{"id":"https://openalex.org/W7138981633","doi":"https://doi.org/10.1109/globecom59602.2025.11431652","title":"Unveiling Stealthy DGA Traffic: A Hybrid Threshold-Behavior Analysis Framework for Detecting Botnet Domains","display_name":"Unveiling Stealthy DGA Traffic: A Hybrid Threshold-Behavior Analysis Framework for Detecting Botnet Domains","publication_year":2025,"publication_date":"2025-12-08","ids":{"openalex":"https://openalex.org/W7138981633","doi":"https://doi.org/10.1109/globecom59602.2025.11431652"},"language":null,"primary_location":{"id":"doi:10.1109/globecom59602.2025.11431652","is_oa":false,"landing_page_url":"https://doi.org/10.1109/globecom59602.2025.11431652","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"GLOBECOM 2025 - 2025 IEEE Global Communications Conference","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5129966646","display_name":"Jiankang Sun","orcid":null},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Jiankang Sun","raw_affiliation_strings":["University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027"],"affiliations":[{"raw_affiliation_string":"University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5004027189","display_name":"Lutong Chen","orcid":"https://orcid.org/0000-0001-6044-9457"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lutong Chen","raw_affiliation_strings":["University of Science and Technology of China,Network and Information Center,Hefei,China,230026"],"affiliations":[{"raw_affiliation_string":"University of Science and Technology of China,Network and Information Center,Hefei,China,230026","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5121665558","display_name":"Xuanbo Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuanbo Huang","raw_affiliation_strings":["University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027"],"affiliations":[{"raw_affiliation_string":"University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5035424523","display_name":"Xi Xie","orcid":"https://orcid.org/0000-0001-7406-8444"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xuanchao Xie","raw_affiliation_strings":["University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027"],"affiliations":[{"raw_affiliation_string":"University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102487066","display_name":"Zixu Huang","orcid":null},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zixu Huang","raw_affiliation_strings":["University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027"],"affiliations":[{"raw_affiliation_string":"University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027","institution_ids":["https://openalex.org/I126520041"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100751832","display_name":"Ke Xue","orcid":"https://orcid.org/0000-0002-7528-180X"},"institutions":[{"id":"https://openalex.org/I126520041","display_name":"University of Science and Technology of China","ror":"https://ror.org/04c4dkn09","country_code":"CN","type":"education","lineage":["https://openalex.org/I126520041","https://openalex.org/I19820366"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kaiping Xue","raw_affiliation_strings":["University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027"],"affiliations":[{"raw_affiliation_string":"University of Science and Technology of China,School of Cyber Science and Technology,Hefei,China,230027","institution_ids":["https://openalex.org/I126520041"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5129966646"],"corresponding_institution_ids":["https://openalex.org/I126520041"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.76805526,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"3049","last_page":"3054"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8205000162124634,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8205000162124634,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.06469999998807907,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.019899999722838402,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6485000252723694},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.6427000164985657},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5755000114440918},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5444999933242798},{"id":"https://openalex.org/keywords/thresholding","display_name":"Thresholding","score":0.4634999930858612},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.3474999964237213}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7215999960899353},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6485000252723694},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.6427000164985657},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5755000114440918},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5444999933242798},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5127000212669373},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.47110000252723694},{"id":"https://openalex.org/C191178318","wikidata":"https://www.wikidata.org/wiki/Q2256906","display_name":"Thresholding","level":3,"score":0.4634999930858612},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.37209999561309814},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.3474999964237213},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.3361000120639801},{"id":"https://openalex.org/C81669768","wikidata":"https://www.wikidata.org/wiki/Q2359161","display_name":"Precision and recall","level":2,"score":0.3160000145435333},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.3057999908924103},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.2547999918460846}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/globecom59602.2025.11431652","is_oa":false,"landing_page_url":"https://doi.org/10.1109/globecom59602.2025.11431652","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"GLOBECOM 2025 - 2025 IEEE Global Communications Conference","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335892","display_name":"Youth Innovation Promotion Association","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W2041617071","https://openalex.org/W2136495567","https://openalex.org/W2410828832","https://openalex.org/W2899670782","https://openalex.org/W2908338198","https://openalex.org/W2912388825","https://openalex.org/W2971890500","https://openalex.org/W3122189786","https://openalex.org/W3192478068","https://openalex.org/W4312328598","https://openalex.org/W4402957797"],"related_works":[],"abstract_inverted_index":{"In":[0,54],"recent":[1,28],"years,":[2],"most":[3],"botnets":[4],"have":[5],"utilized":[6],"Domain":[7],"Generation":[8],"Algorithms":[9],"(DGAs)":[10],"to":[11,15,50,74,111,147,160],"dynamically":[12],"generate":[13],"domains":[14,77,130,181],"establish":[16],"communication":[17],"with":[18,140],"Command":[19],"and":[20,67,182,197],"Control":[21],"(C&C)":[22],"servers,":[23],"enabling":[24],"malicious":[25,113],"activities.":[26],"However,":[27],"research":[29],"mainly":[30],"proposes":[31],"methods":[32],"based":[33],"on":[34,155],"labeled":[35,179],"DGA":[36,76,129,150,180,192],"domain":[37,92,114,144,151],"datasets":[38,159],"that":[39,65,86,170],"already":[40],"yield":[41],"high":[42],"detection":[43],"rates,":[44],"but":[45],"cannot":[46],"be":[47],"applied":[48],"directly":[49],"realistic":[51,156],"network":[52,69,157],"environments.":[53],"this":[55],"paper,":[56],"we":[57,135],"propose":[58],"a":[59,82,107,174,186],"novel":[60],"hybrid":[61,101],"threshold-behavior":[62,102],"analysis":[63,103,142],"system":[64,80,172],"examines":[66],"processes":[68],"traffic":[70,158],"in":[71],"several":[72],"layers":[73],"detect":[75],"precisely.":[78],"Our":[79],"incorporates":[81],"multi-level":[83],"filtering":[84,109],"approach":[85],"dramatically":[87],"increases":[88],"the":[89,95,123,162],"precision":[90],"of":[91,125,143,164,189],"identification.":[93],"At":[94],"system\u2019s":[96],"center":[97],"lies":[98],"its":[99,195],"innovative":[100],"framework,":[104],"which":[105],"employs":[106],"cascaded":[108],"process":[110],"enhance":[112],"identification":[115],"while":[116],"efficiently":[117],"preserving":[118],"computational":[119],"resources.":[120],"To":[121],"address":[122],"issue":[124],"separating":[126],"highly":[127],"random":[128],"from":[131],"their":[132],"legitimate":[133],"ones,":[134],"utilize":[136],"adaptive":[137],"thresholding":[138],"combined":[139],"contextual":[141],"query":[145],"patterns":[146],"enable":[148],"stealthy":[149],"detection.":[152],"We":[153],"test":[154],"verify":[161],"performance":[163],"our":[165,171],"system.":[166],"The":[167],"experiments":[168],"show":[169],"has":[173],"97.88%":[175],"recall":[176],"rate":[177],"for":[178],"can":[183],"correctly":[184],"identify":[185],"huge":[187],"number":[188],"previously":[190],"unlabeled":[191],"domains,":[193],"demonstrating":[194],"effectiveness":[196],"feasibility.":[198]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2026-03-20T00:00:00"}