{"id":"https://openalex.org/W3207413093","doi":"https://doi.org/10.1145/3478472.3478481","title":"Anomaly Detection on User Terminals Based on Outbound Traffic Filtering by DNS Query Monitoring and Application Program Identification","display_name":"Anomaly Detection on User Terminals Based on Outbound Traffic Filtering by DNS Query Monitoring and Application Program Identification","publication_year":2021,"publication_date":"2021-05-07","ids":{"openalex":"https://openalex.org/W3207413093","doi":"https://doi.org/10.1145/3478472.3478481","mag":"3207413093"},"language":"en","primary_location":{"id":"doi:10.1145/3478472.3478481","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3478472.3478481","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on Human-Machine Interaction","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101656959","display_name":"Yong Jin","orcid":"https://orcid.org/0000-0003-2967-5557"},"institutions":[{"id":"https://openalex.org/I114531698","display_name":"Tokyo Institute of Technology","ror":"https://ror.org/0112mx960","country_code":"JP","type":"education","lineage":["https://openalex.org/I114531698"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Yong Jin","raw_affiliation_strings":["Tokyo Institute of Technology, Japan"],"affiliations":[{"raw_affiliation_string":"Tokyo Institute of Technology, Japan","institution_ids":["https://openalex.org/I114531698"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054448019","display_name":"Masahiko Tomoishi","orcid":"https://orcid.org/0000-0001-5636-7774"},"institutions":[{"id":"https://openalex.org/I114531698","display_name":"Tokyo Institute of Technology","ror":"https://ror.org/0112mx960","country_code":"JP","type":"education","lineage":["https://openalex.org/I114531698"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Masahiko Tomoishi","raw_affiliation_strings":["Tokyo Institute of Technology, Japan"],"affiliations":[{"raw_affiliation_string":"Tokyo Institute of Technology, Japan","institution_ids":["https://openalex.org/I114531698"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058678508","display_name":"Nariyoshi Yamai","orcid":"https://orcid.org/0000-0003-2651-2701"},"institutions":[{"id":"https://openalex.org/I92614990","display_name":"Tokyo University of Agriculture and Technology","ror":"https://ror.org/00qg0kr10","country_code":"JP","type":"education","lineage":["https://openalex.org/I92614990"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Nariyoshi Yamai","raw_affiliation_strings":["Tokyo University of Agriculture and Technology, Japan"],"affiliations":[{"raw_affiliation_string":"Tokyo University of Agriculture and Technology, Japan","institution_ids":["https://openalex.org/I92614990"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5101656959"],"corresponding_institution_ids":["https://openalex.org/I114531698"],"apc_list":null,"apc_paid":null,"fwci":0.1528,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.51972064,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"47","last_page":"56"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8239331245422363},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.7922825217247009},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.786535918712616},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.7783167362213135},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.6039733290672302},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5278487205505371},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5120778679847717},{"id":"https://openalex.org/keywords/name-server","display_name":"Name server","score":0.49586448073387146},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.47067245841026306},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.43758997321128845},{"id":"https://openalex.org/keywords/ip-address","display_name":"Ip address","score":0.4124709963798523},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.2991955876350403},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.2778622508049011}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8239331245422363},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.7922825217247009},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.786535918712616},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.7783167362213135},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.6039733290672302},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5278487205505371},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5120778679847717},{"id":"https://openalex.org/C105320234","wikidata":"https://www.wikidata.org/wiki/Q41494","display_name":"Name server","level":3,"score":0.49586448073387146},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.47067245841026306},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.43758997321128845},{"id":"https://openalex.org/C2985371682","wikidata":"https://www.wikidata.org/wiki/Q11135","display_name":"Ip address","level":2,"score":0.4124709963798523},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2991955876350403},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.2778622508049011},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3478472.3478481","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3478472.3478481","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 International Conference on Human-Machine Interaction","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W125869453","https://openalex.org/W2003967425","https://openalex.org/W2004078625","https://openalex.org/W2036286049","https://openalex.org/W2162709050","https://openalex.org/W2242094442","https://openalex.org/W2546967226","https://openalex.org/W2730672749","https://openalex.org/W2771691069","https://openalex.org/W2789580363","https://openalex.org/W2887506070","https://openalex.org/W2898685569","https://openalex.org/W2908277090"],"related_works":["https://openalex.org/W1569990158","https://openalex.org/W4231735021","https://openalex.org/W2219498667","https://openalex.org/W3155775628","https://openalex.org/W176177082","https://openalex.org/W2137448287","https://openalex.org/W2371599845","https://openalex.org/W2026614850","https://openalex.org/W2903118269","https://openalex.org/W2212569908"],"abstract_inverted_index":{"Malware":[0],"attacks":[1],"have":[2],"become":[3],"one":[4],"of":[5,16,72,217],"the":[6,11,25,44,47,51,61,69,73,81,92,131,134,145,175,183,200,206,215],"most":[7],"critical":[8],"issues":[9],"in":[10,60,163],"Internet":[12],"nowadays.":[13],"Most":[14],"types":[15],"malware,":[17],"after":[18],"infecting":[19],"a":[20,188],"computer,":[21],"attempt":[22],"contacts":[23],"to":[24,50,144,165,181,199],"Command":[26],"and":[27,102,122,156,194,220],"Control":[28],"(C&C)":[29],"servers":[30,53,75],"using":[31,117],"IP":[32,70,146],"addresses":[33,71,147],"or":[34,142,179],"Fully":[35],"Qualified":[36],"Domain":[37],"Name":[38],"(FQDN)":[39],"for":[40,67],"further":[41],"instructions.":[42],"In":[43,78,94,130],"former":[45],"case,":[46,63],"malware":[48],"connects":[49],"C&C":[52,74],"directly":[54],"without":[55,149],"DNS":[56,64,123,150],"name":[57,65,151],"resolutions,":[58],"while":[59],"later":[62],"resolutions":[66,152],"obtaining":[68],"are":[76],"required.":[77],"both":[79],"cases,":[80],"outbound":[82,113,135],"traffic":[83,114,136],"will":[84,153,173],"be":[85,154],"initialized":[86,137],"by":[87,116,138],"an":[88,104,170],"unrecognized":[89,139],"application":[90,140],"program,":[91],"malware.":[93],"this":[95],"research,":[96],"we":[97,203,212],"focus":[98],"on":[99,108,112,158,191,223],"these":[100],"peculiarities":[101],"propose":[103],"anomaly":[105],"detection":[106],"system":[107,190,208],"user":[109,159,224],"terminals":[110],"based":[111],"filtering":[115],"Software":[118],"Defined":[119],"Network":[120],"(SDN)":[121],"Response":[124],"Policy":[125],"Zone":[126],"(DNS":[127],"RPZ)":[128],"technologies.":[129],"proposed":[132,207],"system,":[133],"programs":[141],"destined":[143],"obtained":[148],"detected":[155,184],"blocked":[157],"terminals.":[160,225],"What's":[161],"more,":[162],"order":[164],"reduce":[166],"false":[167],"positive":[168],"detections,":[169],"alert":[171],"message":[172],"make":[174],"users":[176],"decide":[177],"whether":[178],"not":[180],"allow":[182],"traffic.":[185],"We":[186],"implemented":[187],"prototype":[189],"MacOS":[192],"machine":[193],"conducted":[195],"feature":[196],"evaluations.":[197],"According":[198],"evaluation":[201],"results,":[202],"confirmed":[204],"that":[205],"worked":[209],"exactly":[210],"as":[211],"designed":[213],"with":[214],"features":[216],"detection,":[218],"blocking":[219],"alerting":[221],"anomalies":[222]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}