{"id":"https://openalex.org/W2029256027","doi":"https://doi.org/10.1109/bigdata.2013.6691646","title":"A fast and scalable method for threat detection in large-scale DNS logs","display_name":"A fast and scalable method for threat detection in large-scale DNS logs","publication_year":2013,"publication_date":"2013-10-01","ids":{"openalex":"https://openalex.org/W2029256027","doi":"https://doi.org/10.1109/bigdata.2013.6691646","mag":"2029256027"},"language":"en","primary_location":{"id":"doi:10.1109/bigdata.2013.6691646","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata.2013.6691646","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 IEEE International Conference on Big Data","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5015283279","display_name":"Ron Begleiter","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Ron Begleiter","raw_affiliation_strings":["Fortscale Inc., Tel-Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Fortscale Inc., Tel-Aviv, Israel","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072913672","display_name":"Yuval Elovici","orcid":"https://orcid.org/0000-0002-9641-128X"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Yuval Elovici","raw_affiliation_strings":["Ben-Gurion University of the Negev","Ben Gurion University of the Negev"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev","institution_ids":["https://openalex.org/I124227911"]},{"raw_affiliation_string":"Ben Gurion University of the Negev","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039508063","display_name":"Y. Hollander","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yona Hollander","raw_affiliation_strings":["Fortscale Inc., Tel-Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Fortscale Inc., Tel-Aviv, Israel","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011539708","display_name":"Ori Mendelson","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Ori Mendelson","raw_affiliation_strings":["Fortscale Inc., Tel-Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Fortscale Inc., Tel-Aviv, Israel","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012622155","display_name":"Lior Rokach","orcid":"https://orcid.org/0000-0002-6956-3341"},"institutions":[{"id":"https://openalex.org/I124227911","display_name":"Ben-Gurion University of the Negev","ror":"https://ror.org/05tkyf982","country_code":"IL","type":"education","lineage":["https://openalex.org/I124227911"]}],"countries":["IL"],"is_corresponding":false,"raw_author_name":"Lior Rokach","raw_affiliation_strings":["Ben-Gurion University of the Negev","Ben Gurion University of the Negev"],"affiliations":[{"raw_affiliation_string":"Ben-Gurion University of the Negev","institution_ids":["https://openalex.org/I124227911"]},{"raw_affiliation_string":"Ben Gurion University of the Negev","institution_ids":["https://openalex.org/I124227911"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5058355513","display_name":"Roi Saltzman","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Roi Saltzman","raw_affiliation_strings":["Fortscale Inc., Tel-Aviv, Israel"],"affiliations":[{"raw_affiliation_string":"Fortscale Inc., Tel-Aviv, Israel","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5015283279"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":1.0874,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.80016788,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":"7","issue":null,"first_page":"738","last_page":"741"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.996999979019165,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8132652044296265},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.8020192384719849},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6396703124046326},{"id":"https://openalex.org/keywords/big-data","display_name":"Big data","score":0.5298613905906677},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.5059828162193298},{"id":"https://openalex.org/keywords/scale","display_name":"Scale (ratio)","score":0.49635058641433716},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4774642288684845},{"id":"https://openalex.org/keywords/bounded-function","display_name":"Bounded function","score":0.4697166979312897},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.4677341878414154},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.34539198875427246},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.3264731466770172},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.25172674655914307},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.13118082284927368},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.12695038318634033},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09605392813682556}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8132652044296265},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.8020192384719849},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6396703124046326},{"id":"https://openalex.org/C75684735","wikidata":"https://www.wikidata.org/wiki/Q858810","display_name":"Big data","level":2,"score":0.5298613905906677},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.5059828162193298},{"id":"https://openalex.org/C2778755073","wikidata":"https://www.wikidata.org/wiki/Q10858537","display_name":"Scale (ratio)","level":2,"score":0.49635058641433716},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4774642288684845},{"id":"https://openalex.org/C34388435","wikidata":"https://www.wikidata.org/wiki/Q2267362","display_name":"Bounded function","level":2,"score":0.4697166979312897},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.4677341878414154},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.34539198875427246},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.3264731466770172},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.25172674655914307},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.13118082284927368},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.12695038318634033},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09605392813682556},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/bigdata.2013.6691646","is_oa":false,"landing_page_url":"https://doi.org/10.1109/bigdata.2013.6691646","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2013 IEEE International Conference on Big Data","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W196767578","https://openalex.org/W1583484179","https://openalex.org/W1954903228","https://openalex.org/W1975909792","https://openalex.org/W2032233042","https://openalex.org/W2100307718","https://openalex.org/W2103960658","https://openalex.org/W2104290684","https://openalex.org/W2111427271","https://openalex.org/W2136495567","https://openalex.org/W2161628678","https://openalex.org/W3104314953","https://openalex.org/W6607978808","https://openalex.org/W6640663528","https://openalex.org/W6675789689"],"related_works":["https://openalex.org/W2183899684","https://openalex.org/W3004039032","https://openalex.org/W2012920909","https://openalex.org/W2073523380","https://openalex.org/W4390608645","https://openalex.org/W3010674707","https://openalex.org/W4247566972","https://openalex.org/W4394895745","https://openalex.org/W2960264696","https://openalex.org/W3090563135"],"abstract_inverted_index":{"This":[0,129],"paper":[1],"presents":[2],"a":[3,32,40,51,108],"fast":[4],"and":[5,125],"scalable":[6,142],"method":[7,101],"for":[8,143],"detecting":[9],"threats":[10],"in":[11,58,77,114],"large-scale":[12],"DNS":[13,56],"logs.":[14],"In":[15],"such":[16],"logs,":[17],"queries":[18,57],"about":[19],"\u201cabnormal\u201d":[20],"domain":[21,104],"strings":[22],"are":[23,85,140],"often":[24],"correlated":[25],"with":[26,120],"malicious":[27],"behavior.":[28],"With":[29],"our":[30],"method,":[31],"language":[33],"model":[34],"algorithm":[35],"learns":[36],"\u201cnormal\u201d":[37],"domain-names":[38],"from":[39,88],"large":[41],"dataset":[42],"to":[43,134],"rate":[44,131],"the":[45,59,78,99],"extent":[46],"of":[47,55],"domain-name":[48],"\u201cabnormality\u201d":[49],"within":[50],"big":[52,144],"data":[53,145],"stream":[54],"organization.":[60],"Variable-order":[61],"Markov":[62],"Models":[63],"(VMMs)":[64],"serve":[65],"as":[66],"out":[67],"underlying":[68],"algorithmic":[69],"tool":[70],"since":[71],"their":[72,82],"running":[73],"time":[74],"is":[75,132],"linear":[76],"input":[79],"sequence":[80],"while":[81],"memory":[83],"requirements":[84],"constantly":[86],"bounded":[87],"above,":[89],"both":[90],"very":[91],"appealing":[92],"characteristics.":[93],"Our":[94],"experimental":[95],"study":[96],"indicates":[97],"that":[98,139],"proposed":[100],"can":[102],"detect":[103],"names":[105],"generated":[106],"by":[107],"genuine":[109],"Domain":[110],"Generation":[111],"Algorithm,":[112],"used":[113],"Advanced":[115],"Persistent":[116],"Threat":[117],"attack":[118],"scenarios,":[119],"less":[121],"than":[122],"5%":[123],"false-negative":[124],"1%":[126],"false-positive":[127],"rates.":[128],"detection":[130],"similar":[133],"more":[135],"computationally":[136],"intensive":[137],"methods":[138],"not":[141],"environments.":[146]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":3},{"year":2017,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2014,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}