P. Mockapetris, Rfc 1034: Domain names -concepts and facilities, 1987.
DOI : 10.17487/rfc1034
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.420.1013

K. Dan, Ozymandns : Kaminsky dns tunnel, 2005.

F. Weimer, Passive dns replication, 2005.

H. Mark, F. Eibe, H. Geoffrey, P. Bernhard, R. Peter et al., The weka data mining software: An update, 2009.

C. E. Shannon, A mathematical theory of communication, Bell system technical journal, vol.27, 1948.

C. Huang, A. Wang, J. Li, and K. W. Ross, Measuring and evaluating large-scale cdns paper withdrawn at mirosoft's request, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement, ser. IMC '08, pp.15-29, 2008.

J. A. Hartigan and M. A. Wong, A k-means clustering algorithm, Applied Statistics, vol.28, 1979.

S. Yadav, A. K. Reddy, N. Reddy, and S. Ranjan, Detecting algorithimically generated malicious domain names, 2011.
DOI : 10.1145/1879141.1879148
URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.221.1167

K. Born and D. Gustafson, Detecting dns tunnels using character frequency analysis, p.4358, 2010.

D. Dagon, N. Provos, C. P. Lee, and W. Lee, Corrupted dns resolution paths: The rise of a malicious resolution authority

A. Hunt, Visualizing the hosting patterns of modern cybercriminal, 2010.

D. Plonka and P. Barford, Context-aware clustering of DNS query traffic, Proceedings of the 8th ACM SIGCOMM conference on Internet measurement conference, IMC '08, pp.217-230, 2008.
DOI : 10.1145/1452520.1452547

M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster, Building a dynamic reputation system for dns, Proceedings of the 19th USENIX conference on Security, ser. USENIX Security'10, pp.18-18, 2010.

B. Zdrnja, N. Brownlee, and D. Wessels, Passive Monitoring of DNS Anomalies, Proceedings of the 4th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment, ser. DIMVA '07, pp.129-139, 2007.
DOI : 10.1007/978-3-540-73614-1_8

L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi, Finding malicious domains using passive dns analysis, NDSS'11, 18th Annual Network & Distributed System Security Symposium, pp.6-9, 2011.

B. Zdrnja, Security monitoring of dns traffic, 2006.

M. Antonakakis, D. Dagon, X. Luo, R. Perdisci, W. Lee et al., A Centralized Monitoring Infrastructure for Improving DNS Security, Proceedings of the 13th international conference on Recent advances in intrusion detection, ser. RAID'10, pp.18-37, 2010.
DOI : 10.1007/978-3-642-15512-3_2

J. M. Spring, Large scale dns traffic analysis of malicious internet activity with a focus on evaluating the response time of blocking phishing site, 2010.

R. Perdisci, I. Corona, D. Dagon, and W. Lee, Detecting Malicious Flux Service Networks through Passive Analysis of Recursive DNS Traces, 2009 Annual Computer Security Applications Conference, pp.311-320, 2009.
DOI : 10.1109/ACSAC.2009.36

H. Van-der-heide and N. Barendregt, Dns anomaly detection EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis, 2011.