{"id":"https://openalex.org/W4387870836","doi":"https://doi.org/10.1109/icc45041.2023.10279024","title":"Effective DGA Family Classification Using a Hybrid Shallow and Deep Packet Inspection Technique on P4 Programmable Switches","display_name":"Effective DGA Family Classification Using a Hybrid Shallow and Deep Packet Inspection Technique on P4 Programmable Switches","publication_year":2023,"publication_date":"2023-05-28","ids":{"openalex":"https://openalex.org/W4387870836","doi":"https://doi.org/10.1109/icc45041.2023.10279024"},"language":"en","primary_location":{"id":"doi:10.1109/icc45041.2023.10279024","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc45041.2023.10279024","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2023 - IEEE International Conference on Communications","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5074094953","display_name":"Ali AlSabeh","orcid":"https://orcid.org/0000-0001-7063-4840"},"institutions":[{"id":"https://openalex.org/I157173269","display_name":"Columbia College - South Carolina","ror":"https://ror.org/00es7k954","country_code":"US","type":"education","lineage":["https://openalex.org/I157173269"]},{"id":"https://openalex.org/I155781252","display_name":"University of South Carolina","ror":"https://ror.org/02b6qw903","country_code":"US","type":"education","lineage":["https://openalex.org/I155781252"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ali AlSabeh","raw_affiliation_strings":["College of Engineering and Computing, University of South Carolina (USC),Columbia,South Carolina,USA","College of Engineering and Computing, University of South Carolina (USC), Columbia, South Carolina, USA"],"affiliations":[{"raw_affiliation_string":"College of Engineering and Computing, University of South Carolina (USC),Columbia,South Carolina,USA","institution_ids":["https://openalex.org/I155781252","https://openalex.org/I157173269"]},{"raw_affiliation_string":"College of Engineering and Computing, University of South Carolina (USC), Columbia, South Carolina, USA","institution_ids":["https://openalex.org/I155781252"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5032210843","display_name":"Kurt Friday","orcid":null},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]},{"id":"https://openalex.org/I1335518801","display_name":"Texas A&M University \u2013 San Antonio","ror":"https://ror.org/0084njv03","country_code":"US","type":"education","lineage":["https://openalex.org/I1335518801"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Kurt Friday","raw_affiliation_strings":["The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA),Information Systems and Cyber Security Dept.,San Antonio,Texas,USA","Information Systems and Cyber Security Dept., The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA), San Antonio, Texas, USA"],"affiliations":[{"raw_affiliation_string":"The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA),Information Systems and Cyber Security Dept.,San Antonio,Texas,USA","institution_ids":["https://openalex.org/I45438204","https://openalex.org/I1335518801"]},{"raw_affiliation_string":"Information Systems and Cyber Security Dept., The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA), San Antonio, Texas, USA","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058298121","display_name":"Jorge Crichigno","orcid":"https://orcid.org/0000-0002-6705-5300"},"institutions":[{"id":"https://openalex.org/I157173269","display_name":"Columbia College - South Carolina","ror":"https://ror.org/00es7k954","country_code":"US","type":"education","lineage":["https://openalex.org/I157173269"]},{"id":"https://openalex.org/I155781252","display_name":"University of South Carolina","ror":"https://ror.org/02b6qw903","country_code":"US","type":"education","lineage":["https://openalex.org/I155781252"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jorge Crichigno","raw_affiliation_strings":["College of Engineering and Computing, University of South Carolina (USC),Columbia,South Carolina,USA","College of Engineering and Computing, University of South Carolina (USC), Columbia, South Carolina, USA"],"affiliations":[{"raw_affiliation_string":"College of Engineering and Computing, University of South Carolina (USC),Columbia,South Carolina,USA","institution_ids":["https://openalex.org/I155781252","https://openalex.org/I157173269"]},{"raw_affiliation_string":"College of Engineering and Computing, University of South Carolina (USC), Columbia, South Carolina, USA","institution_ids":["https://openalex.org/I155781252"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039079298","display_name":"Elias Bou\u2010Harb","orcid":"https://orcid.org/0000-0001-8040-4635"},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]},{"id":"https://openalex.org/I1335518801","display_name":"Texas A&M University \u2013 San Antonio","ror":"https://ror.org/0084njv03","country_code":"US","type":"education","lineage":["https://openalex.org/I1335518801"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Elias Bou-Harb","raw_affiliation_strings":["The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA),Information Systems and Cyber Security Dept.,San Antonio,Texas,USA","Information Systems and Cyber Security Dept., The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA), San Antonio, Texas, USA"],"affiliations":[{"raw_affiliation_string":"The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA),Information Systems and Cyber Security Dept.,San Antonio,Texas,USA","institution_ids":["https://openalex.org/I45438204","https://openalex.org/I1335518801"]},{"raw_affiliation_string":"Information Systems and Cyber Security Dept., The Cyber Center For Security and Analytics, University of Texas at San Antonio (UTSA), San Antonio, Texas, USA","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5074094953"],"corresponding_institution_ids":["https://openalex.org/I155781252","https://openalex.org/I157173269"],"apc_list":null,"apc_paid":null,"fwci":2.0091,"has_fulltext":false,"cited_by_count":10,"citation_normalized_percentile":{"value":0.87494831,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"3781","last_page":"3786"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9984999895095825,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10714","display_name":"Software-Defined Networks and 5G","score":0.9972000122070312,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9962999820709229,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7714544534683228},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.6135551929473877},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5720416307449341},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.5340783596038818},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.5319863557815552},{"id":"https://openalex.org/keywords/provisioning","display_name":"Provisioning","score":0.5311288833618164},{"id":"https://openalex.org/keywords/throughput","display_name":"Throughput","score":0.5143316984176636},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.48923683166503906},{"id":"https://openalex.org/keywords/multiclass-classification","display_name":"Multiclass classification","score":0.46768811345100403},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.42314839363098145},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.41196009516716003},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.32531416416168213},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.18266603350639343},{"id":"https://openalex.org/keywords/support-vector-machine","display_name":"Support vector machine","score":0.10669523477554321}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7714544534683228},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.6135551929473877},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5720416307449341},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.5340783596038818},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.5319863557815552},{"id":"https://openalex.org/C172191483","wikidata":"https://www.wikidata.org/wiki/Q1071806","display_name":"Provisioning","level":2,"score":0.5311288833618164},{"id":"https://openalex.org/C157764524","wikidata":"https://www.wikidata.org/wiki/Q1383412","display_name":"Throughput","level":3,"score":0.5143316984176636},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.48923683166503906},{"id":"https://openalex.org/C123860398","wikidata":"https://www.wikidata.org/wiki/Q6934605","display_name":"Multiclass classification","level":3,"score":0.46768811345100403},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.42314839363098145},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.41196009516716003},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32531416416168213},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.18266603350639343},{"id":"https://openalex.org/C12267149","wikidata":"https://www.wikidata.org/wiki/Q282453","display_name":"Support vector machine","level":2,"score":0.10669523477554321},{"id":"https://openalex.org/C555944384","wikidata":"https://www.wikidata.org/wiki/Q249","display_name":"Wireless","level":2,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icc45041.2023.10279024","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icc45041.2023.10279024","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ICC 2023 - IEEE International Conference on Communications","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1595868485","https://openalex.org/W1970499440","https://openalex.org/W1994926493","https://openalex.org/W2082550445","https://openalex.org/W2565766771","https://openalex.org/W2773270814","https://openalex.org/W2773671123","https://openalex.org/W2889547652","https://openalex.org/W2912755644","https://openalex.org/W2998794113","https://openalex.org/W3012476877","https://openalex.org/W3080777947","https://openalex.org/W3125704518","https://openalex.org/W3127353117","https://openalex.org/W3131488785","https://openalex.org/W3173684417","https://openalex.org/W3195826529","https://openalex.org/W3196285162","https://openalex.org/W3212017873","https://openalex.org/W3212929491","https://openalex.org/W4210984003","https://openalex.org/W4296918427","https://openalex.org/W4321383469","https://openalex.org/W6719105664"],"related_works":["https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W2280422768","https://openalex.org/W3143197806","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819","https://openalex.org/W4252555497"],"abstract_inverted_index":{"Domain":[0],"Generation":[1],"Algorithms":[2],"(DGAs)":[3],"are":[4],"one":[5],"of":[6,29,94,120,172,175,184,211],"the":[7,18,26,42,83,110,151,191,208],"most":[8],"effective":[9],"strategies":[10,38],"for":[11,36],"malware":[12,176],"to":[13,39,67,101,116,163,181,218],"obtain":[14,182],"a":[15,46,78,118,203],"connection":[16],"with":[17,135,199],"adversary's":[19],"Command":[20],"and":[21,87,103,124,130,166,188,224],"Control":[22],"(C2)":[23],"server.":[24],"Moreover,":[25],"growing":[27],"number":[28],"DGA":[30,43,51,70,106,186],"families":[31,187],"makes":[32],"it":[33],"increasingly":[34],"challenging":[35],"defense":[37],"promptly":[40,195],"identify":[41],"family":[44,198],"behind":[45],"given":[47],"compromise.":[48],"State-of-the-art":[49],"high-dimensional":[50],"detection":[52],"models":[53],"perform":[54],"poorly":[55],"in":[56,153],"such":[57],"multiclass":[58,205],"classification":[59,206],"scenarios":[60],"because":[61],"their":[62,164],"domain":[63,125],"name-based":[64],"features":[65,127,141],"fail":[66],"distinguish":[68],"between":[69],"families.":[71,107],"To":[72],"this":[73,75],"extent,":[74],"paper":[76],"proposes":[77],"novel":[79],"framework":[80],"that":[81,190],"harnesses":[82],"flexibility,":[84],"per-packet":[85],"granularity,":[86],"Terabits":[88],"per":[89],"second":[90],"(Tbps)":[91],"processing":[92],"capabilities":[93],"P4":[95,111],"Programmable":[96],"Data":[97],"Plane":[98],"(PDP)":[99],"switches":[100,161],"swiftly":[102],"accurately":[104],"classify":[105,196],"In":[108],"particular,":[109],"PDP":[112],"switch":[113],"is":[114],"leveraged":[115],"extract":[117],"combination":[119],"unique":[121],"network":[122,216],"heuristics":[123],"name":[126],"through":[128],"shallow":[129],"Deep":[131],"Packet":[132],"Inspection":[133],"(DPI)":[134],"minimal":[136],"throughput":[137,152],"reduction.":[138],"Such":[139,202],"collected":[140],"cannot":[142],"be":[143],"tracked":[144],"on":[145,157],"commodity":[146],"hardware":[147],"without":[148],"significantly":[149],"degrading":[150],"high-speed":[154],"networks,":[155],"nor":[156],"traditional":[158],"layer":[159],"2/3":[160],"due":[162],"limited":[165],"fixed":[167],"functionalities.":[168],"We":[169],"crawled":[170],"hundreds":[171],"Gigabytes":[173],"(GBs)":[174],"samples":[177],"from":[178],"different":[179],"sources":[180],"instances":[183],"50":[185],"show":[189],"proposed":[192],"approach":[193],"can":[194],"each":[197],"high":[200],"accuracy.":[201],"reliable":[204],"enables":[207],"immediate":[209],"halting":[210],"malicious":[212],"communications":[213],"while":[214],"allowing":[215],"operators":[217],"initiate":[219],"appropriate":[220],"mitigation,":[221],"incident":[222],"management,":[223],"provisioning":[225],"strategies.":[226]},"counts_by_year":[{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}