{"id":"https://openalex.org/W1916600987","doi":"https://doi.org/10.1109/iwcmc.2015.7289112","title":"Towards automatic detection and diagnosis of Internet service anomalies via DNS traffic analysis","display_name":"Towards automatic detection and diagnosis of Internet service anomalies via DNS traffic analysis","publication_year":2015,"publication_date":"2015-08-01","ids":{"openalex":"https://openalex.org/W1916600987","doi":"https://doi.org/10.1109/iwcmc.2015.7289112","mag":"1916600987"},"language":"en","primary_location":{"id":"doi:10.1109/iwcmc.2015.7289112","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwcmc.2015.7289112","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 International Wireless Communications and Mobile Computing Conference (IWCMC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035993254","display_name":"Pierdomenico Fiadino","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122474","display_name":"Forschungszentrum Telekommunikation Wien","ror":"https://ror.org/026nftk33","country_code":"AT","type":"facility","lineage":["https://openalex.org/I4210122474"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Pierdomenico Fiadino","raw_affiliation_strings":["Vienna - FTW, Telecommunications Research Center","Telecommunications Research Center Vienna - FTW, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Vienna - FTW, Telecommunications Research Center","institution_ids":["https://openalex.org/I4210122474"]},{"raw_affiliation_string":"Telecommunications Research Center Vienna - FTW, Austria","institution_ids":["https://openalex.org/I4210122474"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088798897","display_name":"Alessandro D\u2019Alconzo","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122474","display_name":"Forschungszentrum Telekommunikation Wien","ror":"https://ror.org/026nftk33","country_code":"AT","type":"facility","lineage":["https://openalex.org/I4210122474"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Alessandro D'Alconzo","raw_affiliation_strings":["Vienna - FTW, Telecommunications Research Center","Telecommunications Research Center Vienna - FTW, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Vienna - FTW, Telecommunications Research Center","institution_ids":["https://openalex.org/I4210122474"]},{"raw_affiliation_string":"Telecommunications Research Center Vienna - FTW, Austria","institution_ids":["https://openalex.org/I4210122474"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057040861","display_name":"Mirko Schiavone","orcid":null},"institutions":[{"id":"https://openalex.org/I4210122474","display_name":"Forschungszentrum Telekommunikation Wien","ror":"https://ror.org/026nftk33","country_code":"AT","type":"facility","lineage":["https://openalex.org/I4210122474"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Mirko Schiavone","raw_affiliation_strings":["Vienna - FTW, Telecommunications Research Center","Telecommunications Research Center Vienna - FTW, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Vienna - FTW, Telecommunications Research Center","institution_ids":["https://openalex.org/I4210122474"]},{"raw_affiliation_string":"Telecommunications Research Center Vienna - FTW, Austria","institution_ids":["https://openalex.org/I4210122474"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081556750","display_name":"Pedro Casas","orcid":"https://orcid.org/0000-0002-0951-2331"},"institutions":[{"id":"https://openalex.org/I4210122474","display_name":"Forschungszentrum Telekommunikation Wien","ror":"https://ror.org/026nftk33","country_code":"AT","type":"facility","lineage":["https://openalex.org/I4210122474"]}],"countries":["AT"],"is_corresponding":false,"raw_author_name":"Pedro Casas","raw_affiliation_strings":["Vienna - FTW, Telecommunications Research Center","Telecommunications Research Center Vienna - FTW, Austria"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Vienna - FTW, Telecommunications Research Center","institution_ids":["https://openalex.org/I4210122474"]},{"raw_affiliation_string":"Telecommunications Research Center Vienna - FTW, Austria","institution_ids":["https://openalex.org/I4210122474"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I4210122474"],"apc_list":null,"apc_paid":null,"fwci":1.0519,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.8002628,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"373","last_page":"378"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10138","display_name":"Network Traffic and Congestion Control","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/flagging","display_name":"Flagging","score":0.9110373258590698},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7670270204544067},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.6101694703102112},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6048870086669922},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5383620858192444},{"id":"https://openalex.org/keywords/entropy","display_name":"Entropy (arrow of time)","score":0.48587697744369507},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.4188222885131836},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3665095865726471},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.3341712951660156},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.10196465253829956}],"concepts":[{"id":"https://openalex.org/C2777548347","wikidata":"https://www.wikidata.org/wiki/Q5456937","display_name":"Flagging","level":2,"score":0.9110373258590698},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7670270204544067},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.6101694703102112},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6048870086669922},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5383620858192444},{"id":"https://openalex.org/C106301342","wikidata":"https://www.wikidata.org/wiki/Q4117933","display_name":"Entropy (arrow of time)","level":2,"score":0.48587697744369507},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.4188222885131836},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3665095865726471},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.3341712951660156},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.10196465253829956},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C166957645","wikidata":"https://www.wikidata.org/wiki/Q23498","display_name":"Archaeology","level":1,"score":0.0},{"id":"https://openalex.org/C95457728","wikidata":"https://www.wikidata.org/wiki/Q309","display_name":"History","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iwcmc.2015.7289112","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iwcmc.2015.7289112","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 International Wireless Communications and Mobile Computing Conference (IWCMC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":12,"referenced_works":["https://openalex.org/W656035459","https://openalex.org/W1965871575","https://openalex.org/W1999803037","https://openalex.org/W2031935336","https://openalex.org/W2048205386","https://openalex.org/W2049739151","https://openalex.org/W2066248028","https://openalex.org/W2127589913","https://openalex.org/W2155915275","https://openalex.org/W2164210932","https://openalex.org/W2507001751","https://openalex.org/W2738760549"],"related_works":["https://openalex.org/W2946613364","https://openalex.org/W2807886874","https://openalex.org/W1697346018","https://openalex.org/W2113326855","https://openalex.org/W4393527151","https://openalex.org/W611259847","https://openalex.org/W2354785495","https://openalex.org/W2125309548","https://openalex.org/W4323520232","https://openalex.org/W2364005506"],"abstract_inverted_index":{"The":[0,19,70,146],"DNS":[1,40],"protocol":[2],"has":[3],"proved":[4],"to":[5,108,139,169],"be":[6],"a":[7,31,56,67,87,131,158],"valuable":[8],"means":[9],"for":[10,33,76],"identifying":[11],"and":[12,29,35,95,154],"dissecting":[13],"large-scale":[14],"anomalies":[15,38,46],"in":[16,86,123,192],"omnipresent":[17],"Over":[18],"Top":[20],"(OTT)":[21],"Internet":[22],"services.":[23],"In":[24],"this":[25],"paper,":[26],"we":[27,129,185],"present":[28],"evaluate":[30],"framework":[32],"detecting":[34,120],"diagnosing":[36],"traffic":[37,41,167],"via":[39],"analysis.":[42],"Detection":[43],"of":[44,64,72,89,112,119,126,142,181,189],"such":[45,77],"is":[47,79,149],"achieved":[48],"by":[49,81],"monitoring":[50],"different":[51],"DNS-related":[52],"symptomatic":[53],"features,":[54,128],"flagging":[55],"warning":[57],"as":[58,60],"soon":[59],"one":[61],"or":[62],"more":[63],"them":[65],"show":[66,177],"significant":[68,84,121],"change.":[69],"investigation":[71],"the":[73,109,113,117,124,140,143,162,171,178,182,187,190],"root":[74],"causes":[75],"deviations":[78],"done":[80],"looking":[82],"at":[83],"changes":[85,122],"number":[88],"diagnostic":[90,127],"features":[91],"(i.e.,":[92],"device":[93],"manufacturer":[94],"OS,":[96],"requested":[97],"host":[98],"name,":[99],"error":[100],"codes,":[101],"etc.),":[102],"which":[103],"convey":[104],"information":[105],"directly":[106],"linked":[107],"potential":[110],"origins":[111],"detected":[114],"anomalies.":[115],"For":[116],"purpose":[118],"time-series":[125],"propose":[130],"scheme":[132],"based":[133],"on":[134],"change":[135],"point":[136],"detection":[137],"applied":[138],"entropy":[141],"considered":[144],"features.":[145],"proposed":[147,183],"solution":[148],"tested":[150],"using":[151],"both":[152],"real":[153,166,172],"synthetic":[155],"data":[156],"from":[157,165],"nationwide":[159],"mobile":[160,173],"ISP,":[161],"latter":[163],"generated":[164],"statistics":[168],"resemble":[170],"network":[174],"traffic.":[175],"To":[176],"operational":[179],"value":[180],"framework,":[184],"report":[186],"results":[188],"diagnosis":[191],"two":[193],"prototypical":[194],"cases.":[195]},"counts_by_year":[{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2}],"updated_date":"2026-06-26T08:34:08.712188","created_date":"2025-10-10T00:00:00"}