{"id":"https://openalex.org/W1973980104","doi":"https://doi.org/10.1109/malware.2012.6461004","title":"Analysis and detection of malicious data exfiltration in web traffic","display_name":"Analysis and detection of malicious data exfiltration in web traffic","publication_year":2012,"publication_date":"2012-10-01","ids":{"openalex":"https://openalex.org/W1973980104","doi":"https://doi.org/10.1109/malware.2012.6461004","mag":"1973980104"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2012.6461004","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2012.6461004","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 7th International Conference on Malicious and Unwanted Software","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5046630893","display_name":"Areej Al-Bataineh","orcid":null},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Areej Al-Bataineh","raw_affiliation_strings":["Department of Computer Science, University of Texas, San Antonio, USA","Department of Computer Science University of Texas at San Antonio, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Texas, San Antonio, USA","institution_ids":["https://openalex.org/I45438204"]},{"raw_affiliation_string":"Department of Computer Science University of Texas at San Antonio, USA","institution_ids":["https://openalex.org/I45438204"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5109662382","display_name":"Gregory White","orcid":null},"institutions":[{"id":"https://openalex.org/I45438204","display_name":"The University of Texas at San Antonio","ror":"https://ror.org/01kd65564","country_code":"US","type":"education","lineage":["https://openalex.org/I45438204"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Gregory White","raw_affiliation_strings":["Department of Computer Science, University of Texas, San Antonio, USA","Department of Computer Science University of Texas at San Antonio, USA"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Texas, San Antonio, USA","institution_ids":["https://openalex.org/I45438204"]},{"raw_affiliation_string":"Department of Computer Science University of Texas at San Antonio, USA","institution_ids":["https://openalex.org/I45438204"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":2.6085,"has_fulltext":false,"cited_by_count":37,"citation_normalized_percentile":{"value":0.89597622,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"26","last_page":"31"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8752588033676147},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.813572883605957},{"id":"https://openalex.org/keywords/byte","display_name":"Byte","score":0.682952344417572},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.6236605048179626},{"id":"https://openalex.org/keywords/web-traffic","display_name":"Web traffic","score":0.5938834547996521},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5878756046295166},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5525423288345337},{"id":"https://openalex.org/keywords/obfuscation","display_name":"Obfuscation","score":0.48287370800971985},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.4668102264404297},{"id":"https://openalex.org/keywords/web-crawler","display_name":"Web crawler","score":0.45040732622146606},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4300461411476135},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.42789486050605774},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.22577163577079773},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.10806688666343689}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8752588033676147},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.813572883605957},{"id":"https://openalex.org/C43364308","wikidata":"https://www.wikidata.org/wiki/Q8799","display_name":"Byte","level":2,"score":0.682952344417572},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.6236605048179626},{"id":"https://openalex.org/C2777672014","wikidata":"https://www.wikidata.org/wiki/Q1172573","display_name":"Web traffic","level":3,"score":0.5938834547996521},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5878756046295166},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5525423288345337},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.48287370800971985},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.4668102264404297},{"id":"https://openalex.org/C13743948","wikidata":"https://www.wikidata.org/wiki/Q45842","display_name":"Web crawler","level":2,"score":0.45040732622146606},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4300461411476135},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.42789486050605774},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.22577163577079773},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.10806688666343689}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/malware.2012.6461004","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2012.6461004","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2012 7th International Conference on Malicious and Unwanted Software","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.5899999737739563,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":23,"referenced_works":["https://openalex.org/W191098608","https://openalex.org/W1553465615","https://openalex.org/W1559760877","https://openalex.org/W1583098994","https://openalex.org/W1585665690","https://openalex.org/W1827212170","https://openalex.org/W1916198581","https://openalex.org/W1964267679","https://openalex.org/W1990981691","https://openalex.org/W2100307718","https://openalex.org/W2116065364","https://openalex.org/W2126985156","https://openalex.org/W2133990480","https://openalex.org/W2151300580","https://openalex.org/W2161406213","https://openalex.org/W2183649713","https://openalex.org/W2993383518","https://openalex.org/W6607784307","https://openalex.org/W6633541016","https://openalex.org/W6634779276","https://openalex.org/W6638623425","https://openalex.org/W6640045118","https://openalex.org/W6685852406"],"related_works":["https://openalex.org/W2225089553","https://openalex.org/W4290996806","https://openalex.org/W2026621111","https://openalex.org/W260288676","https://openalex.org/W2198977010","https://openalex.org/W1608222975","https://openalex.org/W2464172239","https://openalex.org/W151092709","https://openalex.org/W1976462977","https://openalex.org/W2783693048"],"abstract_inverted_index":{"Data":[0],"stealing":[1,82,91,105],"botnets":[2,21],"pose":[3],"a":[4,26,98],"great":[5],"risk":[6],"to":[7,33,53,101],"the":[8,13,23,80,87,128],"security":[9],"of":[10,15,19,42,79,84,86,118,127],"networks":[11],"and":[12,57,114,133,144],"privacy":[14],"their":[16,55],"users.":[17],"Most":[18],"these":[20],"use":[22,48],"web":[24,37,108,145],"as":[25,123],"medium":[27],"for":[28],"communication,":[29],"making":[30,61,136],"them":[31],"difficult":[32],"detect":[34],"given":[35],"that":[36,66],"traffic":[38],"constitutes":[39],"about":[40],"70%":[41],"Internet":[43],"traffic.":[44,109],"In":[45,72,94],"addition,":[46,95],"they":[47],"obfuscation":[49],"techniques,":[50],"primarily":[51],"encryption,":[52],"hide":[54],"communications":[56],"data":[58,81,90,104],"exfiltration":[59],"attempts":[60,106],"current":[62],"botnet":[63],"detection":[64],"techniques":[65],"depend":[67],"on":[68],"content":[69],"inspection":[70],"ineffective.":[71],"this":[73],"paper,":[74],"we":[75,96],"present":[76],"an":[77],"analysis":[78],"behaviors":[83],"one":[85],"most":[88],"notorious":[89],"botnets,":[92],"Zeus.":[93],"propose":[97],"classification":[99],"algorithm":[100],"identify":[102],"malicious":[103],"within":[107],"Our":[110,125],"classifier":[111,129],"uses":[112],"entropy":[113],"byte":[115],"frequency":[116],"distribution":[117],"HTTP":[119],"POST":[120],"request":[121],"contents":[122],"features.":[124],"evaluation":[126],"shows":[130],"high":[131,134],"accuracy":[132],"efficiency":[135],"it":[137],"applicable":[138],"at":[139],"network":[140],"perimeter":[141],"monitoring":[142],"devices":[143],"proxies.":[146]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":7},{"year":2017,"cited_by_count":6},{"year":2016,"cited_by_count":3},{"year":2015,"cited_by_count":4},{"year":2014,"cited_by_count":3}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}