{"id":"https://openalex.org/W4413679692","doi":"https://doi.org/10.1109/csr64739.2025.11130109","title":"C2-based Malware Detection Through Network Analysis Using Machine Learning","display_name":"C2-based Malware Detection Through Network Analysis Using Machine Learning","publication_year":2025,"publication_date":"2025-08-04","ids":{"openalex":"https://openalex.org/W4413679692","doi":"https://doi.org/10.1109/csr64739.2025.11130109"},"language":"en","primary_location":{"id":"doi:10.1109/csr64739.2025.11130109","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130109","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119437550","display_name":"Martin Martijan","orcid":null},"institutions":[{"id":"https://openalex.org/I173212132","display_name":"Vilnius University","ror":"https://ror.org/03nadee84","country_code":"LT","type":"education","lineage":["https://openalex.org/I173212132"]},{"id":"https://openalex.org/I4210087704","display_name":"Vilnius University of Applied Sciences","ror":"https://ror.org/004gnah66","country_code":"LT","type":"education","lineage":["https://openalex.org/I4210087704"]}],"countries":["LT"],"is_corresponding":true,"raw_author_name":"Martin Martijan","raw_affiliation_strings":["Institute of Computer Science Vilnius University,Vilnius,Lithuania"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Science Vilnius University,Vilnius,Lithuania","institution_ids":["https://openalex.org/I173212132","https://openalex.org/I4210087704"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5077334925","display_name":"Virgilijus Krinickij","orcid":"https://orcid.org/0009-0005-8248-5690"},"institutions":[{"id":"https://openalex.org/I173212132","display_name":"Vilnius University","ror":"https://ror.org/03nadee84","country_code":"LT","type":"education","lineage":["https://openalex.org/I173212132"]},{"id":"https://openalex.org/I4210087704","display_name":"Vilnius University of Applied Sciences","ror":"https://ror.org/004gnah66","country_code":"LT","type":"education","lineage":["https://openalex.org/I4210087704"]}],"countries":["LT"],"is_corresponding":false,"raw_author_name":"Virgilijus Krinickij","raw_affiliation_strings":["Institute of Computer Science Vilnius University,Vilnius,Lithuania"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Science Vilnius University,Vilnius,Lithuania","institution_ids":["https://openalex.org/I173212132","https://openalex.org/I4210087704"]}]},{"author_position":"last","author":{"id":null,"display_name":"Linas Bukauskas","orcid":null},"institutions":[{"id":"https://openalex.org/I173212132","display_name":"Vilnius University","ror":"https://ror.org/03nadee84","country_code":"LT","type":"education","lineage":["https://openalex.org/I173212132"]},{"id":"https://openalex.org/I4210087704","display_name":"Vilnius University of Applied Sciences","ror":"https://ror.org/004gnah66","country_code":"LT","type":"education","lineage":["https://openalex.org/I4210087704"]}],"countries":["LT"],"is_corresponding":false,"raw_author_name":"Linas Bukauskas","raw_affiliation_strings":["Institute of Computer Science Vilnius University,Vilnius,Lithuania"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Science Vilnius University,Vilnius,Lithuania","institution_ids":["https://openalex.org/I173212132","https://openalex.org/I4210087704"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5119437550"],"corresponding_institution_ids":["https://openalex.org/I173212132","https://openalex.org/I4210087704"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.2626858,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"275","last_page":"280"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9879000186920166,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9879000186920166,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.967199981212616,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8524690270423889},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8132169246673584},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.4769643545150757},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.46395745873451233},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.26395443081855774}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8524690270423889},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8132169246673584},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.4769643545150757},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.46395745873451233},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.26395443081855774}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/csr64739.2025.11130109","is_oa":false,"landing_page_url":"https://doi.org/10.1109/csr64739.2025.11130109","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 IEEE International Conference on Cyber Security and Resilience (CSR)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2768892939","https://openalex.org/W4285507391","https://openalex.org/W3164408430","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334","https://openalex.org/W2134874482"],"abstract_inverted_index":{"The":[0,113,134],"increasing":[1],"sophistication":[2],"of":[3,44,99],"cyber":[4],"threats,":[5],"particularly":[6],"those":[7],"leveraging":[8],"Command-and-Control":[9],"(C2)":[10],"infrastructures,":[11],"poses":[12],"significant":[13],"challenges":[14],"to":[15,54,68,74,88,94,130,169],"traditional":[16],"detection":[17,132,172,181],"mechanisms.":[18],"While":[19],"machine":[20],"learning":[21],"(ML)":[22],"has":[23],"been":[24,124],"explored":[25],"for":[26,47],"network":[27],"anomaly":[28],"detection,":[29],"many":[30],"existing":[31],"approaches":[32],"rely":[33],"on":[34,41,60,96,117],"outdated":[35],"datasets":[36],"or":[37,103],"place":[38],"less":[39],"emphasis":[40],"the":[42,104,111],"importance":[43],"feature":[45,65],"engineering":[46,66],"distinguishing":[48],"malware":[49,56,120,154],"traffic.":[50],"This":[51],"research":[52],"aims":[53],"improve":[55],"classification":[57],"by":[58,175],"focusing":[59],"malware-specific":[61,127],"characteristics":[62],"and":[63,110,142,160],"applying":[64],"techniques":[67],"enhance":[69,131],"datasets,":[70,121],"enabling":[71],"ML":[72],"models":[73,114],"classify":[75],"malicious":[76],"traffic":[77],"with":[78,126],"greater":[79],"accuracy.":[80],"Additionally,":[81],"different":[82],"dataset":[83],"labelling":[84],"strategies":[85],"were":[86],"examined":[87],"determine":[89],"whether":[90],"it":[91],"is":[92],"better":[93],"focus":[95],"infection":[97],"indicators":[98],"compromise":[100],"(IoC)":[101],"only,":[102],"whole":[105],"communication":[106],"between":[107],"an":[108,177],"adversary":[109],"victim.":[112],"are":[115],"trained":[116],"real":[118],"captured":[119],"which":[122],"have":[123],"refined":[125],"engineered":[128],"features":[129],"capabilities.":[133],"work":[135],"presents":[136],"indicative":[137],"results":[138],"that":[139],"Random":[140],"Forest":[141],"Extreme":[143],"Gradient":[144],"Boosting":[145],"classifiers":[146],"achieve":[147],"over":[148],"$98":[149],"\\%$":[150],"accuracy":[151],"in":[152],"identifying":[153],"families":[155],"such":[156],"as":[157],"WarmCookie,":[158],"FormBook,":[159],"AgentTesla":[161],"using":[162],"malware-unique":[163],"network-based":[164,179],"parameters.":[165],"These":[166],"findings":[167],"contribute":[168],"advancing":[170],"intrusion":[171],"systems":[173],"(IDS)":[174],"providing":[176],"automated,":[178],"threat":[180],"methodology.":[182]},"counts_by_year":[],"updated_date":"2026-04-16T08:26:57.006410","created_date":"2025-10-10T00:00:00"}