{"id":"https://openalex.org/W2912755644","doi":"https://doi.org/10.1109/access.2019.2891588","title":"A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection","display_name":"A Machine Learning Framework for Domain Generation Algorithm-Based Malware Detection","publication_year":2019,"publication_date":"2019-01-01","ids":{"openalex":"https://openalex.org/W2912755644","doi":"https://doi.org/10.1109/access.2019.2891588","mag":"2912755644"},"language":"en","primary_location":{"id":"doi:10.1109/access.2019.2891588","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2891588","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08631171.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08631171.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100421717","display_name":"Yi Li","orcid":"https://orcid.org/0000-0003-1334-9183"},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Yi Li","raw_affiliation_strings":["Intelligent Computer Networking and Security Lab, Florida Center for Cybersecurity, University of South Florida, Tampa, FL, USA"],"affiliations":[{"raw_affiliation_string":"Intelligent Computer Networking and Security Lab, Florida Center for Cybersecurity, University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101689516","display_name":"Kaiqi Xiong","orcid":"https://orcid.org/0000-0003-2933-8083"},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kaiqi Xiong","raw_affiliation_strings":["Intelligent Computer Networking and Security Lab, Florida Center for Cybersecurity, University of South Florida, Tampa, FL, USA"],"affiliations":[{"raw_affiliation_string":"Intelligent Computer Networking and Security Lab, Florida Center for Cybersecurity, University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5010095679","display_name":"Tommy Chin","orcid":"https://orcid.org/0000-0003-0446-1325"},"institutions":[{"id":"https://openalex.org/I155173764","display_name":"Rochester Institute of Technology","ror":"https://ror.org/00v4yb702","country_code":"US","type":"education","lineage":["https://openalex.org/I155173764"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Tommy Chin","raw_affiliation_strings":["Department of Computing Security, Rochester Institute of Technology, Rochester, NY, USA"],"affiliations":[{"raw_affiliation_string":"Department of Computing Security, Rochester Institute of Technology, Rochester, NY, USA","institution_ids":["https://openalex.org/I155173764"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001137299","display_name":"Chengbin Hu","orcid":null},"institutions":[{"id":"https://openalex.org/I2613432","display_name":"University of South Florida","ror":"https://ror.org/032db5x82","country_code":"US","type":"education","lineage":["https://openalex.org/I2613432"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chengbin Hu","raw_affiliation_strings":["Intelligent Computer Networking and Security Lab, Florida Center for Cybersecurity, University of South Florida, Tampa, FL, USA"],"affiliations":[{"raw_affiliation_string":"Intelligent Computer Networking and Security Lab, Florida Center for Cybersecurity, University of South Florida, Tampa, FL, USA","institution_ids":["https://openalex.org/I2613432"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5100421717"],"corresponding_institution_ids":["https://openalex.org/I2613432"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":8.9133,"has_fulltext":true,"cited_by_count":92,"citation_normalized_percentile":{"value":0.98090129,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"7","issue":null,"first_page":"32765","last_page":"32782"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9987999796867371,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8474600315093994},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8012107610702515},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.726854681968689},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.6880059242248535},{"id":"https://openalex.org/keywords/hidden-markov-model","display_name":"Hidden Markov model","score":0.6336500644683838},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.6028304100036621},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5321108102798462},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4646192789077759},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.45306262373924255}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8474600315093994},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8012107610702515},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.726854681968689},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6880059242248535},{"id":"https://openalex.org/C23224414","wikidata":"https://www.wikidata.org/wiki/Q176769","display_name":"Hidden Markov model","level":2,"score":0.6336500644683838},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.6028304100036621},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5321108102798462},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4646192789077759},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.45306262373924255},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2019.2891588","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2891588","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08631171.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:1f62b2bedd334e778534a787b8c58cc8","is_oa":true,"landing_page_url":"https://doaj.org/article/1f62b2bedd334e778534a787b8c58cc8","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 7, Pp 32765-32782 (2019)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2019.2891588","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2019.2891588","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/8600701/08631171.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1316386284","display_name":null,"funder_award_id":"1636622","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2743059744","display_name":null,"funder_award_id":"1633978","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3294808781","display_name":null,"funder_award_id":"1620871","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7459083340","display_name":null,"funder_award_id":"1620871,","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7714596151","display_name":null,"funder_award_id":"1620862","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G848032724","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320310847","display_name":"University of South Florida","ror":"https://ror.org/032db5x82"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2912755644.pdf","grobid_xml":"https://content.openalex.org/works/W2912755644.grobid-xml"},"referenced_works_count":71,"referenced_works":["https://openalex.org/W17316494","https://openalex.org/W22566950","https://openalex.org/W22861983","https://openalex.org/W113692204","https://openalex.org/W114517082","https://openalex.org/W196740607","https://openalex.org/W580247353","https://openalex.org/W1481152834","https://openalex.org/W1508225132","https://openalex.org/W1522301498","https://openalex.org/W1561983441","https://openalex.org/W1581009051","https://openalex.org/W1954903228","https://openalex.org/W1962340579","https://openalex.org/W1966580635","https://openalex.org/W1972041827","https://openalex.org/W1981294881","https://openalex.org/W1984020445","https://openalex.org/W1987684126","https://openalex.org/W2007343513","https://openalex.org/W2016306175","https://openalex.org/W2035593393","https://openalex.org/W2035700414","https://openalex.org/W2039427951","https://openalex.org/W2055234825","https://openalex.org/W2068849277","https://openalex.org/W2076063813","https://openalex.org/W2078965963","https://openalex.org/W2095880437","https://openalex.org/W2100307718","https://openalex.org/W2127540081","https://openalex.org/W2138893874","https://openalex.org/W2146502635","https://openalex.org/W2146729596","https://openalex.org/W2147768505","https://openalex.org/W2153122359","https://openalex.org/W2170508015","https://openalex.org/W2194775991","https://openalex.org/W2221972625","https://openalex.org/W2406349003","https://openalex.org/W2464408822","https://openalex.org/W2487301225","https://openalex.org/W2489447285","https://openalex.org/W2520438606","https://openalex.org/W2546910111","https://openalex.org/W2551282835","https://openalex.org/W2562836854","https://openalex.org/W2564186131","https://openalex.org/W2617931713","https://openalex.org/W2740924709","https://openalex.org/W2744241569","https://openalex.org/W2756193836","https://openalex.org/W2762467223","https://openalex.org/W2773671123","https://openalex.org/W2783628527","https://openalex.org/W2797059531","https://openalex.org/W2907290714","https://openalex.org/W2964248614","https://openalex.org/W4302282827","https://openalex.org/W6600692465","https://openalex.org/W6600949241","https://openalex.org/W6604639599","https://openalex.org/W6608030608","https://openalex.org/W6633578641","https://openalex.org/W6640663528","https://openalex.org/W6641353988","https://openalex.org/W6681435938","https://openalex.org/W6729930695","https://openalex.org/W6730713231","https://openalex.org/W6750479580","https://openalex.org/W7064216267"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2053269318","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W2364370872","https://openalex.org/W3152891574"],"abstract_inverted_index":{"Attackers":[0],"usually":[1],"use":[2,133],"a":[3,23,38,61,85,91,97,110,114,150,170],"command":[4],"and":[5,67,113,131,202,221,232],"control":[6,45],"(C2)":[7],"server":[8],"to":[9,15,32,52,71,95,137,155,176],"manipulate":[10],"the":[11,73,81,118,124,134,139,147,162,178,185,196,199,203,216,219,224,229,235,239],"communication.":[12],"In":[13,56,117,146],"order":[14],"perform":[16],"an":[17,211],"attack,":[18],"threat":[19,78],"actors":[20],"often":[21],"employ":[22],"domain":[24,158],"generation":[25],"algorithm":[26],"(DGA),":[27],"which":[28],"can":[29],"allow":[30],"malware":[31,44],"communicate":[33],"with":[34],"C2":[35],"by":[36,183],"generating":[37],"variety":[39],"of":[40,100,109,198,213],"network":[41,173],"locations.":[42],"Traditional":[43],"methods,":[46],"such":[47],"as":[48],"blacklisting,":[49],"are":[50],"insufficient":[51],"handle":[53],"DGA":[54,69,101,125,144],"threats.":[55],"this":[57],"paper,":[58],"we":[59,121,168,188,209],"propose":[60,90],"machine":[62,105,180],"learning":[63,93,106,181],"framework":[64,107,182,201,220],"for":[65,215,228,234],"identifying":[66],"detecting":[68],"domains":[70,126,130],"alleviate":[72],"threat.":[74],"We":[75,88],"collect":[76],"real-time":[77],"data":[79],"from":[80,128],"real-life":[82],"traffic":[83],"over":[84],"one-year":[86],"period.":[87],"also":[89],"deep":[92,171],"model":[94,112,152,165,175],"classify":[96,123],"large":[98],"number":[99],"domains.":[102,145],"The":[103],"proposed":[104,179,200],"consists":[108],"two-level":[111,119],"prediction":[115,148,237],"model.":[116,205],"model,":[120,149,226],"first":[122],"apart":[127],"normal":[129],"then":[132],"clustering":[135],"method":[136],"identify":[138],"algorithms":[140],"that":[141],"generate":[142],"those":[143],"time-series":[151],"is":[153],"constructed":[154],"predict":[156],"incoming":[157],"features":[159],"based":[160],"on":[161],"hidden":[163],"Markov":[164],"(HMM).":[166],"Furthermore,":[167],"build":[169],"neural":[172],"(DNN)":[174],"enhance":[177],"handling":[184],"huge":[186],"dataset":[187],"gradually":[189],"collected.":[190],"Our":[191],"extensive":[192],"experimental":[193],"results":[194],"demonstrate":[195],"accuracy":[197,212],"DNN":[204,225],"To":[206],"be":[207],"precise,":[208],"achieve":[210],"95.89%":[214],"classification":[217],"in":[218,223,238],"97.79%":[222],"92.45%":[227],"second-level":[230],"clustering,":[231],"95.21%":[233],"HMM":[236],"framework.":[240]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":13},{"year":2024,"cited_by_count":12},{"year":2023,"cited_by_count":18},{"year":2022,"cited_by_count":18},{"year":2021,"cited_by_count":10},{"year":2020,"cited_by_count":15},{"year":2019,"cited_by_count":5}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}