could you tell me how do you generate DNS domain names(from pcap file), and do these domain names have special meaning? Are these DNS domain names randomly generated？
thank you for your reply。

These domain names are generated by DNS tunneling program, the name of the program is the same as the name of directory where pcap files are located (e.g. iodine, tuns, dns2tcp and dnscapy).

The second-level domain is static and set to hidemyass.org, the lower-level domains are generated.

I also uploaded the extracted domain names to Mendeley database, so you could cite the data in your papers: http://dx.doi.org/10.17632/mzn9hvdcxg.1