{"id":"https://openalex.org/W7151608640","doi":"https://doi.org/10.1109/icmla66185.2025.00162","title":"Detecting Sliver DNS Command and Control (C2) Beaconing Using LSTM Neural Networks","display_name":"Detecting Sliver DNS Command and Control (C2) Beaconing Using LSTM Neural Networks","publication_year":2025,"publication_date":"2025-12-03","ids":{"openalex":"https://openalex.org/W7151608640","doi":"https://doi.org/10.1109/icmla66185.2025.00162"},"language":null,"primary_location":{"id":"doi:10.1109/icmla66185.2025.00162","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00162","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5133121304","display_name":"Robert D Ward","orcid":null},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Robert D Ward","raw_affiliation_strings":["George Mason University,Department of Computer Science,Fairfax,VA,USA,22030"],"affiliations":[{"raw_affiliation_string":"George Mason University,Department of Computer Science,Fairfax,VA,USA,22030","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100634218","display_name":"Xinyuan Wang","orcid":"https://orcid.org/0000-0003-0154-749X"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xinyuan Wang","raw_affiliation_strings":["George Mason University,Department of Computer Science,Fairfax,VA,USA,22030"],"affiliations":[{"raw_affiliation_string":"George Mason University,Department of Computer Science,Fairfax,VA,USA,22030","institution_ids":["https://openalex.org/I162714631"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5133121304"],"corresponding_institution_ids":["https://openalex.org/I162714631"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.78246445,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1058","last_page":"1063"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.4577000141143799,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.4577000141143799,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10246","display_name":"Mobile Ad Hoc Networks","score":0.04670000076293945,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T13983","display_name":"Cybersecurity and Information Systems","score":0.02449999935925007,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5512999892234802},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.4178999960422516},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.29980000853538513},{"id":"https://openalex.org/keywords/control-system","display_name":"Control system","score":0.28839999437332153},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.2700999975204468}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.682200014591217},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5512999892234802},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.45879998803138733},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.4178999960422516},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.29980000853538513},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.28839999437332153},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.2793000042438507},{"id":"https://openalex.org/C28490314","wikidata":"https://www.wikidata.org/wiki/Q189436","display_name":"Speech recognition","level":1,"score":0.27810001373291016},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.2700999975204468},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.26919999718666077},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.2671999931335449},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.25029999017715454}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/icmla66185.2025.00162","is_oa":false,"landing_page_url":"https://doi.org/10.1109/icmla66185.2025.00162","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 International Conference on Machine Learning and Applications (ICMLA)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W1989598342","https://openalex.org/W2064675550","https://openalex.org/W2999681325","https://openalex.org/W3094378670","https://openalex.org/W3125745247","https://openalex.org/W4366492421","https://openalex.org/W4392942955","https://openalex.org/W4401567999","https://openalex.org/W4402264016","https://openalex.org/W4404031046","https://openalex.org/W4407784478"],"related_works":[],"abstract_inverted_index":{"Many":[0],"sophisticated":[1,51],"cyberattacks":[2],"(e.g.,":[3,49],"advanced":[4],"persistent":[5],"threat":[6],"(APT),":[7],"supply":[8],"chain":[9],"attacks)":[10],"used":[11,54,72],"command":[12],"and":[13,20,38,87,106,111,127,144,154,159],"control":[14,21],"(C2)":[15],"channel":[16],"to":[17,57,73,138],"remotely":[18],"explore":[19],"the":[22,36,114],"compromised":[23],"systems.":[24],"As":[25],"domain":[26],"name":[27],"system":[28],"(DNS)":[29],"is":[30,41,136],"almost":[31,44],"always":[32],"needed":[33],"everywhere":[34],"on":[35],"Internet":[37],"DNS":[39,55,75,84,97,101,129,151,166],"traffic":[40,56],"allowed":[42],"by":[43],"all":[45],"network":[46],"security":[47],"systems":[48],"firewall),":[50],"malware":[52],"have":[53,81,88,104],"disguise":[58],"their":[59],"C2":[60,77,85,98,130,152,167],"channels.In":[61],"this":[62],"paper,":[63],"we":[64,80],"investigate":[65],"how":[66],"deep":[67],"learning":[68,91],"techniques":[69],"can":[70,94],"be":[71],"detect":[74],"based":[76],"traffic.":[78],"Specifically,":[79],"analyzed":[82],"Sliver":[83,128],"activities":[86,153],"identified":[89],"machine":[90],"features":[92],"that":[93],"effectively":[95],"distinguish":[96],"from":[99],"normal":[100],"activities.":[102,168],"We":[103],"built":[105],"trained":[107,118],"LSTM":[108,119,133],"RNN":[109,120,134],"model":[110,121,135],"empirically":[112],"validated":[113],"effectiveness":[115],"of":[116,125],"our":[117],"with":[122],"large":[123],"amount":[124],"benign":[126],"records.":[131],"Our":[132],"able":[137],"achieve":[139],"96.889%":[140],"TPR,":[141,156],"0.001%":[142,157],"FPR":[143,158],"99.98%":[145],"accuracy":[146,161],"in":[147,162],"detecting":[148,163],"beacon":[149],"mode":[150,165],"99.34%":[155],"99.99%":[160],"interactive":[164]},"counts_by_year":[],"updated_date":"2026-04-09T06:08:40.794217","created_date":"2026-04-08T00:00:00"}