],"it":[13],"resolves":[14],"domain":[15,23],"names":[16],"to":[17,39,158],"addresses":[18],"and":[19,42,60,70,122],"manages":[20],"zones":[21],"of":[22,72,88,154,181,194],"spaces":[24],"in":[25,31,57],"subtrees.":[26],"With":[27],"rapid":[29],"increase":[30],"security":[32,44],"threats,":[33],"malicious":[34,123],"actors":[35],"exploit":[36],"such":[37,81],"protocols":[38],"disguise":[40],"activities":[41],"mislead":[43],"operators.":[45],"particular,":[47],"attackers":[48],"can":[49,101],"communicate":[50],"with":[51,137],"compromised":[52],"agents":[53],"by":[54,172,177],"hiding":[55],"data":[56,68,155,175],"DNS":[58,89,124],"requests":[59,125],"their":[61],"impersonated":[62],"authoritative":[63],"name":[64],"servers.":[65,79],"This":[66],"allows":[67],"extraction":[69],"execution":[71],"commands":[73],"from":[74],"Command":[75],"&":[76],"Control":[77],"(C2)":[78],"Tracing":[80],"client":[82],"communication":[83,100],"reveals":[84],"a":[85,130,151,185,189],"continuous":[86],"exchange":[87],"packets;":[90],"thus,":[91],"various":[92],"detection":[93,107,131],"methods":[94],"are":[95],"applicable.":[96],"fact,":[98],"this":[99],"be":[102],"reformulated":[103],"as":[104,142],"an":[105],"anomaly":[106],"for":[108],"time":[109],"series.":[110],"A":[111],"promising":[112],"yet":[113],"undiscovered":[114],"approach":[115],"is":[116,156],"similarity":[118],"comparison":[119],"between":[120],"benign":[121],"over":[126],"time.":[127],"We":[128],"propose":[129],"method":[132,171],"using":[133],"k-Nearest-Neighbour":[134],"(kNN)":[135],"algorithm":[136],"Dynamic":[138],"Time":[139],"Warping":[140],"(DTW)":[141],"distance":[143],"metric.":[144],"By":[145],"this,":[146],"we":[147,168,187],"show":[148],"that":[149],"only":[150],"small":[152],"subset":[153],"needed":[157],"achieve":[159],"high":[160,197],"discovery":[161],"rates":[162],"above":[163],"99.99%":[164],"F1-Score.":[165],"addition,":[167],"cross-verified":[169],"our":[170],"inspecting":[173],"production":[174,198],"provided":[176],"computing":[179],"centre":[180],"Heidelberg":[182],"University.":[183],"As":[184],"result,":[186],"achieved":[188],"False":[190],"Discovery":[191],"Rate":[192],"(FDR)":[193],"0.25%,":[195],"showing":[196],"usage":[199],"potential.":[200]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2025-12-27T23:08:20.325037","created_date":"2025-10-10T00:00:00"}