{"id":"https://openalex.org/W2501070846","doi":"https://doi.org/10.1109/icc.2016.7511197","title":"Detection of command and control in advanced persistent threat based on independent access","display_name":"Detection of command and control in advanced persistent threat based on independent access","publication_year":2016,"publication_date":"2016-05-01","ids":{"openalex":"https://openalex.org/W2501070846","doi":"https://doi.org/10.1109/icc.2016.7511197","mag":"2501070846"},"language":"en","primary_location":{"id":"doi:10.1109/icc.2016.7511197","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc.2016.7511197","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE International Conference on Communications (ICC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5057140938","display_name":"Xu Wang","orcid":"https://orcid.org/0000-0001-9439-6437"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xu Wang","raw_affiliation_strings":["Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China"],"affiliations":[{"raw_affiliation_string":"Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101644259","display_name":"Kangfeng Zheng","orcid":"https://orcid.org/0000-0001-8405-1726"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kangfeng Zheng","raw_affiliation_strings":["Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China"],"affiliations":[{"raw_affiliation_string":"Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103099146","display_name":"Xinxin Niu","orcid":"https://orcid.org/0000-0002-8143-0189"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xinxin Niu","raw_affiliation_strings":["Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China"],"affiliations":[{"raw_affiliation_string":"Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101432128","display_name":"Bin Wu","orcid":"https://orcid.org/0000-0002-7112-126X"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Bin Wu","raw_affiliation_strings":["Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China"],"affiliations":[{"raw_affiliation_string":"Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China","institution_ids":["https://openalex.org/I139759216"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101726128","display_name":"Chunhua Wu","orcid":"https://orcid.org/0000-0001-5082-2422"},"institutions":[{"id":"https://openalex.org/I139759216","display_name":"Beijing University of Posts and Telecommunications","ror":"https://ror.org/04w9fbh59","country_code":"CN","type":"education","lineage":["https://openalex.org/I139759216"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunhua Wu","raw_affiliation_strings":["Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China"],"affiliations":[{"raw_affiliation_string":"Information Security Center, Beijing University of Posts and Telecommunications, Beijng, China","institution_ids":["https://openalex.org/I139759216"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5057140938"],"corresponding_institution_ids":["https://openalex.org/I139759216"],"apc_list":null,"apc_paid":null,"fwci":5.6111,"has_fulltext":false,"cited_by_count":48,"citation_normalized_percentile":{"value":0.96200071,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7549476027488708},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.662928581237793},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6216526031494141},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.6193939447402954},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5488959550857544},{"id":"https://openalex.org/keywords/component","display_name":"Component (thermodynamics)","score":0.4373423457145691},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.423923522233963},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3557320833206177},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.12036234140396118},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.11812412738800049}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7549476027488708},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.662928581237793},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6216526031494141},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.6193939447402954},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5488959550857544},{"id":"https://openalex.org/C168167062","wikidata":"https://www.wikidata.org/wiki/Q1117970","display_name":"Component (thermodynamics)","level":2,"score":0.4373423457145691},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.423923522233963},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3557320833206177},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.12036234140396118},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.11812412738800049},{"id":"https://openalex.org/C97355855","wikidata":"https://www.wikidata.org/wiki/Q11473","display_name":"Thermodynamics","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/icc.2016.7511197","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc.2016.7511197","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2016 IEEE International Conference on Communications (ICC)","raw_type":"proceedings-article"},{"id":"pmh:oai:opus.lib.uts.edu.au:10453/145081","is_oa":false,"landing_page_url":"http://hdl.handle.net/10453/145081","pdf_url":null,"source":{"id":"https://openalex.org/S4306401357","display_name":"UTS ePRESS (University of Technology Sydney)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I114017466","host_organization_name":"University of Technology Sydney","host_organization_lineage":["https://openalex.org/I114017466"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference Proceeding"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":22,"referenced_works":["https://openalex.org/W120517747","https://openalex.org/W323184818","https://openalex.org/W1462349742","https://openalex.org/W1583098994","https://openalex.org/W1670263352","https://openalex.org/W1775772884","https://openalex.org/W1966527770","https://openalex.org/W1979826292","https://openalex.org/W1991906836","https://openalex.org/W1999489595","https://openalex.org/W2120713742","https://openalex.org/W2133990480","https://openalex.org/W2155536216","https://openalex.org/W2164928506","https://openalex.org/W2168248885","https://openalex.org/W2518957057","https://openalex.org/W4298845221","https://openalex.org/W6628628164","https://openalex.org/W6634779276","https://openalex.org/W6638021444","https://openalex.org/W6677903450","https://openalex.org/W6684452487"],"related_works":["https://openalex.org/W4390282541","https://openalex.org/W2357256365","https://openalex.org/W2348502264","https://openalex.org/W2365486383","https://openalex.org/W2996710020","https://openalex.org/W2362059367","https://openalex.org/W2350084742","https://openalex.org/W2901443725","https://openalex.org/W2357988862","https://openalex.org/W1855558850"],"abstract_inverted_index":{"Advanced":[0],"Persistent":[1],"Threat":[2],"(APT)":[3],"imposes":[4],"increasing":[5],"threats":[6],"on":[7,103,146],"cyber":[8],"security":[9],"with":[10],"the":[11,39,65,69,80,87,96,104,119,129],"developing":[12],"network":[13],"attack":[14],"technologies.":[15],"APT":[16,92],"is":[17,60,73,99],"a":[18,74,109,138,150],"highly":[19],"interactive,":[20],"specifically":[21],"targeted":[22],"and":[23,57,93,124,143,157],"extremely":[24],"harmful":[25],"network-centric":[26],"attack,":[27],"which":[28],"employs":[29],"various":[30],"technologies":[31],"to":[32,38,77,117],"evade":[33],"detection":[34,70,141],"during":[35,64],"attacks":[36,48],"leading":[37],"result":[40],"that":[41,95],"victims":[42],"will":[43],"not":[44],"be":[45],"aware":[46],"of":[47,67,71,89,112,153],"until":[49],"they":[50],"suffer":[51],"from":[52],"tremendous":[53],"losses.":[54],"Since":[55],"command":[56],"control":[58],"(C&C)":[59],"an":[61],"essential":[62],"component":[63],"lifetime":[66],"APT,":[68],"it":[72,145],"practical":[75],"measure":[76],"defend":[78],"against":[79],"APT.":[81],"In":[82],"this":[83],"paper,":[84],"we":[85,107,136],"analyze":[86],"features":[88],"C&C":[90,98,122,140],"in":[91],"find":[94],"HTTP-based":[97],"widely":[100],"used.":[101],"Based":[102],"analysis":[105],"results,":[106],"propose":[108],"new":[110,151],"feature":[111,132,152],"C&C,":[113,154],"i.e.,":[114],"independent":[115,130],"access,":[116],"characterize":[118],"difference":[120],"between":[121],"communications":[123],"normal":[125],"HTTP":[126],"requests.":[127],"Applying":[128],"access":[131],"into":[133],"DNS":[134],"records,":[135],"implement":[137],"novel":[139],"method":[142],"validate":[144],"public":[147],"dataset.":[148],"As":[149],"its":[155],"advantages":[156],"drawbacks":[158],"are":[159],"also":[160],"analyzed.":[161]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":5},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":5},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":3},{"year":2016,"cited_by_count":1}],"updated_date":"2026-04-05T17:49:38.594831","created_date":"2025-10-10T00:00:00"}