I
nte
r
na
t
io
na
l J
o
urna
l o
f
E
lect
rica
l a
nd
Co
m
pu
t
er
E
ng
ineering
(
I
J
E
CE
)
Vo
l.
11
,
No
.
2
,
A
p
r
il
2
0
2
1
,
p
p
.
1
6
6
6
~
1
6
7
4
I
SS
N:
2
0
8
8
-
8
7
0
8
,
DOI
: 1
0
.
1
1
5
9
1
/
ijece
.
v
1
1
i
2
.
pp
1
6
6
6
-
1
6
7
4
1666
J
o
ur
na
l ho
m
ep
a
g
e
:
h
ttp
:
//ij
ec
e.
ia
esco
r
e.
co
m
A hybrid m
ethod
o
f
g
enetic
a
lg
o
rithm and s
uppo
r
t
v
ector
ma
chine f
o
r
DNS
t
unneling
d
etec
tio
n
F
uq
da
n A.
Al
-
I
bra
heem
i
1
,
Sa
t
t
a
r
A
l
-
I
bra
heem
i
2
,
H
a
leh A
m
into
o
s
i
3
1
Co
ll
e
g
e
o
f
De
n
ti
str
y
,
Un
iv
e
rsity
o
f
Al
-
Am
e
e
d
,
Ira
q
2
Ed
u
c
a
ti
o
n
M
in
istr
y
,
Ira
q
3
F
a
c
u
lt
y
o
f
E
n
g
i
n
e
e
rin
g
,
F
e
rd
o
ws
i
Un
iv
e
rsit
y
o
f
M
a
sh
h
a
d
,
Ira
n
Art
icle
I
nfo
AB
S
T
RAC
T
A
r
ticle
his
to
r
y:
R
ec
eiv
ed
J
an
2
,
2
0
20
R
ev
is
ed
J
u
n
2
9
,
20
20
Acc
ep
ted
No
v
1
5
,
2
0
20
Wi
th
t
h
e
e
x
p
a
n
si
o
n
o
f
th
e
b
u
si
n
e
ss
o
v
e
r
th
e
in
ter
n
e
t,
c
o
r
p
o
ra
ti
o
n
s
n
o
wa
d
a
y
s
a
re
in
v
e
stin
g
n
u
m
e
ro
u
s
a
m
o
u
n
ts o
f
m
o
n
e
y
in
th
e
we
b
a
p
p
li
c
a
ti
o
n
s.
Ho
we
v
e
r,
th
e
re
a
re
d
iffere
n
t
th
re
a
ts
c
o
u
l
d
m
a
k
e
th
e
c
o
rp
o
ra
ti
o
n
s
v
u
l
n
e
ra
b
le
fo
r
p
o
ten
ti
a
l
a
tt
a
c
k
s.
On
e
o
f
th
e
se
th
r
e
a
ts
is
h
a
rn
e
ss
in
g
th
e
d
o
m
a
in
n
a
m
e
p
ro
t
o
c
o
l
f
o
r
p
a
ss
in
g
h
a
rm
fu
l
i
n
f
o
rm
a
ti
o
n
,
th
is
k
i
n
d
o
f
t
h
re
a
ts
is
k
n
o
wn
a
s
DN
S
tu
n
n
e
li
n
g
.
As
a
re
su
lt
,
c
o
n
f
id
e
n
ti
a
l
in
f
o
rm
a
ti
o
n
w
o
u
l
d
b
e
e
x
p
o
se
d
a
n
d
v
io
late
d
.
S
e
v
e
ra
l
st
u
d
ies
h
a
v
e
in
v
e
stig
a
ted
t
h
e
m
a
c
h
in
e
lea
rn
i
n
g
i
n
o
r
d
e
r
to
p
ro
p
o
se
a
d
e
tec
ti
o
n
a
p
p
ro
a
c
h
.
In
th
e
ir
a
p
p
r
o
a
c
h
e
s,
a
u
t
h
o
rs
h
a
v
e
u
se
d
d
iffere
n
t
a
n
d
n
u
m
e
ro
u
s
t
y
p
e
s
o
f
fe
a
tu
re
s
su
c
h
a
s
d
o
m
a
in
len
g
th
,
n
u
m
b
e
r
o
f
b
y
tes
,
c
o
n
ten
t
,
v
o
lu
m
e
o
f
DN
S
traffic,
n
u
m
b
e
r
o
f
h
o
st
n
a
m
e
s
p
e
r
d
o
m
a
in
,
g
e
o
g
ra
p
h
ic
l
o
c
a
ti
o
n
a
n
d
d
o
m
a
in
h
isto
r
y
.
A
p
p
a
re
n
tl
y
,
th
e
re
is
a
v
it
a
l
d
e
m
a
n
d
to
a
c
c
o
m
m
o
d
a
te
fe
a
tu
re
se
lec
ti
o
n
tas
k
i
n
o
r
d
e
r
to
id
e
n
t
ify
t
h
e
b
e
st
fe
a
tu
re
s.
Th
is
p
a
p
e
r
p
r
o
p
o
se
s
a
h
y
b
r
id
m
e
th
o
d
o
f
g
e
n
e
ti
c
a
lg
o
rit
h
m
fe
a
tu
re
se
lec
ti
o
n
a
p
p
ro
a
c
h
wit
h
th
e
su
p
p
o
rt
v
e
c
to
r
m
a
c
h
in
e
c
las
sifier
fo
r
th
e
sa
k
e
o
f
id
e
n
ti
f
y
in
g
th
e
b
e
st
fe
a
tu
re
s
th
a
t
h
a
v
e
th
e
a
b
il
it
y
to
o
p
t
imiz
e
th
e
d
e
tec
ti
o
n
o
f
DN
S
tu
n
n
e
li
n
g
.
T
o
e
v
a
lu
a
te
t
h
e
p
ro
p
o
se
d
m
e
th
o
d
,
a
b
e
n
c
h
m
a
rk
d
a
tas
e
t
o
f
DN
S
tu
n
n
e
li
n
g
h
a
s
b
e
e
n
u
se
d
.
R
e
su
lt
s
sh
o
we
d
t
h
a
t
t
h
e
p
ro
p
o
se
d
m
e
th
o
d
h
a
s
o
u
t
p
e
rfo
rm
e
d
t
h
e
c
o
n
v
e
n
ti
o
n
a
l
S
VM
b
y
a
c
h
iev
i
n
g
0
.
9
4
6
o
f
F
-
m
e
a
su
re
.
K
ey
w
o
r
d
s
:
DNS
t
u
n
n
elin
g
Featu
r
e
s
elec
tio
n
Gen
etic
a
lg
o
r
ith
m
Su
p
p
o
r
t
v
ec
to
r
m
ac
h
in
e
T
h
is i
s
a
n
o
p
e
n
a
c
c
e
ss
a
rticle
u
n
d
e
r th
e
CC B
Y
-
SA
li
c
e
n
se
.
C
o
r
r
e
s
p
o
nd
ing
A
uth
o
r
:
Fu
q
d
an
A.
Al
-
I
b
r
ah
ee
m
i
C
o
lleg
e
o
f
Den
tis
tr
y
Un
iv
er
s
ity
o
f
Al
-
Am
ee
d
Kar
b
ala
PO Bo
x
1
9
8
,
I
r
aq
E
m
ail:
f
u
q
d
a
n
@
alam
ee
d
.
ed
u
.
i
q
1.
I
NT
RO
D
UCT
I
O
N
No
wad
ay
s
,
th
e
n
ee
d
f
o
r
web
to
p
er
f
o
r
m
wid
e
r
a
n
g
e
o
f
tr
a
n
s
ac
tio
n
s
is
g
ettin
g
im
p
e
r
ativ
e
f
o
r
lar
g
e
o
r
g
an
izatio
n
s
an
d
e
n
d
-
u
s
er
s
.
T
h
is
ca
n
b
e
r
ep
r
esen
ted
b
y
th
e
s
ea
r
ch
,
ex
p
lo
r
e
an
d
r
ea
ch
o
p
er
atio
n
s
co
n
d
u
cted
to
ac
ce
s
s
v
alu
ab
le
in
f
o
r
m
atio
n
r
elate
d
to
m
ed
ical,
f
in
an
ci
al
an
d
ed
u
ca
tio
n
p
u
r
p
o
s
es.
P
ar
ticu
lar
ly
,
v
ar
io
u
s
b
u
s
in
ess
es
r
ec
en
tly
ar
e
co
n
s
id
er
ab
ly
d
ep
e
n
d
in
g
o
n
th
e
in
ter
n
et
f
o
r
co
n
d
u
ctin
g
th
eir
d
aily
-
b
asis
tr
an
s
ac
tio
n
s
.
W
ith
s
u
ch
a
d
ep
en
d
en
cy
o
f
in
ter
n
et,
wid
e
r
an
g
e
o
f
ch
allen
g
es
wo
u
ld
b
e
p
o
s
ed
.
A
s
ig
n
if
ic
an
t
asp
ec
t
o
f
s
u
ch
ch
allen
g
es
is
th
e
in
f
o
r
m
atio
n
s
ec
u
r
ity
wh
er
e
co
n
f
id
en
tial
d
ata
b
elo
n
g
to
c
r
itical
p
ar
ties
s
u
ch
as
m
ed
ical
an
d
m
ilit
ar
y
wo
u
ld
b
e
e
x
p
o
s
ed
.
Secu
r
ity
th
r
ea
ts
tak
e
d
if
f
e
r
e
n
t
f
o
r
m
s
,
b
u
t
o
n
e
o
f
th
ese
f
o
r
m
is
tak
i
n
g
t
h
e
ad
v
an
tag
e
o
f
d
o
m
ain
n
am
e
s
y
s
t
em
(
DNS)
p
r
o
to
c
o
l
f
o
r
p
a
s
s
in
g
d
an
g
er
o
u
s
an
d
m
alicio
u
s
p
r
o
ce
d
u
r
es,
th
is
attac
k
attem
p
t is k
n
o
wn
as D
NS tu
n
n
elin
g
[
1
]
.
DNS
is
ch
ar
ac
ter
iz
ed
b
y
its
s
im
p
licity
wh
e
r
e
it in
ten
d
s
to
o
f
f
er
a
s
tr
aig
h
tf
o
r
war
d
way
f
o
r
ac
ce
s
s
in
g
p
ar
ticu
lar
s
er
v
er
th
r
o
u
g
h
th
e
d
o
m
ain
n
am
e
in
s
tead
o
f
th
e
I
P
ad
d
r
ess
[2
-
5]
.
B
ec
au
s
e
o
f
its
s
im
p
licity
,
attac
k
er
s
attem
p
t
to
u
s
e
it
f
o
r
cr
ea
tin
g
a
tu
n
n
el
to
e
x
ec
u
t
e
m
alicio
u
s
s
cr
ip
ts
th
at
in
ten
d
ed
t
o
ca
p
tu
r
e
co
n
f
id
en
tial in
f
o
r
m
atio
n
,
g
ain
i
n
g
a
s
u
p
er
ac
ce
s
s
,
o
r
attem
p
tin
g
to
h
ar
m
th
e
s
er
v
er
[
6
]
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2
0
8
8
-
8
7
0
8
A
h
yb
r
id
meth
o
d
o
f g
e
n
etic
a
l
g
o
r
ith
m
a
n
d
s
u
p
p
o
r
t v
ec
to
r
m
a
c
h
in
e
fo
r
DN
S
...
(
F
u
q
d
a
n
A
.
A
l
-
I
b
r
a
h
ee
mi)
1667
R
eg
ar
d
less
,
DN
S
is
s
ti
ll
an
im
p
er
ativ
e
co
m
p
o
n
en
t
with
in
th
e
wo
r
ld
wid
e
web
f
o
r
co
n
d
u
ctin
g
n
ec
ess
ar
y
o
p
er
atio
n
s
s
u
ch
as
t
h
e
s
u
r
f
in
g
an
d
co
m
m
u
n
icatio
n
s
[
7
]
.
I
ts
k
e
y
s
u
cc
ess
is
r
ep
r
esen
ted
b
y
p
r
o
v
id
in
g
f
lex
ib
le
way
f
o
r
r
ea
ch
i
n
g
o
u
t
a
s
p
ec
if
i
c
s
er
v
e
r
th
r
o
u
g
h
a
s
tr
aig
h
tf
o
r
war
d
n
a
m
e
in
s
tead
o
f
th
e
co
m
p
licated
f
o
r
m
o
f
I
P
ad
d
r
ess
[8
-
12]
.
Fo
r
in
s
tan
ce
,
r
ath
er
th
an
ty
p
i
n
g
a
lo
n
g
an
d
c
o
m
p
licated
co
m
b
in
atio
n
s
o
f
I
P
ad
d
r
ess
es
s
u
ch
as
‘
1
2
0
.
9
0
.
1
0
.
1
’
,
it
is
m
o
r
e
co
n
v
en
ien
t
to
ty
p
e
th
e
‘
Ser
v
er
Do
m
ain
Nam
e
.
c
o
m
’
.
Ho
we
v
er
,
s
u
c
h
s
im
p
licity
co
m
es
with
a
co
s
t
wh
er
e
th
e
DNS
is
ex
p
o
s
ed
to
wid
e
r
an
g
e
o
f
th
r
e
ats
th
r
o
u
g
h
tu
n
n
els
.
T
h
er
e
f
o
r
e
,
p
o
wer
f
u
l
s
er
v
er
s
o
f
well
k
n
o
wn
o
r
g
a
n
izatio
n
s
ar
e
v
u
ln
er
a
b
le
to
s
u
ch
th
r
ea
ts
th
r
o
u
g
h
th
e
DNS
tu
n
n
elin
g
[
1
3
]
.
T
h
is
is
d
u
e
to
th
e
m
ajo
r
co
n
s
id
er
atio
n
o
f
o
th
e
r
n
etwo
r
k
s
e
cu
r
ity
asp
ec
ts
wh
ich
m
ig
h
t
y
i
eld
g
r
ea
ter
t
h
r
ea
ts
co
m
p
a
r
ed
to
th
e
DNS
tu
n
n
elin
g
.
W
id
e
r
an
g
e
o
f
m
et
h
o
d
s
wer
e
d
ep
icted
in
th
e
liter
atu
r
e
f
o
r
t
h
e
id
en
tific
atio
n
o
f
DNS
tu
n
n
elin
g
[
1
4
]
.
On
e
th
e
t
r
ad
itio
n
al
tec
h
n
iq
u
es
is
th
e
Fire
wall
wh
er
e
it
h
as
t
h
e
ab
ilit
y
to
r
ejec
t
s
p
ec
if
ic
D
NS
q
u
er
ies
b
ased
o
n
s
o
m
e
in
s
tr
u
ctio
n
s
.
T
h
ese
in
s
tr
u
ctio
n
s
ar
e
s
im
p
ly
co
m
p
ar
in
g
th
e
I
P
ad
d
r
ess
o
f
s
p
ec
if
ic
DN
S
q
u
er
y
in
o
r
d
e
r
to
m
atch
it
with
p
r
eo
r
d
ain
ed
lis
t
o
f
allo
wed
I
P
ad
d
r
ess
es
wh
i
ch
m
ig
h
t
f
ac
ilit
ate
av
o
id
in
g
u
n
k
n
o
wn
DNS
th
at
y
ield
s
h
ar
m
f
u
l
co
n
te
n
ts
.
Ad
d
itio
n
ally
,
an
y
in
tr
u
s
io
n
d
etec
tio
n
s
y
s
tem
wo
u
ld
also
h
av
e
th
e
ca
p
ab
ilit
y
to
d
etec
t
DNS
tu
n
n
elin
g
th
r
o
u
g
h
th
e
in
v
esti
g
atio
n
o
f
r
eq
u
ests
.
Fu
r
th
er
m
o
r
e
,
an
aly
zin
g
th
e
n
etwo
r
k
tr
af
f
ic
is
an
o
th
er
way
o
f
id
en
tify
in
g
DNS
tu
n
n
elin
g
wh
er
e
ex
tr
a
f
ea
tu
r
es
ar
e
b
ein
g
co
n
s
id
er
ed
alo
n
g
with
th
e
d
o
m
ain
n
am
e.
L
astl
y
,
th
e
p
ass
iv
e
r
ep
licatio
n
tech
n
iq
u
e
h
as
also
th
e
ab
ilit
y
to
av
o
id
DNS
tu
n
n
elin
g
t
h
r
o
u
g
h
r
ep
licatin
g
ea
c
h
DNS
q
u
er
y
f
o
r
d
e
n
y
in
g
th
e
f
u
r
th
er
u
s
e
o
f
th
em
.
Yet
,
all
th
e
ab
o
v
e
-
m
e
n
tio
n
ed
t
ec
h
n
iq
u
es
ar
e
s
till
h
av
in
g
v
ar
i
o
u
s
d
r
awb
ac
k
s
.
T
h
is
is
b
ec
a
u
s
e
th
ey
a
r
e
ab
le
to
r
ec
o
g
n
ize
f
ew
ty
p
es
o
f
DNS
tu
n
n
elin
g
.
I
n
ad
d
itio
n
,
i
t
is
o
b
v
io
u
s
th
at
ad
d
itio
n
al
in
f
o
r
m
atio
n
is
n
ee
d
e
d
to
d
etec
t
a
s
o
p
h
is
ticated
DNS
tu
n
n
elin
g
.
Ap
p
ar
en
t
ly
,
d
is
tin
g
u
is
h
in
g
th
e
r
eg
u
lar
DNS
q
u
e
r
ies
f
r
o
m
th
e
DNS
tu
n
n
elin
g
is
a
ch
allen
g
in
g
task
.
Acc
o
r
d
in
g
to
th
e
in
s
u
f
f
icien
t
p
er
f
o
r
m
a
n
ce
o
f
t
h
e
tr
a
d
itio
n
al
m
eth
o
d
s
in
ter
m
s
o
f
d
etec
tin
g
DNS
tu
n
n
elin
g
,
r
ec
en
t
s
tu
d
ies
h
av
e
r
ec
o
m
m
e
n
d
ed
th
e
u
s
e
o
f
m
a
ch
in
e
lear
n
i
n
g
tech
n
iq
u
es
in
ter
m
s
o
f
d
etec
tin
g
DNS
tu
n
n
elin
g
[
1
5
-
17]
.
Ma
c
h
in
e
lear
n
in
g
tech
n
iq
u
es
h
av
e
th
e
ab
ilit
y
to
tr
ain
an
d
lear
n
f
r
o
m
p
r
ev
io
u
s
ex
p
er
ien
ce
s
o
f
DNS
tu
n
n
elin
g
.
Su
ch
lear
n
in
g
p
ar
ad
ig
m
h
a
s
th
e
ab
ilit
y
to
m
ak
e
th
e
m
ac
h
in
e
ab
le
to
d
etec
t
n
ew
ty
p
es
o
f
DNS
tu
n
n
elin
g
.
Yet,
th
er
e
ar
e
s
o
m
e
c
h
allen
g
in
g
is
s
u
es
th
at
ar
e
f
ac
in
g
t
h
e
m
ac
h
in
e
lear
n
i
n
g
tech
n
iq
u
es in
th
e
p
r
o
ce
s
s
o
f
i
d
en
tify
in
g
DNS
tu
n
n
elin
g
.
On
e
o
f
th
e
ch
allen
g
in
g
task
s
b
eh
in
d
u
s
in
g
th
e
m
ac
h
i
n
e
lear
n
in
g
(
ML
)
tech
n
iq
u
es
f
o
r
t
h
e
s
ak
e
o
f
DNS
tu
n
n
elin
g
d
etec
tio
n
is
th
e
h
ig
h
d
im
e
n
s
io
n
ality
o
f
th
e
f
e
atu
r
es th
at
co
u
ld
b
e
u
s
ed
to
d
i
f
f
er
en
tiate
th
e
DNS
q
u
er
ies
f
r
o
m
th
e
tu
n
n
elin
g
o
n
es.
B
asical
ly
,
f
ea
tu
r
es
p
lay
a
n
ess
en
tial
r
o
le
in
th
e
m
ac
h
in
e
lear
n
in
g
in
wh
ich
th
e
s
ig
n
if
ican
t
f
ea
tu
r
es
lead
i
m
p
r
o
v
e
th
e
p
e
r
f
o
r
m
an
ce
o
f
th
e
class
if
icatio
n
an
d
v
ice
v
er
s
a
[
1
8
]
.
Selectin
g
th
e
m
o
s
t
ap
p
r
o
p
r
iate
f
ea
t
u
r
es
was
o
n
e
o
f
th
e
m
aj
o
r
co
n
ce
r
n
s
with
in
th
e
co
m
m
u
n
ity
o
f
m
ac
h
in
e
lear
n
in
g
r
esear
ch
er
s
.
T
h
e
f
ea
tu
r
es
th
at
h
av
e
b
ee
n
e
x
p
lo
ited
to
id
en
tify
th
e
tu
n
n
el
in
g
ar
e
ca
teg
o
r
ized
in
two
m
a
in
class
e
s
p
ay
lo
ad
an
aly
s
is
o
r
tr
af
f
ic
an
a
ly
s
is
[
1
7
]
.
Pay
l
o
ad
an
aly
s
is
ca
n
b
e
u
s
ed
t
o
d
etec
t
DNS
tu
n
n
elin
g
b
y
an
al
y
zin
g
th
e
r
eq
u
est
an
d
its
f
ea
tu
r
es
in
clu
d
in
g
d
o
m
ain
len
g
th
,
n
u
m
b
er
o
f
b
y
tes
an
d
co
n
ten
t.
Su
ch
f
ea
tu
r
es
co
u
ld
b
e
ex
p
lo
ited
to
g
e
n
er
ate
r
u
les
th
at
in
ten
d
ed
to
p
r
e
v
en
t
DNS
tu
n
n
elin
g
.
W
h
er
ea
s
,
tr
af
f
ic
an
a
ly
s
is
ca
n
b
e
u
s
ed
to
d
etec
t
th
e
DNS
tu
n
n
elin
g
b
y
ex
am
in
in
g
t
h
e
tr
af
f
ic
an
d
its
f
ea
tu
r
es
in
clu
d
in
g
v
o
lu
m
e
o
f
DNS
tr
af
f
ic,
n
u
m
b
er
o
f
h
o
s
tn
am
es
p
e
r
d
o
m
ain
,
g
e
o
g
r
ap
h
ic
lo
ca
tio
n
a
n
d
d
o
m
ai
n
h
is
to
r
y
.
Ap
p
ar
en
tly
,
th
e
r
e
i
s
a
wid
e
r
an
g
e
o
f
f
ea
tu
r
es
ca
n
b
e
ex
p
l
o
ited
f
o
r
th
e
i
d
en
tific
atio
n
o
f
tu
n
n
elin
g
th
r
o
u
g
h
ML
.
T
h
er
ef
o
r
e,
t
h
is
p
ap
er
in
ten
d
s
to
p
r
o
p
o
s
e
a
f
ea
tu
r
e
s
elec
tio
n
ap
p
r
o
ac
h
b
ased
o
n
g
e
n
etic
alg
o
r
ith
m
f
o
r
DNS
tu
n
n
elin
g
d
etec
tio
n
.
T
h
e
p
r
o
p
o
s
ed
f
ea
tu
r
e
s
elec
tio
n
ap
p
r
o
ac
h
will
b
e
co
m
b
i
n
ed
with
a
s
u
p
p
o
r
t
v
ec
to
r
m
ac
h
i
n
e
class
if
ier
.
2.
RE
L
AT
E
D
WO
RK
T
h
e
n
ewly
r
esear
ch
es
in
DNS
tu
n
n
elin
g
f
o
cu
s
es
o
n
M
L
f
o
r
th
e
id
en
tific
atio
n
p
r
o
c
ess
.
T
h
is
i
s
b
ec
au
s
e
ML
wo
u
ld
h
av
e
th
e
ab
ilit
y
to
lear
n
f
r
o
m
p
r
ev
io
u
s
ca
s
es
an
d
g
en
er
ate
s
tatis
ti
ca
l
r
u
les
f
o
r
f
u
tu
r
e
attem
p
ts
.
As
an
ex
am
p
le
o
f
s
u
ch
s
tu
d
ies
is
th
e
o
n
e
p
r
o
p
o
s
ed
b
y
Du
s
i
et
a
l
.
[
1
9
]
in
wh
ich
a
s
y
s
tem
was
d
esig
n
ed
to
lear
n
f
r
o
m
p
r
ev
i
o
u
s
ly
k
n
o
w
n
DNS
tu
n
n
elin
g
attem
p
ts
.
T
h
e
s
y
s
tem
was
a
n
aly
zin
g
s
ig
n
if
ican
t
ch
ar
ac
ter
is
tics
s
u
ch
as
n
etwo
r
k
tr
af
f
ic.
B
ased
o
n
s
u
ch
f
ea
tu
r
es,
th
e
s
y
s
t
em
will
g
e
n
er
a
te
a
s
et
o
f
r
u
les
to
p
r
ed
ict
th
e
o
cc
u
r
r
e
n
ce
o
f
DNS
tu
n
n
elin
g
.
I
n
th
e
s
am
e
r
e
g
ar
d
,
Du
s
i
et
a
l
.
[
1
4
]
p
r
ese
n
ted
a
n
ML
m
eth
o
d
aim
ed
at
d
etec
tin
g
th
e
tu
n
n
els
with
in
th
e
ap
p
licatio
n
lay
er
.
Su
ch
m
eth
o
d
was
in
ten
d
ed
t
o
tak
e
th
e
ad
v
an
ta
g
e
o
f
s
ig
n
if
ican
t
f
ea
t
u
r
es
to
d
i
f
f
er
en
tiate
th
e
n
o
r
m
al
an
d
s
u
s
p
icio
u
s
p
atter
n
s
.
T
h
e
f
ea
tu
r
es
co
n
s
is
ted
o
f
n
etwo
r
k
tr
af
f
ic
ch
ar
a
cter
is
tics
in
clu
d
in
g
co
n
n
ec
tio
n
d
u
r
atio
n
an
d
s
en
d
in
g
an
d
r
ec
eiv
in
g
s
izes.
L
astl
y
,
an
alg
o
r
ith
m
o
f
d
ec
is
io
n
t
r
ee
(
DT
)
h
as
b
ee
n
tr
ain
ed
o
n
s
u
c
h
f
ea
tu
r
es
to
d
etec
t
th
e
p
o
ten
tial
DNS
tu
n
n
elin
g
.
R
esu
lts
o
f
class
if
icatio
n
d
em
o
n
s
tr
ated
an
o
u
tp
er
f
o
r
m
an
ce
o
v
e
r
th
e
co
n
v
en
tio
n
al
m
eth
o
d
s
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8
7
0
8
I
n
t J E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
11
,
No
.
2
,
Ap
r
il 2
0
2
1
:
1
6
6
6
-
1674
1668
B
esid
e
th
e
DT
,
Allar
d
et
a
l
.
[
2
0
]
p
r
esen
ted
an
alg
o
r
ith
m
o
f
r
an
d
o
m
f
o
r
r
est
(
R
F)
f
o
r
p
r
ev
e
n
tin
g
DNS
tu
n
n
elin
g
.
I
n
a
s
im
ilar
way
to
th
e
p
r
ev
io
u
s
s
tu
d
y
,
th
is
s
tu
d
y
h
as
also
tak
in
g
th
e
ad
v
an
tag
e
o
f
n
etwo
r
k
tr
af
f
ic
f
lo
w
f
ea
tu
r
es.
L
astl
y
,
th
e
p
r
o
p
o
s
ed
class
if
ier
s
h
av
e
b
ee
n
tr
ain
ed
o
n
th
e
f
ea
tu
r
e
s
p
ac
e
o
f
f
lo
w
ch
ar
ac
ter
is
tics
an
d
test
ed
o
n
a
s
et
o
f
DNS
q
u
er
y
[
2
0
]
.
Aiello
et
a
l
.
[
2
1
]
is
an
o
th
er
s
tu
d
y
wh
er
e
SVM
alg
o
r
ith
m
h
as
b
ee
n
u
s
ed
f
o
r
th
e
i
d
en
ti
f
icatio
n
o
f
tu
n
n
elin
g
.
T
h
e
a
u
th
o
r
s
h
av
e
u
tili
ze
d
a
s
et
o
f
DNS
q
u
er
ies
an
d
a
n
s
wer
s
in
o
r
d
er
to
tr
ai
n
th
eir
m
o
d
el
[
2
1
]
.
Du
r
in
g
th
e
m
o
d
el
b
u
ild
in
g
,
q
u
er
ies’
co
n
ten
ts
h
a
v
e
b
ee
n
ex
a
m
in
ed
in
ter
m
s
o
f
n
o
r
m
al
an
d
s
u
s
p
icio
u
s
p
atter
n
s
.
Ad
d
itio
n
ally
,
Aiello
et
a
l
.
[
1
6
]
p
r
o
p
o
s
ed
a
s
tatis
tical
f
in
g
er
p
r
in
t
f
o
r
th
e
id
e
n
tific
atio
n
o
f
DNS
tu
n
n
elin
g
b
ased
on
m
ac
h
in
e
lear
n
i
n
g
m
et
h
o
d
.
T
h
e
p
r
o
p
o
s
ed
m
eth
o
d
h
as
tak
en
th
e
a
d
v
an
tag
e
o
f
co
n
n
ec
tio
n
f
ea
tu
r
es
s
u
ch
as
d
u
r
atio
n
a
n
d
s
ize
o
f
p
ac
k
ets.
Usi
n
g
R
F
alg
o
r
ith
m
,
B
u
cz
ak
et
a
l
.
[
2
2
]
p
r
esen
ted
a
m
o
d
el
f
o
r
p
r
ev
en
tin
g
DNS
tu
n
n
elin
g
.
T
h
e
p
r
o
p
o
s
ed
m
o
d
el
h
as
u
tili
ze
d
th
e
d
u
r
atio
n
a
n
d
s
ize
o
f
th
e
c
o
n
n
ec
tio
n
s
in
o
r
d
er
to
in
itiate
th
e
f
ea
tu
r
e
s
p
ac
e.
L
astl
y
,
th
e
p
r
o
p
o
s
ed
R
F h
as b
ee
n
u
s
ed
to
p
r
ed
ict
th
e
o
cc
u
r
r
e
n
ce
o
f
th
e
DNS
tu
n
n
elin
g
.
T
o
ex
am
in
e
a
n
ew
f
o
r
m
o
f
f
ea
tu
r
es,
Aiello
et
a
l
.
[
2
3
]
u
ti
lized
two
f
ea
tu
r
e
ex
tr
ac
tio
n
t
ec
h
n
iq
u
es
in
clu
d
in
g
p
r
i
n
cip
le
co
m
p
o
n
en
t
an
al
y
s
is
an
d
m
u
tu
al
in
f
o
r
m
atio
n
.
Su
ch
tech
n
iq
u
es
aim
at
f
in
d
in
g
co
r
r
elatio
n
s
an
d
av
er
a
g
in
g
th
e
s
tatis
tical
f
ea
tu
r
es
o
f
n
etwo
r
k
f
lo
w.
L
a
s
tly
,
u
s
in
g
a
K
-
n
ea
r
est
n
eig
h
b
o
r
alg
o
r
ith
m
,
th
e
au
th
o
r
s
h
av
e
s
u
cc
ess
f
u
lly
m
an
ag
ed
to
tr
ain
a
m
o
d
el
f
o
r
p
r
e
d
ictin
g
th
e
DNS
tu
n
n
elin
g
.
Ho
m
em
et
a
l
.
[
2
4
]
ex
a
m
in
ed
th
e
ca
p
ab
ilit
y
o
f
m
a
x
im
u
m
e
n
tr
o
p
y
alg
o
r
ith
m
in
te
r
m
s
o
f
i
d
en
tify
in
g
DNS
tu
n
n
elin
g
.
T
h
e
alg
o
r
ith
m
h
as
b
ee
n
tr
ain
ed
o
n
tr
a
d
itio
n
al
f
ea
tu
r
es
s
u
ch
as
co
n
n
ec
tio
n
d
u
r
atio
n
an
d
s
ize.
L
astl
y
,
a
p
r
ed
ictio
n
m
o
d
el
h
as b
ee
n
b
u
ilt to
an
ticip
ate
th
e
o
c
cu
r
r
en
ce
o
f
DNS
tu
n
n
elin
g
.
Fin
ally
,
Van
T
h
u
an
Do
et
a
l
.
[
1
5
]
h
av
e
ex
te
n
d
ed
t
h
e
f
ea
t
u
r
e
s
p
ac
e
f
o
r
p
r
e
d
ictin
g
DNS
tu
n
n
elin
g
with
in
m
o
b
ile
n
etwo
r
k
s
.
T
h
e
au
th
o
r
s
h
a
v
e
u
tili
ze
d
d
u
r
a
tio
n
o
f
c
o
n
n
ec
tio
n
,
le
n
g
th
o
f
DNS
q
u
er
y
an
d
d
esti
n
atio
n
.
L
astl
y
,
an
SVM
alg
o
r
ith
m
h
as
b
ee
n
tr
ain
ed
o
n
s
u
ch
f
ea
tu
r
es.
Fro
m
t
h
e
liter
atu
r
e,
th
at
th
er
e
ar
e
a
wid
e
r
an
g
e
o
f
f
ea
tu
r
es th
at
h
a
v
e
b
ee
n
a
d
d
r
ess
ed
f
o
r
th
e
t
ask
o
f
d
etec
tin
g
DNS
tu
n
n
elin
g
.
I
n
th
is
m
an
n
er
,
th
er
e
is
a
v
ital
d
em
an
d
to
d
eter
m
in
e
th
e
m
o
s
t
ap
p
r
o
p
r
iate
f
ea
tu
r
e
s
et.
T
h
is
is
d
u
e
to
th
e
im
p
er
ativ
e
n
ee
d
o
f
i
d
en
tify
th
e
b
est f
ea
tu
r
es.
3.
P
RO
P
O
SE
D
M
E
T
H
O
D
I
n
o
r
d
e
r
to
id
en
tif
y
th
e
b
est
f
ea
tu
r
e
s
et
f
o
r
d
etec
tin
g
DNS
tu
n
n
ellin
g
,
th
is
p
ap
e
r
p
r
o
p
o
s
e
s
a
h
y
b
r
id
m
eth
o
d
o
f
g
e
n
etic
alg
o
r
ith
m
(
GA)
f
ea
tu
r
e
s
elec
tio
n
ap
p
r
o
ac
h
with
th
e
s
u
p
p
o
r
t
v
ec
to
r
m
ac
h
in
e
(
SVM)
class
if
ier
.
T
o
d
escr
ib
e
th
e
a
p
p
licatio
n
o
f
t
h
e
p
r
o
p
o
s
ed
s
o
lu
tio
n
,
Fig
u
r
e
1
s
h
o
ws
th
e
wo
r
k
f
l
o
w
o
f
th
e
im
p
lem
en
tatio
n
.
Fig
u
r
e
1
.
W
o
r
k
f
lo
w
o
f
th
e
p
r
o
p
o
s
ed
m
eth
o
d
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2
0
8
8
-
8
7
0
8
A
h
yb
r
id
meth
o
d
o
f g
e
n
etic
a
l
g
o
r
ith
m
a
n
d
s
u
p
p
o
r
t v
ec
to
r
m
a
c
h
in
e
fo
r
DN
S
...
(
F
u
q
d
a
n
A
.
A
l
-
I
b
r
a
h
ee
mi)
1669
As
s
h
o
wn
in
Fig
u
r
e
1
,
t
h
e
im
p
lem
en
tatio
n
s
tag
e
b
eg
in
s
wit
h
a
d
ataset
o
f
DNS
q
u
er
ies
th
at
co
n
s
is
ts
o
f
leg
itima
te
an
d
tu
n
n
el
lin
g
q
u
er
ies.
I
n
o
r
d
er
to
estab
lis
h
th
e
f
ea
tu
r
e
s
p
ac
e,
a
f
ea
tu
r
e
ex
tr
ac
tio
n
task
will
tak
e
a
p
lace
in
o
r
d
er
to
r
ep
r
esen
t t
wo
ty
p
es o
f
f
ea
t
u
r
es in
clu
d
in
g
p
ay
lo
ad
a
n
d
tr
a
f
f
ic
f
ea
tu
r
es
.
C
o
n
s
eq
u
en
tially
,
GA
will
b
e
u
s
ed
to
s
ea
r
ch
f
o
r
th
e
b
est
s
o
lu
tio
n
s
o
r
in
o
th
er
wo
r
d
id
e
n
tify
in
g
th
e
b
est
f
ea
tu
r
e
s
.
T
h
en
,
SVM
will
ac
co
m
m
o
d
ate
th
e
class
if
icatio
n
task
in
wh
ich
th
e
q
u
e
r
ies
will
b
e
d
iv
id
ed
in
to
leg
itim
ate
an
d
tu
n
n
ellin
g
q
u
er
ies.
Ho
wev
er
,
th
e
latter
p
h
ases
will b
e
tack
led
in
th
e
n
e
x
t sectio
n
s
in
d
ep
en
d
en
tly
.
3
.
1
.
DNS
t
un
nelin
g
da
t
a
s
et
I
n
o
r
d
er
to
cr
ea
te
th
e
DNS
tu
n
n
elled
tr
af
f
ic
d
ataset,
[
2
4
]
h
av
e
s
im
u
lated
t
h
e
u
s
e
o
f
d
if
f
er
e
n
t
p
r
o
to
co
ls
r
e
g
ar
d
i
n
g
t
o
th
eir
o
wn
DNS
tu
n
n
el.
T
h
e
a
u
th
o
r
s
h
av
e
d
e
v
elo
p
e
d
a
s
cr
ip
t
in
p
y
th
o
n
p
r
o
g
r
am
m
in
g
lan
g
u
ag
e
in
o
r
d
er
to
g
e
n
er
ate
an
d
co
llect
p
ac
k
et
ca
p
t
u
r
es
o
f
n
etwo
r
k
tr
af
f
ic
b
y
s
im
u
latin
g
th
e
n
o
r
m
al
u
s
e
o
f
an
o
th
er
two
n
etwo
r
k
p
r
o
to
co
l
s
r
u
n
n
in
g
o
v
er
DNS
tu
n
n
els
in
clu
d
in
g
HT
T
PS
an
d
POP3
.
Fo
r
b
o
th
HT
T
P
an
d
HT
T
PS
,
th
e
d
ata
was
g
e
n
er
at
ed
b
y
v
is
itin
g
f
iv
e
r
a
n
d
o
m
w
eb
s
ite.
FTP
was
s
im
u
lated
th
r
o
u
g
h
th
e
d
ir
ec
to
r
y
tr
av
er
s
al
an
d
d
o
wn
lo
a
d
in
g
f
i
v
e
r
an
d
o
m
f
iles
f
r
o
m
an
FTP
s
er
v
er
.
Fin
ally
,
POP3
p
r
o
to
c
o
l
was
s
im
u
lated
b
y
r
eq
u
esti
n
g
an
d
d
o
wn
lo
ad
i
n
g
f
iv
e
r
an
d
o
m
em
ails
f
r
o
m
a
m
a
il
s
er
v
er
in
wh
ic
h
s
o
m
e
o
f
th
ese
em
ail
co
n
tain
s
p
lain
tex
t
an
d
th
e
o
th
er
co
n
tain
s
r
an
d
o
m
ly
g
en
er
ate
d
f
iles
as
attac
h
m
en
ts
.
T
ab
le
1
d
ep
ic
ts
th
e
d
etails
o
f
th
e
DNS
tu
n
n
elin
g
d
ataset.
T
ab
le
1
.
Data
s
et
d
etails
N
e
t
w
o
r
k
P
r
o
t
o
c
o
l
N
u
mb
e
r
o
f
S
a
m
p
l
e
s
O
r
i
g
i
n
a
l
S
i
z
e
R
e
d
u
c
e
d
S
i
z
e
H
TTP
52
6
3
6
.
7
M
B
1
7
9
.
9
M
B
H
TTPS
53
6
8
6
.
3
1
8
1
.
4
M
B
F
TP
53
2
6
0
.
2
M
B
4
9
.
8
M
B
P
O
P
3
53
1
3
1
.
6
M
B
2
8
.
2
M
B
To
t
a
l
2
1
1
1
7
1
4
.
8
M
B
4
3
6
.
3
M
B
3
.
2
.
F
e
a
t
ure
ex
t
r
a
ct
io
n
I
n
f
ac
t,
f
ea
tu
r
es
p
lay
a
n
ess
en
tial
r
o
le
in
th
e
co
n
tex
t
o
f
s
u
p
er
v
is
ed
m
ac
h
in
e
lear
n
in
g
in
wh
ich
th
e
s
tr
o
n
g
f
ea
t
u
r
es
wo
u
ld
s
ig
n
if
i
ca
n
tly
im
p
r
o
v
ed
th
e
p
er
f
o
r
m
an
ce
o
f
th
e
class
if
icatio
n
,
v
ice
v
er
s
a;
th
e
wea
k
f
ea
tu
r
es
wo
u
ld
n
e
g
ativ
ely
af
f
ec
t
th
e
p
er
f
o
r
m
an
ce
o
f
th
e
cl
ass
if
icatio
n
.
I
n
th
is
m
an
n
er
,
i
n
o
r
d
er
t
o
g
en
e
r
ate
f
ea
tu
r
es f
o
r
th
e
n
etwo
r
k
tr
af
f
ic
,
[
2
4
]
h
av
e
a
n
aly
s
ed
d
if
f
e
r
en
t
f
ea
tu
r
es r
elate
d
to
b
o
th
n
o
r
m
al
an
d
tu
n
n
el
tr
af
f
ic.
I
n
f
ac
t,
n
u
m
er
o
u
s
f
ea
tu
r
es
ca
n
b
e
ex
tr
ac
ted
b
y
o
b
s
er
v
in
g
b
o
th
n
o
r
m
al
an
d
tu
n
n
el
tr
af
f
ic
s
u
ch
as
b
y
te
f
r
eq
u
e
n
cies,
in
f
o
r
m
atio
n
en
t
r
o
p
y
an
d
p
ac
k
et
len
g
th
s
.
Ho
wev
er
,
o
n
e
o
f
th
e
s
ig
n
i
f
ic
an
t
f
ea
tu
r
e
is
th
e
in
f
o
r
m
atio
n
en
tr
o
p
y
d
u
e
to
its
d
ir
ec
t c
o
r
r
elatio
n
with
th
e
ac
tu
al
d
ata
b
y
tes co
m
p
o
s
in
g
p
ac
k
e
ts
.
I
n
v
esti
g
atin
g
th
e
n
etwo
r
k
f
l
o
w
f
ea
tu
r
es
wo
u
ld
in
clu
d
e
v
ar
io
u
s
lev
els
s
u
ch
as
I
P
-
lev
el,
tr
an
s
p
o
r
t
-
lev
el
o
r
ap
p
licatio
n
-
le
v
el.
T
h
e
k
ey
d
if
f
e
r
en
ce
am
o
n
g
s
u
ch
lev
els
lies
b
etwe
en
th
e
clien
t
r
eq
u
est
an
d
s
er
v
er
an
s
wer
.
Fo
r
in
s
tan
ce
,
s
o
m
e
p
r
o
to
co
ls
wo
u
ld
h
av
e
s
im
ilar
o
r
ev
e
n
id
en
tical
c
o
n
ten
t
r
e
g
ar
d
in
g
t
h
e
r
eq
u
est's
co
n
ten
t.
Yet,
th
e
k
ey
d
is
tin
g
u
is
h
b
etwe
en
t
h
em
lies
o
n
th
e
s
er
v
er
r
esp
o
n
s
e.
T
h
er
ef
o
r
e,
c
o
n
ce
n
tr
ain
g
o
n
th
e
co
n
ten
ct
o
f
r
esp
o
n
s
e
is
co
n
s
id
er
ed
m
u
ch
ap
p
r
o
p
r
iate
to
ex
a
m
in
e
th
e
v
ar
ian
ce
s
.
I
n
p
ar
ticu
l
ar
,
s
o
m
e
tech
n
iq
u
es
s
u
ch
as in
f
o
r
m
atio
n
en
tr
o
p
y
w
o
u
ld
b
e
a
g
r
ea
t h
elp
in
ter
m
s
o
f
id
en
tify
in
g
th
e
v
a
r
iatio
n
with
in
a
m
ess
ag
e.
On
e
way
to
co
m
p
u
t
e
th
e
en
tr
o
p
y
is
b
y
esti
m
atin
g
t
h
e
b
y
tes
with
in
a
p
ac
k
et
[
2
4
]
.
He
n
ce
,
th
e
p
r
o
b
ab
ilit
y
o
f
ce
r
tain
o
cc
u
r
r
e
n
ce
s
o
f
b
y
te
(
)
m
u
ltip
lied
b
y
its
lo
g
a
r
ith
m
wo
u
l
d
co
n
t
r
ib
u
te
to
war
d
id
en
tify
i
n
g
th
e
en
tr
o
p
y
as
in
th
e
f
o
llo
win
g
f
o
r
m
u
la
:
(
)
=
−
∑
(
)
×
(
)
=
1
(
1
)
T
h
e
p
r
im
al
b
e
n
ef
it
o
f
ac
q
u
ir
i
n
g
en
tr
o
p
y
lies
b
eh
in
d
g
ain
i
n
g
an
in
s
ig
h
t
r
eg
ar
d
i
n
g
th
e
d
is
tr
ib
u
tio
n
p
r
o
d
u
ce
d
with
in
ev
er
y
p
r
o
to
co
l
f
lo
w.
Hen
ce
,
th
e
d
is
tr
ib
u
tio
n
’
s
tr
en
d
is
ac
q
u
ir
e
d
th
r
o
u
g
h
s
u
ch
en
t
r
o
p
y
an
aly
s
is
.
Alo
n
g
with
th
e
in
f
o
r
m
atio
n
en
tr
o
p
y
,
th
e
r
e
ar
e
o
th
e
r
f
ea
tu
r
es
th
at
we
r
e
p
r
o
v
id
e
d
f
o
r
ea
ch
co
n
n
ec
tio
n
s
u
ch
as
DNS
r
e
q
u
est
len
g
t
h
,
I
P
p
ac
k
et
s
en
d
er
len
g
th
,
I
P
p
a
ck
et
r
esp
o
n
s
e
len
g
t
h
,
e
n
co
d
e
d
DNS
q
u
er
y
n
am
e
len
g
th
,
r
e
q
u
est ap
p
licatio
n
la
y
er
en
tr
o
p
y
,
I
P
p
ac
k
et
en
tr
o
p
y
an
d
q
u
er
y
n
am
e
en
tr
o
p
y
.
3
.
3
.
Dis
cr
et
iza
t
io
n
I
n
m
ath
em
atics,
d
is
cr
etiza
tio
n
task
aim
s
to
tr
an
s
f
er
co
n
ti
n
u
o
u
s
f
u
n
ctio
n
s
,
m
o
d
els
a
n
d
e
q
u
a
tio
n
s
in
to
d
is
cr
ete
v
alu
es.
Fo
r
m
ac
h
in
e
lear
n
in
g
,
th
e
v
alu
es
ar
e
eith
er
n
o
m
in
al
o
r
n
u
m
er
ic.
No
m
in
al
v
alu
es
ar
e
lik
e
p
r
ed
ef
in
e
d
r
a
n
g
es
s
u
ch
as
'
lo
w,
m
ed
iu
m
,
h
ig
h
'
o
r
'
b
lack
,
w
h
ite'
.
I
n
th
is
m
an
n
er
,
t
h
e
n
o
m
i
n
al
v
alu
es
ten
d
to
b
e
d
is
cr
ete.
Fo
r
th
e
n
u
m
er
ic
v
alu
es,
th
er
e
ar
e
s
o
m
e
ca
s
e
wh
er
e
it
ca
n
b
e
d
is
cr
ete
s
u
ch
as
th
e
v
alu
es
f
r
o
m
0
to
9
wh
ich
ca
n
b
e
r
an
g
ed
in
ten
d
i
s
cr
ete
v
alu
es
o
f
{0
,
1
,
2
,
3
,
4
,
5
,
6
,
7
,
8
,
9
}.
Ho
wev
e
r
,
s
o
m
etim
es
th
e
n
u
m
er
ic
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8
7
0
8
I
n
t J E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
11
,
No
.
2
,
Ap
r
il 2
0
2
1
:
1
6
6
6
-
1674
1670
v
alu
es
ca
n
b
e
f
o
r
m
ed
as
co
n
tin
u
o
u
s
r
ath
e
r
th
a
n
d
is
cr
ete.
I
n
th
is
v
ein
,
it
is
d
if
f
ic
u
lt
to
r
an
g
e
o
r
lim
it
th
e
co
n
tin
u
o
u
s
v
alu
es
d
u
e
to
th
e
f
lu
ctu
atio
n
o
f
n
u
m
b
er
s
.
T
h
er
ef
o
r
e,
it
is
n
ec
es
s
ar
y
t
o
ac
co
m
m
o
d
ate
a
d
is
cr
etiza
tio
n
task
in
o
r
d
er
to
p
u
t
th
ese
v
alu
es
with
in
a
r
an
g
e.
T
ab
le
2
s
h
o
ws
an
ex
a
m
p
le
o
f
d
is
cr
etiza
tio
n
o
f
co
n
tin
u
o
u
s
v
alu
es.
T
ab
le
2
.
E
x
am
p
le
o
f
d
is
cr
etiza
tio
n
I
n
st
a
n
c
e
C
o
n
t
i
n
u
o
u
s
v
a
l
u
e
C
o
n
v
e
r
t
r
u
l
e
s
I1
5
.
3
0
4
9
8
I
F
v
a
l
u
e
<
5
.
3
0
5
0
0
➔
A
I
2
5
.
3
0
5
0
0
I
F
v
a
l
u
e
>
5
.
3
0
5
0
0
&
v
a
l
u
e
<
5
.
3
0
5
1
0
➔
B
I3
5
.
3
0
5
1
5
I
F
v
a
l
u
e
>
5
.
3
0
5
1
0
& <
5
.
3
0
5
2
0
➔
C
I4
5
.
3
0
5
2
9
I
F
v
a
l
u
e
>
5
.
3
0
5
2
0
& <
5
.
3
0
5
3
0
➔
D
I5
5
.
3
0
5
3
5
I
F
v
a
l
u
e
>
5
.
3
0
5
3
0
➔
E
3
.
4
.
F
e
a
t
ure
s
elec
t
io
n us
ing
g
enet
ic
a
lg
o
rit
hm
I
n
th
is
s
ec
tio
n
,
t
h
e
f
ea
tu
r
es
o
f
th
e
DNS
co
n
n
ec
tio
n
s
will
b
e
ex
am
in
ed
in
o
r
d
er
to
i
d
en
tify
th
e
m
o
s
t
ap
p
r
o
p
r
iate
f
ea
tu
r
es
th
at
h
av
e
th
e
ab
ilit
y
to
d
is
tin
g
u
is
h
th
e
o
cc
u
r
r
en
ce
o
f
tu
n
n
ellin
g
.
Fo
r
th
is
p
u
r
p
o
s
e,
a
m
eta
-
h
eu
r
is
ti
c
ap
p
r
o
ac
h
o
f
g
e
n
etic
alg
o
r
ith
m
h
as
b
ee
n
u
s
ed
.
Ge
n
etic
alg
o
r
ith
m
(
GA)
is
o
n
e
o
f
th
e
lo
ca
l
s
ea
r
ch
tech
n
iq
u
es
th
at
s
im
u
late
th
e
b
io
lo
g
y
o
f
n
at
u
r
al
s
elec
tio
n
[
2
5
,
2
6
]
.
T
h
eo
r
etica
lly
,
it
wo
r
k
s
b
y
g
en
e
r
atin
g
a
p
o
p
u
latio
n
wh
er
e
th
e
p
o
s
s
ib
le
s
o
lu
tio
n
s
ca
n
b
e
ex
am
in
ed
.
C
o
n
s
eq
u
en
tially
,
a
co
m
b
in
atio
n
p
r
o
ce
s
s
is
p
er
f
o
r
m
ed
b
y
co
m
b
in
in
g
th
e
b
est p
o
p
u
latio
n
b
ased
o
n
a
f
itn
e
s
s
f
u
n
ctio
n
.
I
n
f
ac
t,
g
en
etic
alg
o
r
ith
m
s
tar
ts
with
p
r
o
d
u
cin
g
a
n
in
itial p
o
p
u
latio
n
wh
er
e
th
e
p
o
s
s
ib
le
s
o
l
u
tio
n
s
ca
n
b
e
r
ep
r
esen
ted
.
T
h
is
p
o
p
u
lati
o
n
co
n
s
is
ts
o
f
d
if
f
er
en
t
g
e
n
e
s
(
i.e
.
f
ea
tu
r
es)
th
at
c
o
m
p
o
s
e
d
o
f
c
h
r
o
m
o
s
o
m
es.
E
ac
h
ch
r
o
m
o
s
o
m
e
is
r
ep
r
esen
ted
b
y
a
b
in
ar
y
v
alu
e
(
i.e
.
0
o
r
1
)
.
Fig
u
r
e
2
d
e
p
icts
th
e
r
ep
r
esen
tatio
n
o
f
th
ese
g
en
es
(
f
ea
tu
r
es)
wh
er
e
C
r
ef
er
s
to
a
s
in
g
le
DNS
co
n
n
ec
tio
n
,
F
r
ef
er
s
to
a
f
ea
tu
r
e
an
d
m
r
ef
er
s
to
th
e
n
u
m
b
er
o
f
f
ea
tu
r
es.
Fig
u
r
e
2
.
I
n
itial p
o
p
u
latio
n
o
f
g
en
es
On
ce
th
e
p
r
o
d
u
cin
g
o
f
th
e
i
n
itial
p
o
p
u
latio
n
is
b
ein
g
d
o
n
e,
e
ac
h
g
en
e
h
a
v
e
to
b
e
ass
ess
ed
in
ter
m
s
o
f
f
ea
s
ib
ilit
y
.
T
h
is
ass
ess
m
en
t
is
co
n
d
u
cted
b
ased
o
n
f
itn
ess
f
u
n
ctio
n
wh
ich
i
d
en
tifie
s
th
e
d
esire
d
e
f
f
ec
tiv
en
ess
u
s
in
g
a
v
alu
e.
Fig
u
r
e
3
d
ep
icts
th
e
ev
alu
atio
n
o
f
g
en
es with
r
an
d
o
m
o
f
v
al
u
es o
f
f
itn
ess
.
As
s
h
o
wn
in
Fig
u
r
e
3
,
th
er
e
ar
e
g
en
es
th
at
h
a
v
e
lo
w
v
al
u
e
o
f
f
itn
ess
s
u
ch
as
Gen
e
3
,
Gen
e
4
,
Gen
e
6
an
d
Gen
e
7
w
h
ich
h
av
e
0
%
o
f
f
itn
ess
.
Hen
ce
,
g
en
etic
alg
o
r
i
th
m
will
g
et
r
id
o
f
th
ese
g
e
n
e
s
r
eg
ar
d
in
g
t
o
th
eir
in
f
ea
s
ib
ilit
y
.
At
th
e
s
am
e
tim
e,
Gen
e
1
,
Gen
e
2
a
n
d
Gen
e
5
will
b
e
s
elec
ted
as
th
e
b
est
g
e
n
es
r
eg
ar
d
in
g
th
eir
ef
f
ec
tiv
en
ess
in
ter
m
s
o
f
f
itn
ess
.
No
te
th
at,
th
er
e
ar
e
m
u
ltip
le
s
tr
ateg
ies
to
s
elec
t
th
e
b
est
g
en
es
s
u
ch
as
r
o
u
lette
wh
ee
l,
r
an
k
s
elec
tio
n
,
s
tead
y
-
s
tate
s
elec
tio
n
.
Ho
we
v
er
,
in
th
is
s
tu
d
y
th
e
r
an
k
s
elec
tio
n
s
tr
a
teg
y
h
as
b
ee
n
u
tili
ze
d
.
On
ce
th
e
b
est
g
en
es
ar
e
b
ein
g
s
elec
ted
,
a
r
e
-
p
r
o
d
u
cti
o
n
p
r
o
c
ess
i
s
p
er
f
o
r
m
ed
wh
ich
aim
s
to
g
en
er
ate
th
e
n
ex
t
p
o
p
u
latio
n
.
T
h
is
ca
n
b
e
co
n
d
u
cted
b
y
m
a
n
ip
u
latin
g
th
e
ch
r
o
m
o
s
o
m
es
o
f
th
e
cu
r
r
en
t
g
en
es.
Fo
r
t
h
is
p
u
r
p
o
s
e,
th
er
e
ar
e
m
u
ltip
l
e
m
eth
o
d
s
ca
n
b
e
u
s
ed
to
r
e
-
p
r
o
d
u
ce
th
e
g
en
es
s
u
c
h
as
cr
o
s
s
o
v
er
,
m
u
tatio
n
an
d
elitis
m
.
I
n
th
is
s
tu
d
y
,
cr
o
s
s
o
v
e
r
m
eth
o
d
h
as b
ee
n
u
tili
ze
d
to
r
e
-
p
r
o
d
u
ce
th
e
n
ex
t g
e
n
er
atio
n
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2
0
8
8
-
8
7
0
8
A
h
yb
r
id
meth
o
d
o
f g
e
n
etic
a
l
g
o
r
ith
m
a
n
d
s
u
p
p
o
r
t v
ec
to
r
m
a
c
h
in
e
fo
r
DN
S
...
(
F
u
q
d
a
n
A
.
A
l
-
I
b
r
a
h
ee
mi)
1671
C
r
o
s
s
o
v
er
is
an
ex
ch
an
g
e
p
r
o
ce
d
u
r
e
t
h
at
aim
s
to
s
wap
t
h
e
ch
r
o
m
o
s
o
m
es
b
etwe
en
tw
o
o
r
m
o
r
e
g
en
es.
T
h
is
p
r
o
ce
s
s
aim
s
to
c
o
m
b
in
e
t
h
e
s
tr
o
n
g
est
ch
r
o
m
o
s
o
m
es
f
r
o
m
two
g
e
n
es
an
d
f
o
r
m
u
late
it
in
a
n
ew
g
en
e
f
o
r
n
ex
t
p
o
p
u
latio
n
.
Fig
u
r
e
4
d
ep
icts
th
e
m
ec
h
an
is
m
o
f
cr
o
s
s
o
v
er
.
T
h
e
s
p
ec
if
icati
o
n
o
f
ap
p
ly
in
g
th
e
g
en
etic
alg
o
r
ith
m
ca
n
b
e
s
ee
n
in
T
ab
le
3
.
Fig
u
r
e
3
.
E
v
alu
atin
g
g
en
es b
a
s
ed
o
n
th
e
f
it
n
ess
f
u
n
ctio
n
Fig
u
r
e
4
.
C
r
o
s
s
o
v
er
e
x
ch
an
g
e
T
ab
le
3
.
Deta
ils
o
f
ca
r
r
y
in
g
o
u
t th
e
g
en
etic
alg
o
r
ith
m
P
a
r
a
me
t
e
r
D
e
scri
p
t
i
o
n
N
u
mb
e
r
o
f
i
t
e
r
a
t
i
o
n
s
o
r
g
e
n
e
r
a
t
i
o
n
s
50
Re
-
p
r
o
d
u
c
t
i
o
n
m
e
c
h
a
n
i
s
m
C
r
o
ss
o
v
e
r
C
o
n
d
i
t
i
o
n
f
o
r
t
e
r
m
i
n
a
t
i
o
n
N
o
si
g
n
i
f
i
c
a
n
t
c
h
a
n
g
e
s
i
n
n
e
x
t
g
e
n
e
r
a
t
i
o
n
s
3
.
5
.
Cla
s
s
if
ica
t
io
n us
ing
SVM
I
n
th
is
s
ec
tio
n
,
th
e
class
if
ic
atio
n
o
f
th
e
DNS
co
n
n
ec
tio
n
is
b
ein
g
p
er
f
o
r
m
ed
in
wh
ich
ea
ch
co
n
n
ec
tio
n
w
o
u
ld
b
e
class
if
i
ed
in
to
its
ac
tu
al
class
lab
el.
Su
ch
class
if
icatio
n
p
r
o
ce
s
s
h
as
b
ee
n
co
n
d
u
cte
d
u
s
in
g
th
e
s
u
p
p
o
r
t
v
ec
to
r
m
ac
h
in
e.
T
h
is
class
if
ier
is
a
n
o
n
-
p
r
o
b
ab
ilis
tic
an
d
b
in
a
r
y
class
if
ier
in
wh
ich
t
h
e
d
ata
is
p
ar
titi
o
n
ed
in
t
o
two
g
r
o
u
p
s
(
0
o
r
1
)
.
T
h
e
wo
r
k
m
ec
h
an
is
m
o
f
th
is
class
if
ier
lies
o
n
ass
ig
n
in
g
a
h
y
p
er
p
la
n
e
wh
ich
is
a
m
ar
g
in
th
at
p
ar
titi
o
n
th
e
d
ata
in
to
th
e
two
g
r
o
u
p
s
[
2
7
]
.
No
te
t
h
at,
SVM
will c
las
s
if
y
th
e
co
n
n
ec
tio
n
in
s
tan
ce
s
b
ased
o
n
th
e
s
elec
ted
f
ea
tu
r
es
b
y
th
e
g
e
n
etic
alg
o
r
ith
m
in
wh
ich
th
e
tr
ain
in
g
p
o
r
tio
n
was
8
0
%
an
d
th
e
test
in
g
p
o
r
tio
n
was 2
0
%.
Fig
u
r
e
5
d
ep
icts
th
e
alg
o
r
ith
m
o
f
SVM
class
if
ier
.
As
s
h
o
wn
in
Fig
u
r
e
5
b
asically
,
will
id
en
tify
a
m
a
r
g
in
th
at
p
ar
titi
o
n
th
e
d
ata
with
t
h
e
f
ir
s
t
class
(
i.e
.
FTT
Po
v
er
DNS)
an
d
th
e
r
em
a
in
in
g
d
ata
(
s
h
o
wn
i
n
s
tep
2
)
.
Af
ter
th
at,
id
en
tify
i
n
g
a
m
a
r
g
in
th
at
p
ar
titi
o
n
th
e
d
ata
with
th
e
s
ec
o
n
d
class
(
i.
e.
HT
T
Po
v
er
DNS)
an
d
th
e
r
e
m
ain
in
g
d
ata
(
s
h
o
wn
in
s
tep
3
)
.
C
o
n
s
eq
u
e
n
tially
,
id
en
tify
in
g
a
m
ar
g
in
th
at
p
ar
titi
o
n
th
e
d
ata
with
th
e
th
ir
d
cla
s
s
(
i.e
.
HT
T
PS
o
v
er
DNS)
an
d
th
e
r
em
ain
in
g
d
ata
(
s
h
o
wn
in
s
tep
4
)
.
Af
ter
th
at,
id
en
tify
in
g
a
m
ar
g
in
th
a
t
p
ar
titi
o
n
t
h
e
d
ata
with
th
e
f
o
u
r
th
class
(
i.e
.
POP3
o
v
er
DNS)
an
d
th
e
r
e
m
ai
n
in
g
d
ata
(
s
h
o
wn
in
s
tep
5
)
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8
7
0
8
I
n
t J E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
11
,
No
.
2
,
Ap
r
il 2
0
2
1
:
1
6
6
6
-
1674
1672
Fig
u
r
e
5
.
SVM
alg
o
r
ith
m
4.
RE
SU
L
T
S
AND
D
I
SCU
SS
I
O
N
S
Sin
ce
th
is
s
tu
d
y
is
co
n
ce
n
tr
at
in
g
o
n
th
e
s
u
p
er
v
is
ed
m
ac
h
in
e
lear
n
in
g
th
u
s
,
t
h
e
ev
alu
atio
n
m
eth
o
d
th
at
h
as
b
ee
n
u
s
ed
f
o
r
ass
ess
in
g
th
e
class
if
icatio
n
p
er
f
o
r
m
a
n
ce
will
b
e
u
s
ed
.
Sev
er
al
r
esear
ch
s
tu
d
ies
h
av
e
ad
d
r
ess
ed
th
e
ev
alu
atio
n
o
f
class
if
icatio
n
u
s
in
g
th
e
co
m
m
o
n
in
f
o
r
m
atio
n
r
etr
iev
al
m
etr
ics
in
clu
d
in
g
p
r
ec
is
io
n
,
r
ec
all
an
d
F
-
m
ea
s
u
r
e
[
2
4
]
.
T
o
co
m
p
u
te
s
u
ch
m
etr
ics,
th
e
co
n
tin
g
en
cy
tab
le
will
b
e
u
s
ed
as
s
h
o
wn
in
T
ab
le
4
.
T
ab
le
4
.
C
o
n
tin
g
en
cy
ta
b
le
P
r
e
d
i
c
t
e
d
D
N
S
c
o
n
n
e
c
t
i
o
n
P
r
e
d
i
c
t
e
d
A
c
t
u
a
l
N
o
r
mal
Tu
n
n
e
l
A
c
t
u
a
l
D
N
S
c
o
n
n
e
c
t
i
o
n
N
o
r
mal
T
ru
e
p
o
si
t
i
v
e
(
T
P)
Fa
l
s
e
p
o
si
t
i
v
e
(
F
P)
Tu
n
n
e
l
Fa
l
s
e
n
e
g
a
t
i
v
e
(
FN
)
T
ru
e
n
e
g
a
t
i
v
e
(
T
N
)
F
a
ls
e
n
eg
a
tive
(
F
N
)
:
is
th
e
n
u
m
b
er
o
f
ac
tu
al
tu
n
n
elin
g
c
o
n
n
ec
tio
n
s
th
at
h
av
e
b
ee
n
p
r
ed
ict
ed
as n
o
r
m
al.
F
a
ls
e
p
o
s
itive
(FP)
:
is
th
e
n
u
m
b
er
o
f
ac
tu
al
n
o
r
m
al
co
n
n
ec
t
io
n
th
at
h
a
v
e
b
ee
n
p
r
ed
icte
d
a
s
tu
n
n
elin
g
.
Tr
u
e
n
eg
a
tive
(
TN
)
:
is
th
e
n
u
m
b
er
o
f
co
r
r
ec
tly
u
n
-
p
r
e
d
icted
co
n
n
ec
tio
n
s.
Tr
u
e
p
o
s
itive
(
TP)
:
is
th
e
n
u
m
b
er
o
f
co
r
r
ec
tly
p
r
ed
icted
co
n
n
ec
tio
n
s
.
I
n
th
is
m
an
n
e
r
,
th
e
p
r
ec
is
io
n
,
r
ec
all
an
d
F
-
m
ea
s
u
r
e
ca
n
b
e
co
m
p
u
ted
b
ased
o
n
th
e
f
o
llo
win
g
eq
u
atio
n
s
.
=
+
(
2
)
=
+
(
3
)
−
=
2
×
×
+
(
4
)
Pre
cisi
o
n
is
th
e
r
atio
b
etwe
en
th
e
n
u
m
b
er
o
f
co
r
r
ec
tly
class
if
ied
co
n
n
ec
tio
n
s
o
v
er
t
h
e
to
t
al
n
u
m
b
er
o
f
co
n
n
ec
tio
n
s
.
W
h
ile
R
ec
all
is
th
e
r
atio
b
etwe
en
th
e
n
u
m
b
er
o
f
c
o
r
r
ec
tly
class
if
ied
tu
n
n
elin
g
co
n
n
ec
tio
n
s
an
d
th
e
to
tal
n
u
m
b
er
o
f
tu
n
n
elin
g
co
n
n
ec
tio
n
s
.
Fin
ally
,
F
-
m
ea
s
u
r
e
is
co
n
s
id
er
ed
to
b
e
th
e
to
tal
ac
cu
r
ac
y
.
B
asically
,
th
e
ev
alu
atio
n
will
b
e
h
el
d
b
ased
o
n
t
h
e
h
y
b
r
id
o
f
SVM
an
d
GA
co
m
p
ar
ed
to
th
e
co
n
v
en
tio
n
al
SVM.
T
ab
le
5
s
h
o
ws s
u
ch
co
m
p
ar
is
o
n
.
Evaluation Warning : The document was created with Spire.PDF for Python.
I
n
t J E
lec
&
C
o
m
p
E
n
g
I
SS
N:
2
0
8
8
-
8
7
0
8
A
h
yb
r
id
meth
o
d
o
f g
e
n
etic
a
l
g
o
r
ith
m
a
n
d
s
u
p
p
o
r
t v
ec
to
r
m
a
c
h
in
e
fo
r
DN
S
...
(
F
u
q
d
a
n
A
.
A
l
-
I
b
r
a
h
ee
mi)
1673
T
ab
le
5
.
R
esu
lts
o
f
th
e
p
r
o
p
o
s
ed
m
eth
o
d
co
m
p
ar
ed
to
th
e
co
n
v
en
tio
n
al
SVM
C
l
a
s
s
F
-
mea
su
r
e
S
V
M
S
V
M
& G
A
F
TP
0
.
8
2
4
9
6
0
.
9
0
9
8
9
H
TTP
0
.
7
8
9
8
1
0
.
9
8
9
8
9
H
TTPS
0
.
8
3
7
4
2
0
.
9
1
4
3
1
P
O
P
3
1
.
0
0
.
9
7
A
v
e
r
a
g
e
0
.
8
6
3
0
5
0
.
9
4
6
0
2
As
s
h
o
wn
in
T
ab
le
5
,
t
h
e
u
s
e
o
f
g
e
n
etic
alg
o
r
ith
m
with
th
e
s
u
p
p
o
r
t v
ec
to
r
m
ac
h
in
e
class
if
icatio
n
h
as
s
ig
n
if
ican
tly
im
p
r
o
v
ed
th
e
F
-
m
ea
s
u
r
e
v
alu
es f
o
r
all
m
o
s
t
o
f
th
e
class
lab
els.
First,
th
e
FT
P
h
as
b
ee
n
en
h
a
n
ce
d
f
r
o
m
8
2
%
o
f
F
-
m
ea
s
u
r
e
in
to
9
0
%.
Seco
n
d
,
HT
T
P
class
lab
el
h
as
b
ee
n
im
p
r
o
v
e
d
f
r
o
m
7
8
%
in
t
o
9
8
%
o
f
F
-
m
ea
s
u
r
e;
th
is
is
th
e
d
r
am
atic
en
h
a
n
ce
m
en
t
th
at
o
cc
u
r
r
ed
u
p
o
n
a
class
lab
el
co
m
p
ar
ed
t
o
th
e
o
th
e
r
s
.
Fo
r
th
e
HT
T
PS
class
lab
el
th
e
en
h
an
c
em
en
t
was
s
lig
h
t
in
wh
ich
th
e
F
-
m
ea
s
u
r
e
h
as
b
ee
n
in
cr
ea
s
ed
f
r
o
m
8
3
%
to
9
1
%.
Ho
wev
er
,
f
o
r
t
h
e
POP3
class
lab
el,
th
e
r
esu
lt
o
f
F
-
m
ea
s
u
r
e
h
as
b
ee
n
d
ec
r
ea
s
ed
f
r
o
m
1
0
0
%
i
n
to
9
7
%.
Alth
o
u
g
h
th
e
u
s
e
o
f
GA
h
as
n
o
t
en
h
an
ce
d
th
e
class
if
icatio
n
o
f
POP3
h
o
wev
er
,
th
e
av
er
a
g
e
p
er
f
o
r
m
a
n
ce
was
s
ig
n
if
ican
tly
im
p
r
o
v
ed
f
r
o
m
8
6
%
to
9
4
%
o
f
F
-
m
ea
s
u
r
e
.
Gen
er
ally
,
th
e
u
s
e
o
f
g
en
etic
alg
o
r
ith
m
h
as
s
ig
n
if
ican
tly
im
p
r
o
v
ed
th
e
c
lass
if
icatio
n
p
er
f
o
r
m
a
n
ce
o
f
DNS
co
n
n
ec
tio
n
s
c
o
m
p
ar
e
d
to
th
e
tr
ad
itio
n
a
l
class
if
icatio
n
with
o
u
t a
p
p
ly
in
g
GA.
T
h
is
ca
n
im
p
ly
th
e
u
s
ef
u
ln
ess
o
f
GA
wh
er
e
th
e
ca
p
ab
ilit
ies o
f
id
en
tify
in
g
th
e
m
o
s
t
a
p
p
r
o
p
r
iate
f
ea
tu
r
e
s
et
h
as
led
to
en
h
an
ce
th
e
class
if
icatio
n
ac
cu
r
ac
y
.
Fig
u
r
e
6
c
o
m
p
ar
es
th
e
p
er
f
o
r
m
an
ce
s
o
f
SVM
an
d
SVM
with
GA.
Fig
u
r
e
6
.
Per
f
o
r
m
an
c
es o
f
SVM
an
d
SVM
with
GA
On
th
e
o
th
er
h
an
d
,
it
is
n
ec
es
s
ar
y
to
co
m
p
ar
e
th
e
r
esu
lts
o
f
th
e
p
r
o
p
o
s
ed
s
o
lu
tio
n
with
t
h
e
s
tate
o
f
th
e
ar
t.
Ou
r
b
aselin
e
s
tu
d
y
wa
s
th
e
o
n
e
th
at
p
r
o
p
o
s
ed
b
y
Ho
m
em
an
d
Pap
a
p
etr
o
u
[
2
8
]
wh
o
ap
p
lied
t
h
e
SVM
class
if
icatio
n
o
n
th
e
s
am
e
b
en
ch
m
ar
k
d
ataset
th
at
h
as
b
ee
n
u
s
ed
in
th
is
s
tu
d
y
an
d
ac
h
i
ev
e
an
F
-
m
ea
s
u
r
e
o
f
9
1
%,
it
is
o
b
v
io
u
s
th
at
o
u
r
p
r
o
p
o
s
ed
m
eth
o
d
h
as
o
u
t
p
er
f
o
r
m
ed
th
e
r
esu
lts
o
f
th
e
s
tate
o
f
th
e
ar
t
b
y
ac
h
iev
i
n
g
9
4
%
o
f
F
-
m
ea
s
u
r
e.
T
h
is
ca
n
d
em
o
n
s
tr
ate
th
e
h
y
p
o
th
esis
o
f
o
u
r
s
tu
d
y
in
wh
ich
th
e
u
s
e
o
f
th
e
g
en
etic
alg
o
r
ith
m
in
o
r
d
e
r
to
id
e
n
tify
t
h
e
b
est f
ea
tu
r
es will le
ad
to
en
h
an
ce
th
e
ef
f
ec
tiv
en
ess
o
f
th
e
class
if
icatio
n
.
5.
CO
NCLU
SI
O
N
T
h
is
p
ap
er
h
as
p
r
o
p
o
s
ed
a
h
y
b
r
id
m
et
h
o
d
o
f
g
en
etic
al
g
o
r
it
h
m
an
d
s
u
p
p
o
r
t
v
ec
to
r
m
ac
h
i
n
e
f
o
r
th
e
p
r
o
ce
s
s
o
f
d
etec
tin
g
DNS
tu
n
n
elin
g
.
T
h
e
p
r
o
p
o
s
ed
GA
h
as
d
em
o
n
s
tr
ated
s
u
b
s
tan
tial
p
er
f
o
r
m
an
ce
in
ter
m
s
o
f
s
elec
tin
g
th
e
b
est
f
ea
tu
r
es
wh
ich
let
to
im
p
r
o
v
e
th
e
class
if
icatio
n
ac
cu
r
ac
y
.
Ad
d
r
ess
in
g
d
if
f
er
e
n
t
f
ea
tu
r
e
s
elec
tio
n
ap
p
r
o
ac
h
es
in
f
u
t
u
r
e
r
esear
ch
es
is
a
k
ey
c
h
allen
g
in
g
is
s
u
e
in
wh
ich
an
t
co
lo
n
y
,
p
a
r
ticle
s
war
m
o
p
tim
izatio
n
an
d
s
im
u
lated
an
n
ea
lin
g
ar
e
c
o
m
p
etitiv
e
f
ea
tu
r
e
s
elec
tio
n
m
eth
o
d
s
co
m
p
ar
ed
to
GA.
RE
F
E
R
E
NC
E
S
[1
]
T.
v
a
n
Leijen
h
o
rst
,
e
t
a
l.
,
“
On
th
e
v
iab
il
i
ty
a
n
d
p
e
rfo
rm
a
n
c
e
o
f
DN
S
t
u
n
n
e
li
n
g
,
”
U
n
iv
e
rsit
y
o
f
W
o
ll
o
n
g
o
n
g
Re
se
a
rc
h
On
li
n
e
,
2
0
0
8
.
0
0.2
0.4
0.6
0.8
1
F
T
P
H
T
T
P
H
T
T
PS
PO
P3
A
ve
rag
e
S
V
M w
i
th
G
A
S
V
M
Evaluation Warning : The document was created with Spire.PDF for Python.
I
SS
N
:
2
0
8
8
-
8
7
0
8
I
n
t J E
lec
&
C
o
m
p
E
n
g
,
Vo
l.
11
,
No
.
2
,
Ap
r
il 2
0
2
1
:
1
6
6
6
-
1674
1674
[2
]
A.
S
a
n
i
a
n
d
M
.
S
e
ti
a
wa
n
,
“
DN
S
tu
n
n
e
li
n
g
De
tec
ti
o
n
Us
i
n
g
E
las
ti
c
se
a
rc
h
,
”
in
IOP
Co
n
fer
e
n
c
e
S
e
rie
s:
M
a
ter
ia
ls
S
c
ien
c
e
a
n
d
E
n
g
i
n
e
e
rin
g
,
v
o
l.
7
2
2
,
2
0
2
0
,
p
p
.
1
-
9
.
[3
]
N.
Ish
ik
u
ra
,
e
t
a
l.
,
“
Ca
c
h
e
-
P
ro
p
e
rty
-
Aw
a
re
F
e
a
tu
re
s
fo
r
DN
S
Tu
n
n
e
li
n
g
De
tec
ti
o
n
,
”
in
2
0
2
0
2
3
rd
Co
n
fer
e
n
c
e
o
n
In
n
o
v
a
ti
o
n
i
n
Cl
o
u
d
s,
I
n
ter
n
e
t
a
n
d
Ne
two
rk
s a
n
d
W
o
rk
sh
o
p
s (ICIN
)
,
2
0
2
0
,
p
p
.
2
1
6
-
2
2
0
.
[4
]
H.
Ba
i,
e
t
a
l.
,
“
Re
fin
e
d
id
e
n
t
ifi
c
a
ti
o
n
o
f
h
y
b
ri
d
traffic
in
DN
S
tu
n
n
e
ls
b
a
se
d
o
n
re
g
re
ss
io
n
a
n
a
ly
sis,”
ET
RI
J
o
u
r
n
a
l
,
p
p
.
1
-
1
3
,
2
0
2
0
.
[5
]
H.
Ic
h
ise
,
e
t
a
l.
,
“
NS
re
c
o
r
d
Histo
ry
Ba
se
d
A
b
n
o
rm
a
l
DN
S
traffic
De
tec
ti
o
n
C
o
n
si
d
e
rin
g
Ad
a
p
ti
v
e
B
o
t
n
e
t
Co
m
m
u
n
ica
ti
o
n
Bl
o
c
k
in
g
,
”
J
o
u
rn
a
l
o
f
In
f
o
rm
a
ti
o
n
Pro
c
e
ss
in
g
,
v
o
l.
2
8
,
p
p
.
1
1
2
-
1
2
2
,
2
0
2
0
.
[6
]
K.
Bo
rn
a
n
d
D.
G
u
sta
fso
n
,
“
Ng
v
iz:
d
e
tec
ti
n
g
d
n
s
t
u
n
n
e
ls
th
r
o
u
g
h
n
-
g
ra
m
v
isu
a
li
z
a
ti
o
n
a
n
d
q
u
a
n
t
it
a
ti
v
e
a
n
a
ly
sis,”
in
Pro
c
e
e
d
in
g
s
o
f
th
e
S
ixt
h
An
n
u
a
l
W
o
rk
sh
o
p
o
n
Cy
b
e
r
S
e
c
u
rit
y
a
n
d
In
f
o
rm
a
ti
o
n
I
n
telli
g
e
n
c
e
Res
e
a
rc
h
,
p
.
4
7
,
2
0
1
0
.
[7
]
K.
Bo
r
n
a
n
d
D
.
G
u
sta
fso
n
,
“
De
tec
ti
n
g
d
n
s
tu
n
n
e
ls
u
sin
g
c
h
a
ra
c
ter
fre
q
u
e
n
c
y
a
n
a
ly
sis,”
a
rXiv
p
re
p
ri
n
t
a
rXiv:
1
0
0
4
.
4
3
5
8
,
2
0
1
0
.
[8
]
K.
Bu
m
a
n
g
lag
a
n
d
H.
Ke
tt
a
n
i,
“
On
th
e
Im
p
a
c
t
o
f
DN
S
Ov
e
r
HT
TP
S
P
a
ra
d
i
g
m
o
n
C
y
b
e
r
S
y
ste
m
s,”
in
2
0
2
0
3
rd
In
ter
n
a
t
io
n
a
l
C
o
n
fer
e
n
c
e
o
n
I
n
fo
r
ma
ti
o
n
a
n
d
Co
mp
u
ter
T
e
c
h
n
o
l
o
g
i
e
s (ICICT
)
,
2
0
2
0
,
p
p
.
4
9
4
-
4
9
9
.
[9
]
G
.
Ya
n
,
e
t
a
l.
,
“
Disc
o
v
e
rin
g
S
u
s
p
icio
u
s
APT
Be
h
a
v
io
rs
b
y
An
a
l
y
z
in
g
DN
S
Ac
ti
v
it
ies
,
”
S
e
n
so
rs
,
v
o
l
.
2
0
,
n
o
.
3
,
p
.
7
3
1
,
2
0
2
0
.
[1
0
]
F
.
P
a
lau
,
e
t
a
l.
,
“
De
tec
ti
n
g
DN
S
Th
re
a
ts:
A
De
e
p
Lea
rn
in
g
M
o
d
e
l
to
Ru
le
Th
e
m
All,
”
i
n
X
X
S
im
p
o
s
io
Arg
e
n
ti
n
o
d
e
In
telig
e
n
c
i
a
Arti
fi
c
ia
l
(
AS
AI
2
0
1
9
)
-
J
AII
O 4
8
,
S
a
lt
a
,
2
0
1
9
.
[1
1
]
A.
Alm
u
sa
wi
a
n
d
H.
Am
in
t
o
o
si,
“
DN
S
Tu
n
n
e
li
n
g
De
tec
ti
o
n
M
e
th
o
d
Ba
se
d
o
n
M
u
lt
il
a
b
e
l
S
u
p
p
o
rt
Ve
c
to
r
M
a
c
h
in
e
,
”
S
e
c
u
rity
a
n
d
C
o
mm
u
n
i
c
a
ti
o
n
Ne
two
rk
s (Hin
d
a
wi)
,
v
o
l.
2
0
1
8
,
p
.
9
,
2
0
1
8
.
[1
2
]
M
.
S
a
m
m
o
u
r,
e
t
a
l.
,
“
DN
S
T
u
n
n
e
l
in
g
:
a
Re
v
iew
o
n
F
e
a
t
u
re
s,”
In
ter
n
a
ti
o
n
a
l
J
o
u
rn
a
l
o
f
E
n
g
i
n
e
e
rin
g
a
n
d
T
e
c
h
n
o
l
ogy
,
v
o
l.
7
,
n
o
.
2
0
,
p
p
.
1
-
5
,
2
0
1
8
.
[1
3
]
R.
Ra
sm
u
ss
e
n
,
“
Do
y
o
u
k
n
o
w
wh
a
t
y
o
u
r
d
n
s
re
so
lv
e
r
is
d
o
i
n
g
ri
g
h
t
n
o
w,”
S
e
c
u
rity
W
e
e
k
,
2
0
1
2
.
[O
n
li
n
e
].
Av
a
il
a
b
le:
h
tt
p
:/
/www
.
se
c
u
rit
y
we
e
k
.
c
o
m
/d
o
-
y
o
u
-
k
n
o
w
-
wh
a
t
-
y
o
u
r
-
d
n
sre
so
l
v
e
r
-
d
o
i
n
g
-
r
ig
h
t
-
n
o
w.
[1
4
]
M
.
Du
si,
e
t
a
l.
,
“
Tu
n
n
e
l
h
u
n
ter:
De
tec
ti
n
g
a
p
p
li
c
a
ti
o
n
-
la
y
e
r
tu
n
n
e
ls
with
sta
ti
stica
l
fin
g
e
rp
ri
n
t
in
g
,
”
Co
m
p
u
ter
Ne
two
rk
s,
v
o
l
.
5
3
,
n
o
.
1
,
p
p
.
8
1
-
9
7
,
2
0
0
9
.
[1
5
]
P
.
E.
Va
n
Th
u
a
n
Do
,
e
t
a
l.
,
“
De
t
e
c
ti
o
n
o
f
DN
S
Tu
n
n
e
li
n
g
i
n
M
o
b
il
e
Ne
two
r
k
s
Us
in
g
M
a
c
h
in
e
Lea
rn
in
g
,
”
In
fo
rm
a
t
io
n
S
c
ien
c
e
a
n
d
A
p
p
li
c
a
t
io
n
s
2
0
1
7
(
ICI
S
A
2
0
1
7
)
,
v
o
l.
4
2
4
,
2
0
1
7
,
p
.
2
2
1
.
[1
6
]
M
.
Aie
ll
o
,
e
t
a
l.
,
“
DN
S
tu
n
n
e
li
n
g
d
e
tec
ti
o
n
th
r
o
u
g
h
sta
ti
stica
l
fin
g
e
rp
r
in
ts
o
f
p
r
o
t
o
c
o
l
m
e
ss
a
g
e
s
a
n
d
m
a
c
h
in
e
lea
rn
in
g
,
”
In
ter
n
a
ti
o
n
a
l
J
o
u
rn
a
l
o
f
Co
mm
u
n
ica
ti
o
n
S
y
ste
ms
,
v
o
l.
2
8
,
n
o
.
1
4
,
p
p
.
1
9
8
7
-
2
0
0
2
,
2
0
1
5
.
[1
7
]
G
.
F
a
rn
h
a
m
a
n
d
A.
Atlas
is,
“
De
te
c
ti
n
g
DN
S
tu
n
n
e
li
n
g
,
”
I
n
f
o
S
e
c
Re
a
d
i
n
g
Ro
o
m
,
2
0
1
3
.
[1
8
]
S
.
B.
Ko
tsian
ti
s,
e
t
a
l.
,
“
S
u
p
e
r
v
ise
d
m
a
c
h
i
n
e
lea
rn
i
n
g
:
A
re
v
i
e
w
o
f
c
las
sif
ica
ti
o
n
tec
h
n
i
q
u
e
s
,
”
In
f
o
rm
a
ti
c
a
,
p
p
.
2
4
9
-
2
6
8
,
2
0
0
7
.
[1
9
]
M
.
Du
si,
e
t
a
l.
,
“
De
tec
ti
o
n
o
f
e
n
c
ry
p
ted
tu
n
n
e
ls
a
c
ro
ss
n
e
tw
o
rk
b
o
u
n
d
a
ries
,
”
i
n
IEE
E
In
ter
n
a
ti
o
n
a
l
Co
n
fer
e
n
c
e
o
n
Co
mm
u
n
ica
ti
o
n
s
(
ICC'0
8
)
,
2
0
0
8
,
p
p
.
1
7
3
8
-
1
7
4
4
.
[2
0
]
F
.
Allard
,
e
t
a
l.
,
“
T
u
n
n
e
li
n
g
a
c
ti
v
i
ti
e
s d
e
tec
ti
o
n
u
sin
g
m
a
c
h
in
e
lea
rn
in
g
tec
h
n
i
q
u
e
s,
”
DTIC
Do
c
u
m
e
n
t
,
2
0
1
0
.
[2
1
]
M
.
Aie
ll
o
,
e
t
a
l.
,
“
Ba
sic
c
las
sifiers
fo
r
DN
S
tu
n
n
e
li
n
g
d
e
tec
ti
o
n
,
”
in
2
0
1
3
IE
EE
S
y
mp
o
si
u
m
o
n
Co
mp
u
ter
s
a
n
d
Co
mm
u
n
ica
ti
o
n
s (IS
CC)
,
2
0
1
3
,
p
p
.
0
0
0
8
8
0
-
0
0
0
8
8
5
.
[2
2
]
A.
L.
B
u
c
z
a
k
,
e
t
a
l.
,
“
De
tec
ti
o
n
o
f
Tu
n
n
e
ls
i
n
P
CAP
Da
ta
b
y
Ra
n
d
o
m
F
o
re
sts,”
i
n
Pr
o
c
e
e
d
in
g
s
o
f
t
h
e
1
1
t
h
A
n
n
u
a
l
Cy
b
e
r a
n
d
In
f
o
rm
a
ti
o
n
S
e
c
u
rity R
e
se
a
rc
h
Co
n
fer
e
n
c
e
,
2
0
1
6
,
p
.
1
6
.
[2
3
]
M
.
Aie
ll
o
,
e
t
a
l.
,
“
P
ro
fil
in
g
DN
S
tu
n
n
e
li
n
g
a
tt
a
c
k
s
wit
h
P
CA
a
n
d
m
u
tu
a
l
in
f
o
rm
a
ti
o
n
,
”
L
o
g
ic
J
o
u
rn
a
l
o
f
IGPL
,
v
o
l.
2
4
,
n
o
.
6
,
p
p
.
9
5
7
-
9
7
0
,
2
0
1
6
.
[2
4
]
I
.
Ho
m
e
m
,
e
t
a
l.
,
“
En
tr
o
p
y
-
b
a
se
d
P
re
d
ictio
n
o
f
Ne
two
rk
P
r
o
to
c
o
ls
i
n
th
e
F
o
re
n
sic
An
a
ly
sis
o
f
DN
S
Tu
n
n
e
ls,”
a
rXiv:1
7
0
9
.
0
6
3
6
3
,
2
0
1
6.
[2
5
]
Y.
S
o
n
g
,
e
t
a
l.
,
“
An
imp
r
o
v
e
d
g
e
n
e
ti
c
a
lg
o
rit
h
m
fo
r
n
u
m
e
rica
l
f
u
n
c
ti
o
n
o
p
ti
m
iza
ti
o
n
,
”
A
p
p
li
e
d
In
tel
li
g
e
n
c
e
,
v
o
l.
4
9
,
n
o
.
5
,
p
p
.
1
8
8
0
-
1
9
0
2
,
2
0
1
9
.
[2
6
]
R.
Vijay
a
n
a
n
d
,
e
t
a
l.
,
“
In
tru
si
o
n
d
e
tec
ti
o
n
sy
ste
m
fo
r
wire
les
s
m
e
sh
n
e
two
rk
u
si
n
g
m
u
lt
ip
le
su
p
p
o
rt
v
e
c
to
r
m
a
c
h
in
e
c
las
sifiers
with
g
e
n
e
ti
c
-
a
lg
o
rit
h
m
-
b
a
se
d
fe
a
tu
re
se
lec
ti
o
n
,
”
C
o
mp
u
t
e
rs
&
S
e
c
u
rity,
v
o
l
.
7
7
,
p
p
.
3
0
4
-
3
1
4
,
2
0
1
8
.
[2
7
]
C.
C.
Ch
a
n
g
a
n
d
C.
J.
Li
n
,
“
LIBS
VM:
a
li
b
ra
r
y
f
o
r
su
p
p
o
r
t
v
e
c
to
r
m
a
c
h
i
n
e
s,”
ACM
T
r
a
n
s
a
c
ti
o
n
s
o
n
I
n
telli
g
e
n
t
S
y
ste
ms
a
n
d
T
e
c
h
n
o
lo
g
y
(T
I
S
T
),
v
o
l.
2
,
n
o
.
3
,
p
.
2
7
,
2
0
1
1
.
[2
8
]
I.
Ho
m
e
m
a
n
d
P
.
P
a
p
a
p
e
tr
o
u
,
“
Ha
rn
e
ss
in
g
P
re
d
icti
v
e
M
o
d
e
ls
fo
r
As
sistin
g
Ne
two
rk
F
o
re
n
sic
In
v
e
stig
a
ti
o
n
s
o
f
DN
S
Tu
n
n
e
ls,”
ADFS
L
A
n
n
u
a
l
C
o
n
fer
e
n
c
e
o
n
Dig
i
ta
l
Fo
re
n
sic
s,
S
e
c
u
rity a
n
d
L
a
w
,
2
0
1
7
,
p
p
.
1
-
11
.
Evaluation Warning : The document was created with Spire.PDF for Python.