{"id":"https://openalex.org/W4205507498","doi":"https://doi.org/10.1109/ic-nidc54101.2021.9660578","title":"Zombie Hosts Identification Based on DNS Log","display_name":"Zombie Hosts Identification Based on DNS Log","publication_year":2021,"publication_date":"2021-11-17","ids":{"openalex":"https://openalex.org/W4205507498","doi":"https://doi.org/10.1109/ic-nidc54101.2021.9660578"},"language":"en","primary_location":{"id":"doi:10.1109/ic-nidc54101.2021.9660578","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ic-nidc54101.2021.9660578","pdf_url":null,"source":{"id":"https://openalex.org/S4363608589","display_name":"2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002876556","display_name":"R. Wang","orcid":"https://orcid.org/0000-0002-5059-8456"},"institutions":[{"id":"https://openalex.org/I78675632","display_name":"Beijing Information Science & Technology University","ror":"https://ror.org/04xnqep60","country_code":"CN","type":"education","lineage":["https://openalex.org/I78675632"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Renjie Wang","raw_affiliation_strings":["Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China","institution_ids":["https://openalex.org/I78675632"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5019731244","display_name":"Yangsen Zhang","orcid":"https://orcid.org/0000-0002-0280-8455"},"institutions":[{"id":"https://openalex.org/I78675632","display_name":"Beijing Information Science & Technology University","ror":"https://ror.org/04xnqep60","country_code":"CN","type":"education","lineage":["https://openalex.org/I78675632"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Yangsen Zhang","raw_affiliation_strings":["Beijing Laboratory of National Economic Security Early-warning Engineering, Beijing, China","Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Laboratory of National Economic Security Early-warning Engineering, Beijing, China","institution_ids":[]},{"raw_affiliation_string":"Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China","institution_ids":["https://openalex.org/I78675632"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046137655","display_name":"Ruixue Duan","orcid":"https://orcid.org/0000-0002-4478-1692"},"institutions":[{"id":"https://openalex.org/I78675632","display_name":"Beijing Information Science & Technology University","ror":"https://ror.org/04xnqep60","country_code":"CN","type":"education","lineage":["https://openalex.org/I78675632"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ruixue Duan","raw_affiliation_strings":["Beijing Laboratory of National Economic Security Early-warning Engineering, Beijing, China","Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Beijing Laboratory of National Economic Security Early-warning Engineering, Beijing, China","institution_ids":[]},{"raw_affiliation_string":"Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China","institution_ids":["https://openalex.org/I78675632"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5060323103","display_name":"Zhuofan Huang","orcid":"https://orcid.org/0000-0003-3284-0728"},"institutions":[{"id":"https://openalex.org/I78675632","display_name":"Beijing Information Science & Technology University","ror":"https://ror.org/04xnqep60","country_code":"CN","type":"education","lineage":["https://openalex.org/I78675632"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhuofan Huang","raw_affiliation_strings":["Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China"],"affiliations":[{"raw_affiliation_string":"Institute of Intelligent Information Processing, Beijing Information Science and Technology University, Beijing, China","institution_ids":["https://openalex.org/I78675632"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5002876556"],"corresponding_institution_ids":["https://openalex.org/I78675632"],"apc_list":null,"apc_paid":null,"fwci":0.616,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.56805175,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":94,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"413","last_page":"417"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12326","display_name":"Network Packet Processing and Optimization","score":0.9775999784469604,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/zombie","display_name":"Zombie","score":0.7777211666107178},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7657463550567627},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.7144418954849243},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.6461731195449829},{"id":"https://openalex.org/keywords/preprocessor","display_name":"Preprocessor","score":0.6105756759643555},{"id":"https://openalex.org/keywords/anomaly-detection","display_name":"Anomaly detection","score":0.5999993085861206},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.5565561056137085},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.5365033149719238},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.46297284960746765},{"id":"https://openalex.org/keywords/perspective","display_name":"Perspective (graphical)","score":0.41332706809043884},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.2248671054840088},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.200565904378891},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1919666826725006},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.1625126302242279},{"id":"https://openalex.org/keywords/mathematics","display_name":"Mathematics","score":0.07297208905220032}],"concepts":[{"id":"https://openalex.org/C144446859","wikidata":"https://www.wikidata.org/wiki/Q219164","display_name":"Zombie","level":2,"score":0.7777211666107178},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7657463550567627},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.7144418954849243},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.6461731195449829},{"id":"https://openalex.org/C34736171","wikidata":"https://www.wikidata.org/wiki/Q918333","display_name":"Preprocessor","level":2,"score":0.6105756759643555},{"id":"https://openalex.org/C739882","wikidata":"https://www.wikidata.org/wiki/Q3560506","display_name":"Anomaly detection","level":2,"score":0.5999993085861206},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.5565561056137085},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.5365033149719238},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.46297284960746765},{"id":"https://openalex.org/C12713177","wikidata":"https://www.wikidata.org/wiki/Q1900281","display_name":"Perspective (graphical)","level":2,"score":0.41332706809043884},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.2248671054840088},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.200565904378891},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1919666826725006},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.1625126302242279},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.07297208905220032},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/ic-nidc54101.2021.9660578","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ic-nidc54101.2021.9660578","pdf_url":null,"source":{"id":"https://openalex.org/S4363608589","display_name":"2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"conference"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 7th IEEE International Conference on Network Intelligence and Digital Content (IC-NIDC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.47999998927116394,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G2215655480","display_name":null,"funder_award_id":"4204100","funder_id":"https://openalex.org/F4320322919","funder_display_name":"Natural Science Foundation of Beijing Municipality"},{"id":"https://openalex.org/G2899955072","display_name":null,"funder_award_id":"61772081","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322919","display_name":"Natural Science Foundation of Beijing Municipality","ror":null}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":1,"referenced_works":["https://openalex.org/W4312580598"],"related_works":["https://openalex.org/W3211952845","https://openalex.org/W3187978971","https://openalex.org/W459167536","https://openalex.org/W4380874517","https://openalex.org/W4287028859","https://openalex.org/W4213192136","https://openalex.org/W2898750407","https://openalex.org/W4318711621","https://openalex.org/W3210657763","https://openalex.org/W1629127207"],"abstract_inverted_index":{"Although":[0],"the":[1,15,24,31,59,62,65,104],"academia":[2],"has":[3,68],"done":[4],"a":[5,75,95,113],"lot":[6],"of":[7,17,33,55,61],"research":[8,57],"on":[9,44,58,79,120],"DNS":[10,27,34,80,88,96,139],"abnormal":[11],"behavior,":[12],"whether":[13],"from":[14],"perspective":[16],"traffic":[18,45,84],"or":[19],"irregular":[20],"domain":[21,50,121],"name":[22,51,122],"recognition,":[23,52],"mechanism":[25],"behind":[26],"is":[28,100,125],"ignored":[29],"in":[30,109,138],"pre-processing":[32],"logs":[35,89,105],"and":[36,48,53],"other":[37],"data.":[38],"In":[39],"addition,":[40],"most":[41],"studies":[42],"focus":[43],"anomaly":[46],"detection":[47,117],"unconventional":[49],"lack":[54],"systematic":[56],"combination":[60],"two,":[63],"so":[64],"proposed":[66],"algorithm":[67,99,118],"no":[69],"practical":[70],"application.":[71],"This":[72],"paper":[73],"proposes":[74],"clustering":[76],"method":[77,132],"based":[78,119],"client":[81],"IP":[82],"address":[83],"characteristics,":[85],"which":[86],"divides":[87],"into":[90],"five":[91],"access":[92],"modes.":[93],"Then,":[94],"log":[97],"preprocessing":[98],"designed":[101],"to":[102],"preprocess":[103],"that":[106,130],"may":[107],"exist":[108],"zombie":[110,136],"hosts.":[111],"Finally,":[112],"two-layer":[114],"GRU":[115],"network":[116],"text":[123],"features":[124],"proposed.":[126],"Experimental":[127],"results":[128],"show":[129],"this":[131],"can":[133],"effectively":[134],"identify":[135],"hosts":[137],"logs.":[140]},"counts_by_year":[{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}