{"id":"https://openalex.org/W4400489892","doi":"https://doi.org/10.1109/cscwd61410.2024.10580190","title":"HBGraph: a Host Behavior Graph Model for C&amp;C Traffic Detection","display_name":"HBGraph: a Host Behavior Graph Model for C&amp;C Traffic Detection","publication_year":2024,"publication_date":"2024-05-08","ids":{"openalex":"https://openalex.org/W4400489892","doi":"https://doi.org/10.1109/cscwd61410.2024.10580190"},"language":"en","primary_location":{"id":"doi:10.1109/cscwd61410.2024.10580190","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/cscwd61410.2024.10580190","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5104018079","display_name":"Yanzhe Huang","orcid":"https://orcid.org/0000-0001-7554-5783"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yitan Huang","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5113220114","display_name":"Jian Qin","orcid":null},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jian Qin","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101546955","display_name":"Zelin Cui","orcid":"https://orcid.org/0000-0002-7229-3231"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zelin Cui","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100773110","display_name":"Li Ning","orcid":"https://orcid.org/0000-0002-3246-7057"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ning Li","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069409781","display_name":"Bo Jiang","orcid":"https://orcid.org/0000-0001-9446-8875"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bo Jiang","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5006911293","display_name":"Zhigang Lu","orcid":"https://orcid.org/0000-0002-2552-6231"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"funder","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhigang Lu","raw_affiliation_strings":["Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China"],"affiliations":[{"raw_affiliation_string":"Chinese Academy of Sciences,Institute of Information Engineering,Beijing,China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5104018079"],"corresponding_institution_ids":["https://openalex.org/I19820366","https://openalex.org/I4210156404"],"apc_list":null,"apc_paid":null,"fwci":0.3636,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.59057351,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":97,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2788","last_page":"2793"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9648000001907349,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9648000001907349,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.5564810037612915},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.5096118450164795},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.5006563663482666},{"id":"https://openalex.org/keywords/combinatorics","display_name":"Combinatorics","score":0.3424570560455322},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.307037353515625},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.22961464524269104},{"id":"https://openalex.org/keywords/biology","display_name":"Biology","score":0.11006000638008118},{"id":"https://openalex.org/keywords/genetics","display_name":"Genetics","score":0.08929583430290222}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5564810037612915},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.5096118450164795},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.5006563663482666},{"id":"https://openalex.org/C114614502","wikidata":"https://www.wikidata.org/wiki/Q76592","display_name":"Combinatorics","level":1,"score":0.3424570560455322},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.307037353515625},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.22961464524269104},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.11006000638008118},{"id":"https://openalex.org/C54355233","wikidata":"https://www.wikidata.org/wiki/Q7162","display_name":"Genetics","level":1,"score":0.08929583430290222}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/cscwd61410.2024.10580190","is_oa":false,"landing_page_url":"http://dx.doi.org/10.1109/cscwd61410.2024.10580190","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2024 27th International Conference on Computer Supported Cooperative Work in Design (CSCWD)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"},{"id":"https://openalex.org/F4320335892","display_name":"Youth Innovation Promotion Association","ror":null},{"id":"https://openalex.org/F4320337504","display_name":"Research and Development","ror":"https://ror.org/027s68j25"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"The":[0,79],"command":[1],"and":[2,32,50,92,128,134,167],"control":[3],"(C&C)":[4],"mechanism":[5],"is":[6],"the":[7,26,37,55,83,115,122,125,129,139,144,150],"key":[8],"to":[9,34,36,46,149],"realizing":[10],"many":[11],"network":[12,42],"attack":[13],"activities.":[14],"Most":[15],"available":[16],"C&C":[17,60,151,171],"traffic":[18,43,62,85],"detection":[19,63,168],"methods":[20,27],"rely":[21],"on":[22,73],"machine":[23],"learning.":[24],"However,":[25],"often":[28],"detect":[29],"specific":[30],"attacks":[31],"struggle":[33],"adapt":[35],"complex":[38],"needs":[39],"of":[40,111],"real-world":[41],"environments":[44],"due":[45],"high":[47],"training":[48],"costs":[49],"limited":[51],"transferability.":[52],"To":[53],"address":[54],"problems,":[56],"we":[57,120,157],"propose":[58,108],"a":[59,67,109],"communication":[61,104,152,172],"model":[64,71,80,140,161],"called":[65],"HBGraph,":[66,119],"host":[68,103],"behavior":[69],"graph":[70],"based":[72],"directed":[74,88,98],"packet":[75],"payload":[76,89],"length":[77,90],"sequences.":[78],"can":[81,141],"preprocess":[82],"original":[84],"datasets,":[86],"extract":[87],"sequences,":[91],"then":[93],"integrate":[94],"them":[95],"into":[96],"weighted":[97],"graphs":[99,113],"that":[100,159],"represent":[101],"different":[102],"behaviors.":[105,173],"We":[106],"also":[107],"method":[110],"merging":[112],"with":[114,131],"same":[116],"label.":[117],"In":[118],"measure":[121],"similarity":[123,136],"between":[124],"unknown":[126,145],"instance":[127,147],"signature":[130],"both":[132],"node":[133],"edge":[135],"scores.":[137],"Finally,":[138],"predict":[142],"whether":[143],"test":[146],"belongs":[148],"traffic.":[153],"After":[154],"experimental":[155],"evaluation,":[156],"prove":[158],"our":[160],"has":[162],"good":[163],"performance,":[164],"strong":[165],"generalizability,":[166],"ability":[169],"for":[170]},"counts_by_year":[{"year":2026,"cited_by_count":1}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}