{"id":"https://openalex.org/W4386474119","doi":"https://doi.org/10.1109/lcn58197.2023.10223341","title":"Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study","display_name":"Detecting DoH-Based Data Exfiltration: FluBot Malware Case Study","publication_year":2023,"publication_date":"2023-09-06","ids":{"openalex":"https://openalex.org/W4386474119","doi":"https://doi.org/10.1109/lcn58197.2023.10223341"},"language":"en","primary_location":{"id":"doi:10.1109/lcn58197.2023.10223341","is_oa":false,"landing_page_url":"https://doi.org/10.1109/lcn58197.2023.10223341","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE 48th Conference on Local Computer Networks (LCN)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5039863059","display_name":"R.S. Rader","orcid":null},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":true,"raw_author_name":"Roman Rader","raw_affiliation_strings":["Brno University of Technology,Brno,Czechia","Brno University of Technology, Brno, Czechia"],"affiliations":[{"raw_affiliation_string":"Brno University of Technology,Brno,Czechia","institution_ids":["https://openalex.org/I60587646"]},{"raw_affiliation_string":"Brno University of Technology, Brno, Czechia","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084472511","display_name":"Kamil Je\u0159\u00e1bek","orcid":"https://orcid.org/0000-0002-5317-9222"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Kamil Jerabek","raw_affiliation_strings":["Brno University of Technology,Brno,Czechia","Brno University of Technology, Brno, Czechia"],"affiliations":[{"raw_affiliation_string":"Brno University of Technology,Brno,Czechia","institution_ids":["https://openalex.org/I60587646"]},{"raw_affiliation_string":"Brno University of Technology, Brno, Czechia","institution_ids":["https://openalex.org/I60587646"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5001527809","display_name":"Ond\u0159ej Ry\u0161av\u00fd","orcid":"https://orcid.org/0000-0001-9652-6418"},"institutions":[{"id":"https://openalex.org/I60587646","display_name":"Brno University of Technology","ror":"https://ror.org/03613d656","country_code":"CZ","type":"education","lineage":["https://openalex.org/I60587646"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Ondrej Rysavy","raw_affiliation_strings":["Brno University of Technology,Brno,Czechia","Brno University of Technology, Brno, Czechia"],"affiliations":[{"raw_affiliation_string":"Brno University of Technology,Brno,Czechia","institution_ids":["https://openalex.org/I60587646"]},{"raw_affiliation_string":"Brno University of Technology, Brno, Czechia","institution_ids":["https://openalex.org/I60587646"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5039863059"],"corresponding_institution_ids":["https://openalex.org/I60587646"],"apc_list":null,"apc_paid":null,"fwci":0.61,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.65769544,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"4"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.867057740688324},{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.8458756804466248},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8079864978790283},{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.6523650884628296},{"id":"https://openalex.org/keywords/android-malware","display_name":"Android malware","score":0.5988600850105286},{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.4365988075733185},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4363318681716919},{"id":"https://openalex.org/keywords/false-positive-rate","display_name":"False positive rate","score":0.4262761175632477},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.413968950510025},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.40771380066871643},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.25210505723953247},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.21768763661384583}],"concepts":[{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.867057740688324},{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.8458756804466248},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8079864978790283},{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.6523650884628296},{"id":"https://openalex.org/C2989133298","wikidata":"https://www.wikidata.org/wiki/Q94","display_name":"Android malware","level":3,"score":0.5988600850105286},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.4365988075733185},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4363318681716919},{"id":"https://openalex.org/C95922358","wikidata":"https://www.wikidata.org/wiki/Q5432725","display_name":"False positive rate","level":2,"score":0.4262761175632477},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.413968950510025},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.40771380066871643},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.25210505723953247},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.21768763661384583}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/lcn58197.2023.10223341","is_oa":false,"landing_page_url":"https://doi.org/10.1109/lcn58197.2023.10223341","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 IEEE 48th Conference on Local Computer Networks (LCN)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320315323","display_name":"Technology Agency of the Czech Republic","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":7,"referenced_works":["https://openalex.org/W1595868485","https://openalex.org/W3080354144","https://openalex.org/W3105087971","https://openalex.org/W3199534252","https://openalex.org/W4281687072","https://openalex.org/W4317564457","https://openalex.org/W4327767779"],"related_works":["https://openalex.org/W2033352828","https://openalex.org/W2355810117","https://openalex.org/W3200050756","https://openalex.org/W4286977168","https://openalex.org/W2804929458","https://openalex.org/W2213145342","https://openalex.org/W4294403277","https://openalex.org/W2580312136","https://openalex.org/W2041976134","https://openalex.org/W2153381881"],"abstract_inverted_index":{"This":[0],"paper":[1],"presents":[2],"a":[3,31,44,61,93,102,128],"novel":[4],"approach":[5],"for":[6],"detecting":[7],"the":[8,41,75,80,86],"FluBot":[9,37,81,97,124],"malware,":[10,125],"an":[11,65],"advanced":[12],"Android":[13],"banking":[14],"Trojan":[15],"that":[16,110],"has":[17],"been":[18],"observed":[19],"in":[20,23,101,120],"active":[21],"attacks":[22],"2021":[24],"and":[25,117],"2022.":[26],"The":[27,57,106],"proposed":[28],"method":[29],"uses":[30,60],"two-layer":[32],"detection":[33,71,118],"mechanism":[34],"to":[35,50,73],"identify":[36],"network":[38,98],"connections.":[39],"In":[40],"first":[42],"layer,":[43],"machine":[45],"learning":[46],"algorithm":[47,69,72],"is":[48],"used":[49,92],"detect":[51],"DNS-over-HTTPS":[52],"(DoH)":[53],"within":[54],"Netflow":[55],"records.":[56],"second":[58],"layer":[59],"modified":[62],"version":[63],"of":[64,88,96,123],"existing":[66],"domain":[67],"generation":[68],"(DGA)":[70],"target":[74],"DoH":[76,112],"connections":[77],"associated":[78],"with":[79],"malware":[82],"specifically.":[83],"To":[84],"evaluate":[85],"effectiveness":[87],"this":[89],"approach,":[90],"we":[91],"dataset":[94],"consisting":[95],"traffic":[99],"captured":[100],"controlled":[103],"sandbox":[104],"environment.":[105],"preliminary":[107],"results":[108],"show":[109],"our":[111],"classifier":[113],"achieves":[114],"high":[115],"accuracy":[116],"rates":[119],"identifying":[121],"instances":[122],"while":[126],"maintaining":[127],"low":[129],"false":[130],"positive":[131],"rate.":[132]},"counts_by_year":[{"year":2024,"cited_by_count":3}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}