{"id":"https://openalex.org/W2277564881","doi":"https://doi.org/10.1109/ccst.2015.7389699","title":"Scalable command and control detection in log data through UF-ICF analysis","display_name":"Scalable command and control detection in log data through UF-ICF analysis","publication_year":2015,"publication_date":"2015-09-01","ids":{"openalex":"https://openalex.org/W2277564881","doi":"https://doi.org/10.1109/ccst.2015.7389699","mag":"2277564881"},"language":"en","primary_location":{"id":"doi:10.1109/ccst.2015.7389699","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2015.7389699","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5005332428","display_name":"Kai-Fong Hong","orcid":null},"institutions":[{"id":"https://openalex.org/I92172085","display_name":"Chunghwa Telecom (Taiwan)","ror":"https://ror.org/04f786589","country_code":"TW","type":"company","lineage":["https://openalex.org/I92172085"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Kai-Fong Hong","raw_affiliation_strings":["I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan"],"affiliations":[{"raw_affiliation_string":"I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan","institution_ids":["https://openalex.org/I92172085"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101633061","display_name":"Chien-Chih Chen","orcid":"https://orcid.org/0000-0002-6041-3689"},"institutions":[{"id":"https://openalex.org/I92172085","display_name":"Chunghwa Telecom (Taiwan)","ror":"https://ror.org/04f786589","country_code":"TW","type":"company","lineage":["https://openalex.org/I92172085"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Chien-Chih Chen","raw_affiliation_strings":["I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan"],"affiliations":[{"raw_affiliation_string":"I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan","institution_ids":["https://openalex.org/I92172085"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101946608","display_name":"Yu\u2010Ting Chiu","orcid":"https://orcid.org/0000-0001-7130-5141"},"institutions":[{"id":"https://openalex.org/I92172085","display_name":"Chunghwa Telecom (Taiwan)","ror":"https://ror.org/04f786589","country_code":"TW","type":"company","lineage":["https://openalex.org/I92172085"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yu-Ting Chiu","raw_affiliation_strings":["I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan"],"affiliations":[{"raw_affiliation_string":"I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan","institution_ids":["https://openalex.org/I92172085"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109924862","display_name":"Kuo-Sen Chou","orcid":null},"institutions":[{"id":"https://openalex.org/I92172085","display_name":"Chunghwa Telecom (Taiwan)","ror":"https://ror.org/04f786589","country_code":"TW","type":"company","lineage":["https://openalex.org/I92172085"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Kuo-Sen Chou","raw_affiliation_strings":["I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan"],"affiliations":[{"raw_affiliation_string":"I. & C. Security Lab, Chunghwa Telecom Laboratories, Chung-Li, R.O.C., Taiwan","institution_ids":["https://openalex.org/I92172085"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5005332428"],"corresponding_institution_ids":["https://openalex.org/I92172085"],"apc_list":null,"apc_paid":null,"fwci":1.3313,"has_fulltext":false,"cited_by_count":7,"citation_normalized_percentile":{"value":0.84106098,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"293","last_page":"298"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.825812578201294},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8219161033630371},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.741486132144928},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.6860626339912415},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.5574077367782593},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.5321841239929199},{"id":"https://openalex.org/keywords/string","display_name":"String (physics)","score":0.4895826280117035},{"id":"https://openalex.org/keywords/system-call","display_name":"System call","score":0.41880741715431213},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4183949828147888},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3621017336845398},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.2595827579498291},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.23748785257339478},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.23493951559066772},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.09478703141212463}],"concepts":[{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.825812578201294},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8219161033630371},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.741486132144928},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.6860626339912415},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.5574077367782593},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.5321841239929199},{"id":"https://openalex.org/C157486923","wikidata":"https://www.wikidata.org/wiki/Q1376436","display_name":"String (physics)","level":2,"score":0.4895826280117035},{"id":"https://openalex.org/C2778579508","wikidata":"https://www.wikidata.org/wiki/Q722192","display_name":"System call","level":2,"score":0.41880741715431213},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4183949828147888},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3621017336845398},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.2595827579498291},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.23748785257339478},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.23493951559066772},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.09478703141212463},{"id":"https://openalex.org/C37914503","wikidata":"https://www.wikidata.org/wiki/Q156495","display_name":"Mathematical physics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ccst.2015.7389699","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2015.7389699","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":21,"referenced_works":["https://openalex.org/W79790601","https://openalex.org/W80155331","https://openalex.org/W1559377889","https://openalex.org/W1583098994","https://openalex.org/W1775772884","https://openalex.org/W1827212170","https://openalex.org/W1916198581","https://openalex.org/W1977415353","https://openalex.org/W1990089904","https://openalex.org/W2061455058","https://openalex.org/W2069620139","https://openalex.org/W2120713742","https://openalex.org/W2124808847","https://openalex.org/W2159636195","https://openalex.org/W2545374358","https://openalex.org/W3201324407","https://openalex.org/W6603260413","https://openalex.org/W6634779276","https://openalex.org/W6638021444","https://openalex.org/W6638623425","https://openalex.org/W6677903450"],"related_works":["https://openalex.org/W2439951656","https://openalex.org/W1573526548","https://openalex.org/W1998188341","https://openalex.org/W2385758958","https://openalex.org/W3176864451","https://openalex.org/W2183313954","https://openalex.org/W4360982091","https://openalex.org/W1969635302","https://openalex.org/W2053632570","https://openalex.org/W3211525895"],"abstract_inverted_index":{"During":[0],"an":[1,6,129],"advanced":[2],"persistent":[3],"threat":[4],"(APT),":[5],"attacker":[7],"group":[8],"usually":[9],"establish":[10],"more":[11],"than":[12],"one":[13],"C&C":[14,18,47,105,123],"server":[15],"and":[16,25,45,60,72,100,125],"these":[17],"servers":[19,106],"will":[20],"change":[21],"their":[22],"domain":[23],"names":[24],"corresponding":[26],"IP":[27],"addresses":[28],"over":[29],"time":[30],"to":[31,65,103],"be":[32],"unseen":[33],"by":[34,77,84],"anti-virus":[35],"software":[36],"or":[37,88],"intrusion":[38],"prevention":[39],"systems.":[40],"For":[41],"this":[42],"reason,":[43],"discovering":[44],"catching":[46],"sites":[48],"becomes":[49],"a":[50,62,67,78,85,89,95,108],"big":[51],"challenge":[52],"in":[53],"information":[54],"security.":[55],"Based":[56],"on":[57],"our":[58],"observations":[59],"deductions,":[61],"malware":[63,79],"tends":[64],"contain":[66],"fixed":[68],"user":[69],"agent":[70],"string,":[71],"the":[73,117,126],"connection":[74],"behaviors":[75],"generated":[76],"is":[80],"different":[81],"from":[82],"that":[83,116],"benign":[86],"service":[87],"normal":[90],"user.":[91],"This":[92],"paper":[93],"proposed":[94,118],"new":[96],"method":[97,119],"comprising":[98],"filtering":[99],"clustering":[101],"methods":[102],"detect":[104,122],"with":[107],"relatively":[109],"higher":[110],"coverage":[111],"rate.":[112],"The":[113],"experiments":[114],"revealed":[115],"can":[120,127],"successfully":[121],"Servers,":[124],"provide":[128],"important":[130],"clue":[131],"for":[132],"detecting":[133],"APT.":[134]},"counts_by_year":[{"year":2020,"cited_by_count":1},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}