{"id":"https://openalex.org/W3138770802","doi":"https://doi.org/10.1109/access.2021.3066957","title":"IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files","display_name":"IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3138770802","doi":"https://doi.org/10.1109/access.2021.3066957","mag":"3138770802"},"language":"en","primary_location":{"id":"doi:10.1109/access.2021.3066957","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3066957","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09381197.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09381197.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5087670807","display_name":"David Lazar","orcid":"https://orcid.org/0000-0002-7816-457X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"David Lazar","raw_affiliation_strings":["Department of Computer Science, Ben-Gurion University of the Negev, Beer Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-7816-457X","affiliations":[{"raw_affiliation_string":"Department of Computer Science, Ben-Gurion University of the Negev, Beer Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066085947","display_name":"Kobi Cohen","orcid":"https://orcid.org/0000-0003-0532-009X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Kobi Cohen","raw_affiliation_strings":["School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Beer Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0003-0532-009X","affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, Ben-Gurion University of the Negev, Beer Sheva, Israel","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5067977927","display_name":"Alon Freund","orcid":"https://orcid.org/0000-0002-9768-7018"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alon Freund","raw_affiliation_strings":["IBM Cyber Security Center of Excellence, Beer Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-9768-7018","affiliations":[{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Beer Sheva, Israel","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5033762600","display_name":"Avishay Bartik","orcid":"https://orcid.org/0000-0002-0454-4043"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Avishay Bartik","raw_affiliation_strings":["IBM Cyber Security Center of Excellence, Beer Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-0454-4043","affiliations":[{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Beer Sheva, Israel","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5019238211","display_name":"Aviv Ron","orcid":"https://orcid.org/0000-0002-5936-973X"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Aviv Ron","raw_affiliation_strings":["IBM Cyber Security Center of Excellence, Beer Sheva, Israel"],"raw_orcid":"https://orcid.org/0000-0002-5936-973X","affiliations":[{"raw_affiliation_string":"IBM Cyber Security Center of Excellence, Beer Sheva, Israel","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":4.2674,"has_fulltext":true,"cited_by_count":22,"citation_normalized_percentile":{"value":0.94488646,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":99},"biblio":{"volume":"9","issue":null,"first_page":"45242","last_page":"45258"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7296714186668396},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6643504500389099},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.6550697088241577},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.6403011679649353},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4580686390399933},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.4094207286834717},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.35797709226608276},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.3265450894832611},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.17737016081809998}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7296714186668396},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6643504500389099},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.6550697088241577},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.6403011679649353},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4580686390399933},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.4094207286834717},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.35797709226608276},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.3265450894832611},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.17737016081809998},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2021.3066957","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3066957","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09381197.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:29d0389605dc46e08462a30627db1d46","is_oa":true,"landing_page_url":"https://doaj.org/article/29d0389605dc46e08462a30627db1d46","pdf_url":null,"source":{"id":"https://openalex.org/S4306401280","display_name":"DOAJ (DOAJ: Directory of Open Access Journals)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 9, Pp 45242-45258 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2021.3066957","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2021.3066957","pdf_url":"https://ieeexplore.ieee.org/ielx7/6287639/9312710/09381197.pdf","source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320323051","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982"},{"id":"https://openalex.org/F4320336203","display_name":"Cyber Security Research Center, Ben-Gurion University of the Negev","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W155384935","https://openalex.org/W1762161369","https://openalex.org/W1936523258","https://openalex.org/W1978470213","https://openalex.org/W1983776999","https://openalex.org/W2010562718","https://openalex.org/W2028223155","https://openalex.org/W2046163812","https://openalex.org/W2096889767","https://openalex.org/W2135349594","https://openalex.org/W2148323889","https://openalex.org/W2224076641","https://openalex.org/W2395908694","https://openalex.org/W2396855773","https://openalex.org/W2401054255","https://openalex.org/W2514847810","https://openalex.org/W2535159308","https://openalex.org/W2604883504","https://openalex.org/W2606751384","https://openalex.org/W2743681928","https://openalex.org/W2748868501","https://openalex.org/W2766937060","https://openalex.org/W2794598542","https://openalex.org/W2803489710","https://openalex.org/W2804240301","https://openalex.org/W2940958568","https://openalex.org/W2945910721","https://openalex.org/W2955801758","https://openalex.org/W2961130895","https://openalex.org/W2965181964","https://openalex.org/W2972832672","https://openalex.org/W2975453956","https://openalex.org/W3047988770","https://openalex.org/W6606342502","https://openalex.org/W6713023146","https://openalex.org/W6728432340","https://openalex.org/W6736203523","https://openalex.org/W6743493502","https://openalex.org/W6746005657"],"related_works":["https://openalex.org/W2183899684","https://openalex.org/W3004039032","https://openalex.org/W2012920909","https://openalex.org/W2073523380","https://openalex.org/W3010674707","https://openalex.org/W2791352643","https://openalex.org/W1517101574","https://openalex.org/W4378190626","https://openalex.org/W2621903343","https://openalex.org/W2381436100"],"abstract_inverted_index":{"Cyber":[0],"attacks":[1,72,89],"have":[2],"become":[3,101],"more":[4],"sophisticated":[5],"and":[6,19,42,82,116,127,168,199],"frequent":[7],"over":[8],"the":[9,12,30,45,159,165,201,205],"years.":[10],"Detecting":[11],"components":[13,41],"operated":[14],"during":[15],"a":[16,23,66,80,102,120,131,136,155,174,208],"cyber":[17,34,71],"attack":[18],"relating":[20],"them":[21,129],"to":[22,50,123,130],"specific":[24,132],"threat":[25,46],"actor":[26,47],"is":[27,48],"one":[28],"of":[29,39,44,144,161,204],"main":[31],"challenges":[32],"facing":[33],"security":[35,52],"systems.":[36],"Reliable":[37],"detection":[38],"malicious":[40,106,125,193],"identification":[43],"imperative":[49],"mitigate":[51],"issues":[53],"by":[54],"Security":[55],"Operations":[56],"Center":[57],"(SOC)":[58],"analysts.":[59],"The":[60,178],"Domain":[61,146],"Name":[62],"System":[63],"(DNS)":[64],"plays":[65],"significant":[67],"role":[68],"in":[69,75,85,94,135,153,173],"most":[70],"observed":[73,166],"nowadays":[74],"that":[76,157],"domains":[77,126,167],"act":[78],"as":[79],"Command":[81],"Control":[83],"(C&C)":[84],"coordinated":[86],"bot":[87],"network":[88],"or":[90],"impersonate":[91],"legitimate":[92],"websites":[93],"phishing":[95],"attacks.":[96],"Thus,":[97],"DNS":[98,139,170,188],"analysis":[99,179],"has":[100],"popular":[103],"tool":[104],"for":[105,164],"domain":[107],"identification.":[108],"In":[109],"this":[110],"collaborative":[111],"research":[112],"associating":[113],"Ben-Gurion":[114],"University":[115],"IBM,":[117],"we":[118],"develop":[119],"novel":[121],"algorithm":[122,206],"detect":[124],"relate":[128],"malware":[133],"campaign":[134],"large-scale":[137,210],"real-data":[138],"traffic":[140],"environment,":[141],"dubbed":[142],"Identification":[143],"Malicious":[145],"Campaigns":[147],"(IMDoC)":[148],"algorithm.":[149],"Its":[150],"novelty":[151],"resides":[152],"developing":[154],"framework":[156],"combines":[158],"existence":[160],"communicating":[162,194],"files":[163,195],"their":[169],"request":[171],"patterns":[172],"real":[175,183,209],"production":[176,212],"environment.":[177,213],"was":[180],"conducted":[181],"on":[182,207],"data":[184,211],"from":[185,197],"Quad9":[186],"(9.9.9.9)":[187],"recursive":[189],"resolvers":[190],"combined":[191],"with":[192],"extracted":[196],"VirusTotal,":[198],"confirms":[200],"strong":[202],"performance":[203]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":5}],"updated_date":"2026-06-17T08:01:34.144755","created_date":"2025-10-10T00:00:00"}