{"id":"https://openalex.org/W2054298352","doi":"https://doi.org/10.1109/issa.2012.6320433","title":"Geo-spatial autocorrelation as a metric for the detection of Fast-Flux botnet domains","display_name":"Geo-spatial autocorrelation as a metric for the detection of Fast-Flux botnet domains","publication_year":2012,"publication_date":"2012-08-01","ids":{"openalex":"https://openalex.org/W2054298352","doi":"https://doi.org/10.1109/issa.2012.6320433","mag":"2054298352"},"language":"en","primary_location":{"id":"doi:10.1109/issa.2012.6320433","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2012.6320433","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 Information Security for South Africa","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5035500626","display_name":"Etienne Stalmans","orcid":null},"institutions":[{"id":"https://openalex.org/I203238179","display_name":"Rhodes University","ror":"https://ror.org/016sewp10","country_code":"ZA","type":"education","lineage":["https://openalex.org/I203238179"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Etienne Stalmans","raw_affiliation_strings":["Security and Networks Research Group, Department of Computer Science, Rhodes University, Grahamstown, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Security and Networks Research Group, Department of Computer Science, Rhodes University, Grahamstown, South Africa","institution_ids":["https://openalex.org/I203238179"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5034238641","display_name":"Samuel Oswald Hunter","orcid":null},"institutions":[{"id":"https://openalex.org/I203238179","display_name":"Rhodes University","ror":"https://ror.org/016sewp10","country_code":"ZA","type":"education","lineage":["https://openalex.org/I203238179"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Samuel Oswald Hunter","raw_affiliation_strings":["Security and Networks Research Group, Department of Computer Science, Rhodes University, Grahamstown, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Security and Networks Research Group, Department of Computer Science, Rhodes University, Grahamstown, South Africa","institution_ids":["https://openalex.org/I203238179"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054384302","display_name":"Barry Irwin","orcid":"https://orcid.org/0000-0002-2727-2124"},"institutions":[{"id":"https://openalex.org/I203238179","display_name":"Rhodes University","ror":"https://ror.org/016sewp10","country_code":"ZA","type":"education","lineage":["https://openalex.org/I203238179"]}],"countries":["ZA"],"is_corresponding":false,"raw_author_name":"Barry Irwin","raw_affiliation_strings":["Security and Networks Research Group, Department of Computer Science, Rhodes University, Grahamstown, South Africa"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Security and Networks Research Group, Department of Computer Science, Rhodes University, Grahamstown, South Africa","institution_ids":["https://openalex.org/I203238179"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.7453,"has_fulltext":false,"cited_by_count":5,"citation_normalized_percentile":{"value":0.74100858,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9825083017349243},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.8951371908187866},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.744253933429718},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6918109655380249},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.6278981566429138},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.484497994184494},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.4275692105293274},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.3900219798088074},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.2464061677455902},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.17318806052207947},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.10535067319869995}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9825083017349243},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.8951371908187866},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.744253933429718},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6918109655380249},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.6278981566429138},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.484497994184494},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.4275692105293274},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3900219798088074},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.2464061677455902},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.17318806052207947},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.10535067319869995}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/issa.2012.6320433","is_oa":false,"landing_page_url":"https://doi.org/10.1109/issa.2012.6320433","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 Information Security for South Africa","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W80155331","https://openalex.org/W1979601924","https://openalex.org/W2084983099","https://openalex.org/W2131697133","https://openalex.org/W2132449179","https://openalex.org/W2141786660","https://openalex.org/W2149701633","https://openalex.org/W2574519416","https://openalex.org/W4245139676","https://openalex.org/W6603260413"],"related_works":["https://openalex.org/W2771198651","https://openalex.org/W3004371238","https://openalex.org/W2934080905","https://openalex.org/W1883521032","https://openalex.org/W2054298352","https://openalex.org/W2738000821","https://openalex.org/W1954903228","https://openalex.org/W3080777947","https://openalex.org/W142852360","https://openalex.org/W3034640547"],"abstract_inverted_index":{"Botnets":[0],"consist":[1,82],"of":[2,4,63,83,91,111,120,163],"thousands":[3],"hosts":[5,14,27],"infected":[6,26],"with":[7,12],"malware.":[8],"Botnet":[9,54],"owners":[10,31,55],"communicate":[11],"these":[13,64],"using":[15,137],"Command":[16],"and":[17,129,145],"Control":[18],"(C2)":[19],"servers.":[20,53],"These":[21],"C2":[22,52],"servers":[23,81,122],"are":[24,132,166],"usually":[25],"which":[28,98],"the":[29,51,78,109,117],"botnet":[30],"do":[32],"not":[33],"have":[34,56,101],"physical":[35],"access":[36],"to.":[37],"For":[38],"this":[39],"reason":[40],"botnets":[41,93],"can":[42,154],"be":[43,155],"shut":[44],"down":[45],"by":[46,77],"taking":[47],"over":[48],"or":[49],"blocking":[50],"employed":[57],"numerous":[58],"shutdown":[59],"avoidance":[60],"techniques.":[61],"One":[62],"techniques,":[65],"DNS":[66,80],"Fast-Flux,":[67],"relies":[68],"on":[69,116],"rapidly":[70],"changing":[71],"address":[72],"records.":[73],"The":[74,88],"addresses":[75],"returned":[76],"Fast-Flux":[79,92,125,152],"geographically":[84,102],"widely":[85],"distributed":[86,89],"hosts.":[87],"nature":[90],"differs":[94],"from":[95],"legitimate":[96],"domains,":[97],"tend":[99],"to":[100,123,134,142],"clustered":[103],"server":[104],"locations.":[105],"This":[106],"paper":[107],"examines":[108],"use":[110],"spatial":[112],"autocorrelation":[113],"techniques":[114],"based":[115],"geographic":[118,139],"distribution":[119],"domain":[121],"detect":[124],"domains.":[126],"Moran's":[127],"I":[128],"Geary's":[130],"C":[131],"used":[133],"produce":[135,143],"classifiers":[136],"multiple":[138],"co-ordinate":[140],"systems":[141],"efficient":[144],"accurate":[146],"results.":[147],"It":[148],"is":[149],"shown":[150],"how":[151],"domains":[153],"detected":[156],"reliably":[157],"while":[158],"only":[159],"a":[160],"small":[161],"percentage":[162],"false":[164],"positives":[165],"produced.":[167]},"counts_by_year":[{"year":2022,"cited_by_count":1},{"year":2020,"cited_by_count":1},{"year":2018,"cited_by_count":1},{"year":2015,"cited_by_count":1},{"year":2013,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}