{"id":"https://openalex.org/W2897094640","doi":"https://doi.org/10.1109/iscisc.2017.8488370","title":"Utilizing Features of Aggregated Flows to Identify Botnet Network Traffic","display_name":"Utilizing Features of Aggregated Flows to Identify Botnet Network Traffic","publication_year":2017,"publication_date":"2017-09-01","ids":{"openalex":"https://openalex.org/W2897094640","doi":"https://doi.org/10.1109/iscisc.2017.8488370","mag":"2897094640"},"language":"en","primary_location":{"id":"doi:10.1109/iscisc.2017.8488370","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc.2017.8488370","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5025137620","display_name":"Banafsheh Heydari","orcid":null},"institutions":[{"id":"https://openalex.org/I23946033","display_name":"University of Tehran","ror":"https://ror.org/05vf56z40","country_code":"IR","type":"education","lineage":["https://openalex.org/I23946033"]}],"countries":["IR"],"is_corresponding":true,"raw_author_name":"Banafsheh Heydari","raw_affiliation_strings":["School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran","institution_ids":["https://openalex.org/I23946033"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048304004","display_name":"Habib Allah Yajam","orcid":"https://orcid.org/0000-0003-4344-7446"},"institutions":[{"id":"https://openalex.org/I23946033","display_name":"University of Tehran","ror":"https://ror.org/05vf56z40","country_code":"IR","type":"education","lineage":["https://openalex.org/I23946033"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Habib Yajam","raw_affiliation_strings":["School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran","institution_ids":["https://openalex.org/I23946033"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5042360234","display_name":"Mohammad Ali Akhaee","orcid":"https://orcid.org/0000-0003-3753-5618"},"institutions":[{"id":"https://openalex.org/I23946033","display_name":"University of Tehran","ror":"https://ror.org/05vf56z40","country_code":"IR","type":"education","lineage":["https://openalex.org/I23946033"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Mohammad Ali Akhaee","raw_affiliation_strings":["School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran","institution_ids":["https://openalex.org/I23946033"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010648032","display_name":"Sadaf Salehkalaibar","orcid":"https://orcid.org/0000-0003-1227-3797"},"institutions":[{"id":"https://openalex.org/I23946033","display_name":"University of Tehran","ror":"https://ror.org/05vf56z40","country_code":"IR","type":"education","lineage":["https://openalex.org/I23946033"]}],"countries":["IR"],"is_corresponding":false,"raw_author_name":"Sadaf Salehkalaibar","raw_affiliation_strings":["School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Computer Engineering, University of Tehran, Tehran, Iran","institution_ids":["https://openalex.org/I23946033"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5025137620"],"corresponding_institution_ids":["https://openalex.org/I23946033"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.30335728,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":93},"biblio":{"volume":"7","issue":null,"first_page":"25","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9929298758506775},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7847691178321838},{"id":"https://openalex.org/keywords/cyberspace","display_name":"Cyberspace","score":0.650238037109375},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5453008413314819},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5253583788871765},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5076276063919067},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.4663490653038025},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40875837206840515},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38777026534080505},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3428955078125},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.10184681415557861}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9929298758506775},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7847691178321838},{"id":"https://openalex.org/C2781241145","wikidata":"https://www.wikidata.org/wiki/Q204606","display_name":"Cyberspace","level":3,"score":0.650238037109375},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5453008413314819},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5253583788871765},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5076276063919067},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.4663490653038025},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40875837206840515},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38777026534080505},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3428955078125},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.10184681415557861},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/iscisc.2017.8488370","is_oa":false,"landing_page_url":"https://doi.org/10.1109/iscisc.2017.8488370","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2017 14th International ISC (Iranian Society of Cryptology) Conference on Information Security and Cryptology (ISCISC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7900000214576721,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":28,"referenced_works":["https://openalex.org/W8726526","https://openalex.org/W191098608","https://openalex.org/W1546505347","https://openalex.org/W1775772884","https://openalex.org/W1968185194","https://openalex.org/W1988741337","https://openalex.org/W1992713826","https://openalex.org/W2008066750","https://openalex.org/W2026621111","https://openalex.org/W2044439547","https://openalex.org/W2061455058","https://openalex.org/W2073119119","https://openalex.org/W2099452399","https://openalex.org/W2127195968","https://openalex.org/W2134385885","https://openalex.org/W2148913232","https://openalex.org/W2200832203","https://openalex.org/W2244479820","https://openalex.org/W2351618396","https://openalex.org/W2541577949","https://openalex.org/W2588675103","https://openalex.org/W2588857280","https://openalex.org/W6600334183","https://openalex.org/W6607784307","https://openalex.org/W6638021444","https://openalex.org/W6687883403","https://openalex.org/W6733655817","https://openalex.org/W6733861133"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2368745349","https://openalex.org/W2378449000","https://openalex.org/W2938399969","https://openalex.org/W3167675181","https://openalex.org/W2131575257","https://openalex.org/W3187581118","https://openalex.org/W3143747655","https://openalex.org/W2002178493","https://openalex.org/W2372005904"],"abstract_inverted_index":{"Botnets":[0],"are":[1,92],"known":[2],"to":[3,11,78],"be":[4],"one":[5],"of":[6,14,20,28,42,45,62,67,89,97,115,134,145],"the":[7,12,15,18,25,37,46,87,113,129,131],"most":[8,47],"serious":[9],"threats":[10],"security":[13],"Internet":[16],"and":[17,123,148],"future":[19],"cyberspace.":[21],"To":[22],"fight":[23],"against":[24],"formidable":[26],"force":[27],"these":[29,68],"cyber-criminal":[30],"tools,":[31],"numerous":[32],"research":[33],"works":[34],"appeared":[35],"in":[36,100,128,137],"literature":[38],"that":[39,91,107],"studied":[40],"detection":[41,52,61,121,139],"Botnets.":[43],"One":[44],"promising":[48],"approaches":[49],"is":[50,140],"network-based":[51],"using":[53],"machine-learning":[54],"tools.":[55],"These":[56],"methods":[57,69],"can":[58],"possibly":[59],"provide":[60],"new":[63],"unobserved":[64],"bots.":[65],"Most":[66],"conventionally":[70],"use":[71],"features":[72,90,109],"directly":[73],"extracted":[74,93],"from":[75,94],"network":[76,98],"flows":[77,99],"detect":[79],"infected":[80],"nodes.":[81],"In":[82],"our":[83,135],"study,":[84,130],"we":[85],"propose":[86],"utilization":[88],"a":[95,101,116],"set":[96],"fixed-length":[102],"time":[103],"interval.":[104],"We":[105],"argue":[106],"such":[108],"could":[110],"better":[111],"model":[112],"behavior":[114],"botnet,":[117],"thus,":[118],"providing":[119,143],"higher":[120],"rates":[122],"lower":[124],"false":[125],"alarms.":[126],"Also":[127],"significant":[132],"potential":[133],"method":[136],"bot":[138],"demonstrated":[141],"by":[142],"results":[144],"multiple":[146],"experiments":[147],"comparisons":[149],"with":[150],"similar":[151],"methods.":[152]},"counts_by_year":[{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}