{"id":"https://openalex.org/W2016713855","doi":"https://doi.org/10.1109/glocom.2012.6503218","title":"Towards active measurement for DNS query behavior of botnets","display_name":"Towards active measurement for DNS query behavior of botnets","publication_year":2012,"publication_date":"2012-12-01","ids":{"openalex":"https://openalex.org/W2016713855","doi":"https://doi.org/10.1109/glocom.2012.6503218","mag":"2016713855"},"language":"en","primary_location":{"id":"doi:10.1109/glocom.2012.6503218","is_oa":false,"landing_page_url":"https://doi.org/10.1109/glocom.2012.6503218","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 IEEE Global Communications Conference (GLOBECOM)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5003951925","display_name":"Xiaobo Ma","orcid":"https://orcid.org/0000-0002-0934-5035"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiaobo Ma","raw_affiliation_strings":["MOE KLINNS Lab, Xi'an Jiaotong University, China","Moe Klinns Lab, Xi'an Jiaotong University, Xian, China"],"affiliations":[{"raw_affiliation_string":"MOE KLINNS Lab, Xi'an Jiaotong University, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"Moe Klinns Lab, Xi'an Jiaotong University, Xian, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100462018","display_name":"Jianfeng Li","orcid":"https://orcid.org/0000-0002-3453-0195"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jianfeng Li","raw_affiliation_strings":["MOE KLINNS Lab, Xi'an Jiaotong University, China","Moe Klinns Lab, Xi'an Jiaotong University, Xian, China"],"affiliations":[{"raw_affiliation_string":"MOE KLINNS Lab, Xi'an Jiaotong University, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"Moe Klinns Lab, Xi'an Jiaotong University, Xian, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101516220","display_name":"Jing Tao","orcid":"https://orcid.org/0009-0009-3911-4260"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jing Tao","raw_affiliation_strings":["MOE KLINNS Lab, Xi'an Jiaotong University, China","Moe Klinns Lab, Xi'an Jiaotong University, Xian, China"],"affiliations":[{"raw_affiliation_string":"MOE KLINNS Lab, Xi'an Jiaotong University, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"Moe Klinns Lab, Xi'an Jiaotong University, Xian, China","institution_ids":["https://openalex.org/I87445476"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5075845093","display_name":"Xiaohong Guan","orcid":"https://orcid.org/0000-0002-8826-0362"},"institutions":[{"id":"https://openalex.org/I87445476","display_name":"Xi'an Jiaotong University","ror":"https://ror.org/017zhmm22","country_code":"CN","type":"education","lineage":["https://openalex.org/I87445476"]},{"id":"https://openalex.org/I99065089","display_name":"Tsinghua University","ror":"https://ror.org/03cve4549","country_code":"CN","type":"education","lineage":["https://openalex.org/I99065089"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaohong Guan","raw_affiliation_strings":["MOE KLINNS Lab, Xi'an Jiaotong University, China","Moe Klinns Lab, Xi'an Jiaotong University, Xian, China","Department of Automation and NLIST, Tsinghua University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"MOE KLINNS Lab, Xi'an Jiaotong University, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"Moe Klinns Lab, Xi'an Jiaotong University, Xian, China","institution_ids":["https://openalex.org/I87445476"]},{"raw_affiliation_string":"Department of Automation and NLIST, Tsinghua University, Beijing, China","institution_ids":["https://openalex.org/I99065089"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5003951925"],"corresponding_institution_ids":["https://openalex.org/I87445476"],"apc_list":null,"apc_paid":null,"fwci":0.3546,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.6145972,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"845","last_page":"849"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11158","display_name":"Wireless Networks and Protocols","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9754354953765869},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.8937414884567261},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7948311567306519},{"id":"https://openalex.org/keywords/name-server","display_name":"Name server","score":0.6737757325172424},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6684615015983582},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5250115990638733},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33861875534057617},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.24593031406402588},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1908860206604004}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9754354953765869},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.8937414884567261},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7948311567306519},{"id":"https://openalex.org/C105320234","wikidata":"https://www.wikidata.org/wiki/Q41494","display_name":"Name server","level":3,"score":0.6737757325172424},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6684615015983582},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5250115990638733},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33861875534057617},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.24593031406402588},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1908860206604004}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/glocom.2012.6503218","is_oa":false,"landing_page_url":"https://doi.org/10.1109/glocom.2012.6503218","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 IEEE Global Communications Conference (GLOBECOM)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W1486318496","https://openalex.org/W1581184532","https://openalex.org/W2076028002","https://openalex.org/W2094675735","https://openalex.org/W2099205108","https://openalex.org/W2100214769","https://openalex.org/W2101737524","https://openalex.org/W2102283838","https://openalex.org/W2110466131","https://openalex.org/W2131697133","https://openalex.org/W2136495567","https://openalex.org/W2148323889","https://openalex.org/W2150066695","https://openalex.org/W2162709050","https://openalex.org/W2168248885","https://openalex.org/W6634965539"],"related_works":["https://openalex.org/W2183899684","https://openalex.org/W2065991182","https://openalex.org/W2948569047","https://openalex.org/W596534943","https://openalex.org/W3214913819","https://openalex.org/W2733931179","https://openalex.org/W2054545906","https://openalex.org/W1642214788","https://openalex.org/W2095479613","https://openalex.org/W2965181964"],"abstract_inverted_index":{"Domain":[0],"names":[1,101,129],"play":[2],"an":[3],"increasingly":[4],"important":[5],"role":[6],"for":[7],"the":[8,24,42,58,78,89,120,148,153],"botnet":[9,117,154],"activities.":[10],"Traditionally,":[11],"DNS":[12,17,25,48,59,79,90,149,165],"traces":[13],"from":[14],"several":[15,46],"local":[16,47],"servers":[18,49],"are":[19,31,102,130],"used":[20],"passively":[21],"to":[22,54,122,162],"measure":[23,77,115],"query":[26,60,68,80,150,166],"behavior.":[27],"However,":[28],"since":[29],"botnets":[30,83,105,133],"a":[32],"wide-scale":[33],"threat":[34],"and":[35,140,171,178],"usually":[36],"reside":[37],"in":[38,84,106,119,134,168],"geographically":[39,85,136],"dispersed":[40,86,137],"networks,":[41],"vantage":[43],"point":[44],"of":[45,70,82,152],"is":[50],"sometimes":[51],"too":[52],"small":[53],"help":[55,161],"us":[56],"understand":[57],"behavior":[61,81,151],"(e.g.,":[62],"whether":[63],"queried":[64,103,131],"or":[65],"not,":[66],"average":[67],"rate)":[69],"botnets.":[71],"In":[72],"this":[73],"paper,":[74],"we":[75,113],"actively":[76,114],"networks":[87,108,138,170],"via":[88],"cache":[91],"probing":[92],"technique.":[93],"We":[94],"first":[95],"analytically":[96],"characterize":[97],"how":[98,126],"multiple":[99,127],"domain":[100,128],"by":[104,132],"different":[107,169],"under":[109],"certain":[110],"circumstances.":[111],"Then,":[112],"real":[116],"samples":[118],"wild":[121],"gain":[123],"insight":[124],"into":[125],"480":[135],"globally,":[139],"show":[141],"that":[142],"our":[143],"analytical":[144],"characterization":[145],"well":[146],"describes":[147],"samples.":[155],"The":[156],"active":[157],"measurement":[158],"technique":[159],"can":[160],"acquire":[163],"extensive":[164],"information":[167],"thus":[172],"potentially":[173],"facilitate":[174],"various":[175],"DNS-related":[176],"research":[177],"applications.":[179]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2016,"cited_by_count":1},{"year":2014,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}