{"id":"https://openalex.org/W4289655029","doi":"https://doi.org/10.1109/netsoft54395.2022.9844067","title":"Detecting Data Exfiltration over Encrypted DNS","display_name":"Detecting Data Exfiltration over Encrypted DNS","publication_year":2022,"publication_date":"2022-06-27","ids":{"openalex":"https://openalex.org/W4289655029","doi":"https://doi.org/10.1109/netsoft54395.2022.9844067"},"language":"en","primary_location":{"id":"doi:10.1109/netsoft54395.2022.9844067","is_oa":false,"landing_page_url":"https://doi.org/10.1109/netsoft54395.2022.9844067","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://pureadmin.qub.ac.uk/ws/files/347180544/NetSoft_DoH_Paper_Post.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038976164","display_name":"Jacob Steadman","orcid":"https://orcid.org/0000-0002-6806-3951"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Jacob Steadman","raw_affiliation_strings":["Queen&#x2019;s University Belfast,Centre for Secure Information Technologies,Belfast,N. Ireland"],"affiliations":[{"raw_affiliation_string":"Queen&#x2019;s University Belfast,Centre for Secure Information Technologies,Belfast,N. Ireland","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5084587519","display_name":"Sandra Scott-Hayward","orcid":"https://orcid.org/0000-0002-0330-1963"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sandra Scott-Hayward","raw_affiliation_strings":["Queen&#x2019;s University Belfast,Centre for Secure Information Technologies,Belfast,N. Ireland"],"affiliations":[{"raw_affiliation_string":"Queen&#x2019;s University Belfast,Centre for Secure Information Technologies,Belfast,N. Ireland","institution_ids":["https://openalex.org/I126231945"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5038976164"],"corresponding_institution_ids":["https://openalex.org/I126231945"],"apc_list":null,"apc_paid":null,"fwci":0.552,"has_fulltext":true,"cited_by_count":4,"citation_normalized_percentile":{"value":0.71781777,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"429","last_page":"437"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10651","display_name":"IPv6, Mobility, Handover, Networks, Security","score":0.9977999925613403,"subfield":{"id":"https://openalex.org/subfields/2208","display_name":"Electrical and Electronic Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.8354672789573669},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7669116258621216},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.7282721996307373},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7061538100242615},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.6306518316268921},{"id":"https://openalex.org/keywords/visibility","display_name":"Visibility","score":0.47654062509536743},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4138127863407135},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.39129143953323364},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3672026991844177}],"concepts":[{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.8354672789573669},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7669116258621216},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.7282721996307373},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7061538100242615},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.6306518316268921},{"id":"https://openalex.org/C123403432","wikidata":"https://www.wikidata.org/wiki/Q654068","display_name":"Visibility","level":2,"score":0.47654062509536743},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4138127863407135},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.39129143953323364},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3672026991844177},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/netsoft54395.2022.9844067","is_oa":false,"landing_page_url":"https://doi.org/10.1109/netsoft54395.2022.9844067","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2022 IEEE 8th International Conference on Network Softwarization (NetSoft)","raw_type":"proceedings-article"},{"id":"pmh:oai:pure.qub.ac.uk/portal:publications/83bb383f-4250-459f-a89c-adef5370d5c2","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/83bb383f-4250-459f-a89c-adef5370d5c2","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/347180544/NetSoft_DoH_Paper_Post.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Steadman, J & Scott-Hayward, S 2022, Detecting Data Exfiltration over Encrypted DNS. in 2022 IEEE 8th International Conference on Network Softwarization (NetSoft): Proceedings. International Conference on Network Softwarization (NetSoft): Proceedings, Institute of Electrical and Electronics Engineers Inc., Milan, Italy, IEEE International Conference on Network Softwarization 2022, Milan, Italy, 27/06/2022. https://doi.org/10.1109/NetSoft54395.2022.9844067","raw_type":"info:eu-repo/semantics/conferenceObject"}],"best_oa_location":{"id":"pmh:oai:pure.qub.ac.uk/portal:publications/83bb383f-4250-459f-a89c-adef5370d5c2","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/83bb383f-4250-459f-a89c-adef5370d5c2","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/347180544/NetSoft_DoH_Paper_Post.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Steadman, J & Scott-Hayward, S 2022, Detecting Data Exfiltration over Encrypted DNS. in 2022 IEEE 8th International Conference on Network Softwarization (NetSoft): Proceedings. International Conference on Network Softwarization (NetSoft): Proceedings, Institute of Electrical and Electronics Engineers Inc., Milan, Italy, IEEE International Conference on Network Softwarization 2022, Milan, Italy, 27/06/2022. https://doi.org/10.1109/NetSoft54395.2022.9844067","raw_type":"info:eu-repo/semantics/conferenceObject"},"sustainable_development_goals":[{"score":0.7799999713897705,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[{"id":"https://openalex.org/G2241406505","display_name":null,"funder_award_id":"EP/R007187/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5334834590","display_name":null,"funder_award_id":"EP/H049606/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G5445011987","display_name":null,"funder_award_id":"EP/K004379/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G6577499357","display_name":null,"funder_award_id":"EP/N508664/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"},{"id":"https://openalex.org/G745166385","display_name":null,"funder_award_id":"EP/G034303/1","funder_id":"https://openalex.org/F4320334627","funder_display_name":"Engineering and Physical Sciences Research Council"}],"funders":[{"id":"https://openalex.org/F4320334627","display_name":"Engineering and Physical Sciences Research Council","ror":"https://ror.org/0439y7842"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W4289655029.pdf","grobid_xml":"https://content.openalex.org/works/W4289655029.grobid-xml"},"referenced_works_count":16,"referenced_works":["https://openalex.org/W2096904130","https://openalex.org/W2401862431","https://openalex.org/W2806616617","https://openalex.org/W2809684781","https://openalex.org/W2906784802","https://openalex.org/W2947499652","https://openalex.org/W2972544683","https://openalex.org/W2972689670","https://openalex.org/W2981067590","https://openalex.org/W2992960562","https://openalex.org/W3025921802","https://openalex.org/W3080354144","https://openalex.org/W3080730509","https://openalex.org/W3087664199","https://openalex.org/W3105087971","https://openalex.org/W3165851208"],"related_works":["https://openalex.org/W2183899684","https://openalex.org/W2392812199","https://openalex.org/W4200176076","https://openalex.org/W598185802","https://openalex.org/W3004039032","https://openalex.org/W2355516524","https://openalex.org/W2361471170","https://openalex.org/W2025616642","https://openalex.org/W2073523380","https://openalex.org/W1954972543"],"abstract_inverted_index":{"Data":[0],"breaches":[1],"linked":[2],"to":[3,34,41,57,69,84,102,131,155],"individual":[4],"and":[5,19,91,119],"company":[6],"information":[7],"are":[8,26],"exposed":[9],"on":[10,37],"an":[11],"almost":[12],"daily":[13],"basis.":[14],"With":[15],"increasing":[16],"media":[17],"attention":[18],"visibility":[20],"of":[21,30,44,109,111,134,157,166],"this":[22,96,124],"security":[23,99],"issue,":[24],"users":[25],"becoming":[27],"more":[28],"aware":[29],"privacy":[31,72],"concerns":[32],"related":[33],"their":[35],"activity":[36,76],"the":[38,42,45,48,89,92,98,107,158,167],"Internet.":[39],"Fundamental":[40],"operation":[43],"Internet":[46],"is":[47,81],"Domain":[49],"Name":[50],"System":[51],"(DNS),":[52],"which":[53],"translates":[54],"domain":[55,79],"names":[56],"IP":[58],"addresses":[59],"enabling":[60],"easy":[61],"web":[62],"browsing.":[63],"Encrypted":[64],"DNS":[65,93,104,112,135],"has":[66],"become":[67],"popular":[68],"increase":[70],"user":[71,145],"by":[73],"ensuring":[74],"that":[75,150],"transmitted":[77,164],"over":[78,136],"queries":[80],"not":[82],"visible":[83],"intermediary":[85],"network":[86],"devices":[87],"between":[88],"client":[90],"endpoint.":[94],"Unfortunately,":[95],"undermines":[97],"services":[100],"designed":[101],"analyse":[103],"traffic":[105,139,161],"for":[106,113],"detection":[108],"exploitation":[110],"use":[114],"as":[115],"a":[116,128],"covert":[117],"communication":[118],"data":[120,141],"exfiltration":[121,142],"channel.":[122],"In":[123],"work,":[125],"we":[126],"propose":[127],"solution,":[129],"DoHxP,":[130],"enable":[132],"protection":[133],"HTTPS":[137],"(DoH)":[138],"from":[140,162],"without":[143],"compromising":[144],"privacy.":[146],"Our":[147],"results":[148],"show":[149],"DoHxP":[151],"successfully":[152],"prevents":[153],"up":[154],"99.88%":[156],"malicious":[159],"DoH":[160],"being":[163],"outside":[165],"network.":[168]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2023,"cited_by_count":2}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}