{"id":"https://openalex.org/W3094378670","doi":"https://doi.org/10.1109/iscc50000.2020.9219547","title":"Towards Comprehensive Detection of DNS Tunnels","display_name":"Towards Comprehensive Detection of DNS Tunnels","publication_year":2020,"publication_date":"2020-07-01","ids":{"openalex":"https://openalex.org/W3094378670","doi":"https://doi.org/10.1109/iscc50000.2020.9219547","mag":"3094378670"},"language":"en","primary_location":{"id":"doi:10.1109/iscc50000.2020.9219547","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc50000.2020.9219547","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077367720","display_name":"Meng Luo","orcid":"https://orcid.org/0000-0003-3355-3413"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Meng Luo","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100647376","display_name":"Qiuyun Wang","orcid":"https://orcid.org/0000-0001-6101-9715"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Qiuyun Wang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering Chinese Academy of Sciences Beijing China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering Chinese Academy of Sciences Beijing China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5044754708","display_name":"Yepeng Yao","orcid":"https://orcid.org/0000-0002-2669-4915"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yepeng Yao","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5079647672","display_name":"Xuren Wang","orcid":"https://orcid.org/0000-0003-4959-0454"},"institutions":[{"id":"https://openalex.org/I96852419","display_name":"Capital Normal University","ror":"https://ror.org/005edt527","country_code":"CN","type":"education","lineage":["https://openalex.org/I96852419"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuren Wang","raw_affiliation_strings":["College of Information Engineering, Capital Normal University, Beijing, China","College of Information Engineering, Capital Normal University Beijing, China"],"affiliations":[{"raw_affiliation_string":"College of Information Engineering, Capital Normal University, Beijing, China","institution_ids":["https://openalex.org/I96852419"]},{"raw_affiliation_string":"College of Information Engineering, Capital Normal University Beijing, China","institution_ids":["https://openalex.org/I96852419"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114045326","display_name":"Peian Yang","orcid":null},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peian Yang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","Institute of Information Engineering Chinese Academy of Sciences Beijing China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"Institute of Information Engineering Chinese Academy of Sciences Beijing China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5020151253","display_name":"Zhengwei Jiang","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210165038","display_name":"University of Chinese Academy of Sciences","ror":"https://ror.org/05qbk4x57","country_code":"CN","type":"education","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210165038"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhengwei Jiang","raw_affiliation_strings":["Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]},{"raw_affiliation_string":"School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210165038"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5077367720"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404","https://openalex.org/I4210165038"],"apc_list":null,"apc_paid":null,"fwci":1.6177,"has_fulltext":false,"cited_by_count":16,"citation_normalized_percentile":{"value":0.85189447,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9979000091552734,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.8993625640869141},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7247089147567749},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6203352808952332},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6106797456741333},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5841226577758789},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5771586298942566},{"id":"https://openalex.org/keywords/name-server","display_name":"Name server","score":0.5564108490943909},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.5009303092956543},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.497207909822464},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4959474503993988},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4795955717563629},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3930186927318573},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.3629705309867859},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.14893975853919983}],"concepts":[{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.8993625640869141},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7247089147567749},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6203352808952332},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6106797456741333},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5841226577758789},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5771586298942566},{"id":"https://openalex.org/C105320234","wikidata":"https://www.wikidata.org/wiki/Q41494","display_name":"Name server","level":3,"score":0.5564108490943909},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.5009303092956543},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.497207909822464},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4959474503993988},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4795955717563629},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3930186927318573},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.3629705309867859},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.14893975853919983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscc50000.2020.9219547","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscc50000.2020.9219547","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE Symposium on Computers and Communications (ISCC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":26,"referenced_works":["https://openalex.org/W203347454","https://openalex.org/W1561314694","https://openalex.org/W1993114740","https://openalex.org/W2004078625","https://openalex.org/W2144578696","https://openalex.org/W2276488401","https://openalex.org/W2296719434","https://openalex.org/W2396855773","https://openalex.org/W2752373508","https://openalex.org/W2754468074","https://openalex.org/W2755348785","https://openalex.org/W2766805006","https://openalex.org/W2889547652","https://openalex.org/W2890928763","https://openalex.org/W2907376671","https://openalex.org/W2928989072","https://openalex.org/W2963379686","https://openalex.org/W2973385958","https://openalex.org/W2981223859","https://openalex.org/W4295186723","https://openalex.org/W6608273010","https://openalex.org/W6633853188","https://openalex.org/W6743929116","https://openalex.org/W6743979602","https://openalex.org/W6760994009","https://openalex.org/W6767173058"],"related_works":["https://openalex.org/W2183899684","https://openalex.org/W386065407","https://openalex.org/W2390563968","https://openalex.org/W1569990158","https://openalex.org/W1598490273","https://openalex.org/W3004039032","https://openalex.org/W2016713855","https://openalex.org/W1642214788","https://openalex.org/W2733931179","https://openalex.org/W2965181964"],"abstract_inverted_index":{"The":[0,200,218,237],"Domain":[1],"Name":[2],"System":[3],"(DNS)":[4],"is":[5,16,204],"a":[6,26,112,135,253],"fundamental":[7],"service":[8],"of":[9,18,23,138,158,179,213,220],"the":[10,13,19,37,144,175,183,187,192,250],"Internet,":[11],"and":[12,32,45,64,75,87,104,124,147,155,163,177,186,210],"DNS":[14,40,52,79,99,114,128,131,145,226,247],"tunnel":[15,80,115],"one":[17],"most":[20,168],"threatening":[21],"abuses":[22],"DNS,":[24],"posing":[25],"huge":[27],"threat":[28],"to":[29,42,61,96,173],"user":[30],"privacy":[31],"Internet":[33],"security.":[34],"Attackers":[35],"conceal":[36],"information":[38,180],"into":[39],"packets":[41],"evade":[43],"firewalls":[44],"intrusion":[46],"detection":[47,81,116,193,202],"systems.":[48],"Recently,":[49],"newly":[50,97,121],"developed":[51,98,122],"tunnels":[53,100,132,248],"used":[54,170],"by":[55],"Advanced":[56],"Persist":[57],"Threat":[58],"groups":[59],"tend":[60],"use":[62],"A":[63,103,123],"AAAA":[65,105,125],"resource":[66],"records":[67],"(RRs)":[68],"for":[69,171],"transmission,":[70],"making":[71],"them":[72],"more":[73,76],"invisible":[74],"threatening.":[77],"Previous":[78],"approaches":[82],"mainly":[83],"focus":[84],"on":[85,102,206,233],"subdomains":[86],"TXT":[88,162],"RRs,":[89],"but":[90],"less":[91],"attention":[92],"has":[93,230],"been":[94,231],"paid":[95],"based":[101,127],"RRs.":[106],"In":[107],"this":[108],"paper,":[109],"we":[110,149],"present":[111],"novel":[113,151],"method":[117],"that":[118,166,241],"can":[119,244],"detect":[120,245],"RR":[126],"tunnels.":[129,227],"Since":[130],"will":[133,222],"transmit":[134],"large":[136],"amount":[137,176],"encrypted":[139],"or":[140],"encoded":[141],"data":[142],"in":[143,249],"queries":[146],"responses,":[148],"extracted":[150],"features":[152,197,209],"from":[153],"domains":[154,207],"4":[156,211],"types":[157,212],"RRs":[159,214],"(A,":[160],"AAAA,":[161],"CNAME":[164],"RRs)":[165],"are":[167],"commonly":[169],"tunneling":[172],"measure":[174],"content":[178],"exchanged":[181],"between":[182],"authoritative":[184],"nameservers":[185],"clients.":[188],"We":[189],"also":[190],"analyze":[191],"capabilities":[194],"when":[195],"different":[196],"were":[198],"used.":[199],"anomaly":[201],"algorithm":[203],"employed":[205],"related":[208,215],"features,":[216],"respectively.":[217],"overlaps":[219],"outliers":[221],"be":[223],"marked":[224],"as":[225],"Our":[228],"approach":[229,243],"evaluated":[232],"real-world":[234],"network":[235],"traffic.":[236],"experimental":[238],"results":[239],"show":[240],"our":[242],"all":[246],"dataset":[251],"with":[252],"extremely":[254],"low":[255],"false":[256],"positive":[257],"rate.":[258]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}