{"id":"https://openalex.org/W2773625629","doi":"https://doi.org/10.1109/ccst.2017.8167790","title":"Real-time behavioral DGA detection through machine learning","display_name":"Real-time behavioral DGA detection through machine learning","publication_year":2017,"publication_date":"2017-10-01","ids":{"openalex":"https://openalex.org/W2773625629","doi":"https://doi.org/10.1109/ccst.2017.8167790","mag":"2773625629"},"language":"en","primary_location":{"id":"doi:10.1109/ccst.2017.8167790","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2017.8167790","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5075110204","display_name":"Federica Bisio","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Federica Bisio","raw_affiliation_strings":["Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5028861342","display_name":"Salvatore Saeli","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Salvatore Saeli","raw_affiliation_strings":["Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5081265630","display_name":"Pierangelo Lombardo","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Pierangelo Lombardo","raw_affiliation_strings":["Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5086632953","display_name":"Davide Bernardi","orcid":"https://orcid.org/0000-0002-7043-6606"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Davide Bernardi","raw_affiliation_strings":["Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5050415063","display_name":"Alan Perotti","orcid":"https://orcid.org/0000-0002-1690-6865"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Alan Perotti","raw_affiliation_strings":["Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5017405781","display_name":"Danilo Massa","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Danilo Massa","raw_affiliation_strings":["Aizoon Technology Consulting, Turin, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Aizoon Technology Consulting, Turin, Italy","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":6,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.856,"has_fulltext":false,"cited_by_count":33,"citation_normalized_percentile":{"value":0.92224247,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9983999729156494,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8537092208862305},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8003576993942261},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.740240752696991},{"id":"https://openalex.org/keywords/session","display_name":"Session (web analytics)","score":0.49336734414100647},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.47450774908065796},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.46938082575798035},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.44523224234580994},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.43516087532043457},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.39026159048080444},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.390019029378891},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3205556273460388},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.17670544981956482}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8537092208862305},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8003576993942261},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.740240752696991},{"id":"https://openalex.org/C2779182362","wikidata":"https://www.wikidata.org/wiki/Q17126187","display_name":"Session (web analytics)","level":2,"score":0.49336734414100647},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.47450774908065796},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.46938082575798035},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.44523224234580994},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.43516087532043457},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.39026159048080444},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.390019029378891},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3205556273460388},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.17670544981956482},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ccst.2017.8167790","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ccst.2017.8167790","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 International Carnahan Conference on Security Technology (ICCST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399999856948853,"id":"https://metadata.un.org/sdg/9","display_name":"Industry, innovation and infrastructure"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W17316494","https://openalex.org/W41404523","https://openalex.org/W85558978","https://openalex.org/W155384935","https://openalex.org/W196740607","https://openalex.org/W395611350","https://openalex.org/W1534477342","https://openalex.org/W1561983441","https://openalex.org/W1595868485","https://openalex.org/W1954903228","https://openalex.org/W1977556410","https://openalex.org/W2003116136","https://openalex.org/W2045414949","https://openalex.org/W2055234825","https://openalex.org/W2126887125","https://openalex.org/W2133433867","https://openalex.org/W2136495567","https://openalex.org/W2152955531","https://openalex.org/W2183976465","https://openalex.org/W2191989567","https://openalex.org/W2410154332","https://openalex.org/W2487301225","https://openalex.org/W2528493629","https://openalex.org/W2617200927","https://openalex.org/W2750680860","https://openalex.org/W2798058877","https://openalex.org/W2964156406","https://openalex.org/W2987823657","https://openalex.org/W3098102491","https://openalex.org/W3139397679","https://openalex.org/W4230715394","https://openalex.org/W4239907196","https://openalex.org/W6606342502","https://openalex.org/W6633578641","https://openalex.org/W6640663528","https://openalex.org/W6686456165","https://openalex.org/W6727740283","https://openalex.org/W6743799543","https://openalex.org/W7064216267"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W4230197055","https://openalex.org/W4296749040","https://openalex.org/W2753240997","https://openalex.org/W1557094818","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W1975357770","https://openalex.org/W2783300127"],"abstract_inverted_index":{"During":[0],"the":[1,4,14,18,50,54,61,75,78,83,93,109,141,147,160,166,170,174,192],"last":[2],"years,":[3],"use":[5],"of":[6,16,20,49,56,77,92,143,154],"Domain":[7],"Generation":[8],"Algorithms":[9],"(DGAs)":[10],"has":[11,125],"increased":[12],"with":[13],"aim":[15],"improving":[17],"resiliency":[19],"communication":[21],"between":[22],"bots":[23],"and":[24,26,63,89,96,107,139],"Command":[25],"Control":[27],"(C&C)":[28],"infrastructure.":[29],"In":[30,146,169],"this":[31],"paper,":[32],"we":[33,150],"report":[34],"on":[35,41,74],"an":[36,130,177],"effective":[37],"DGA-detection":[38],"algorithm":[39,175],"based":[40],"a":[42,57,144,181,187],"single":[43],"network":[44,132],"monitoring.":[45],"The":[46,70,87,122],"first":[47,148],"step":[48],"proposed":[51,123,167],"method":[52],"is":[53],"detection":[55],"bot":[58],"looking":[59],"for":[60],"C&C":[62],"thus":[64],"querying":[65],"many":[66],"automatically":[67],"generated":[68],"domains.":[69],"second":[71],"phase":[72],"consists":[73],"analysis":[76],"resolved":[79,97],"DNS":[80],"requests":[81],"in":[82,102,116,180],"same":[84,193],"time":[85],"interval.":[86],"linguistic":[88],"semantic":[90],"features":[91],"collected":[94],"unresolved":[95],"domains":[98],"are":[99,114],"then":[100],"extracted":[101],"order":[103,117],"to":[104,118],"cluster":[105],"them":[106],"identify":[108],"specific":[110],"bot.":[111],"Finally,":[112],"clusters":[113],"analyzed":[115],"reduce":[119],"false":[120],"positives.":[121],"solution":[124],"been":[126],"evaluated":[127],"over":[128],"(1)":[129],"ad-hoc":[131],"where":[133],"several":[134,157],"known":[135],"DGAs":[136],"were":[137,163],"injected":[138],"(2)":[140],"LAN":[142],"company.":[145],"experiment,":[149],"deployed":[151],"different":[152],"families":[153],"malware":[155],"employing":[156],"DGAs:":[158],"all":[159],"malicious":[161],"variants":[162],"detected":[164],"by":[165],"algorithm.":[168],"real":[171],"case":[172],"scenario,":[173],"discovered":[176],"infected":[178],"host":[179],"15-day-long":[182],"experimental":[183],"session,":[184],"while":[185],"producing":[186],"low":[188],"false-positive":[189],"rate":[190],"during":[191],"period.":[194]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2024,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":4},{"year":2018,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}