{"id":"https://openalex.org/W2536601910","doi":"https://doi.org/10.1109/malware.2014.6999414","title":"PsyBoG: Power spectral density analysis for detecting botnet groups","display_name":"PsyBoG: Power spectral density analysis for detecting botnet groups","publication_year":2014,"publication_date":"2014-10-01","ids":{"openalex":"https://openalex.org/W2536601910","doi":"https://doi.org/10.1109/malware.2014.6999414","mag":"2536601910"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2014.6999414","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2014.6999414","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5055794339","display_name":"Jonghoon Kwon","orcid":"https://orcid.org/0000-0002-3853-242X"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":true,"raw_author_name":"Jonghoon Kwon","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062852652","display_name":"Jeongsik Kim","orcid":"https://orcid.org/0000-0002-2729-6003"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jeongsik Kim","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071785436","display_name":"Je-Hyun Lee","orcid":"https://orcid.org/0000-0001-9660-4033"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Jehyun Lee","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101630726","display_name":"Heejo Lee","orcid":"https://orcid.org/0000-0002-5831-0787"},"institutions":[{"id":"https://openalex.org/I197347611","display_name":"Korea University","ror":"https://ror.org/047dqcg40","country_code":"KR","type":"education","lineage":["https://openalex.org/I197347611"]}],"countries":["KR"],"is_corresponding":false,"raw_author_name":"Heejo Lee","raw_affiliation_strings":["Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea"],"affiliations":[{"raw_affiliation_string":"Dept. of Computer Science and Engineering, Korea University, Seoul, Republic of Korea","institution_ids":["https://openalex.org/I197347611"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5056518136","display_name":"Adrian Perrig","orcid":"https://orcid.org/0000-0002-5280-5412"},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":false,"raw_author_name":"Adrian Perrig","raw_affiliation_strings":["Institute of Information Security ETH Zurich, Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"Institute of Information Security ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5055794339"],"corresponding_institution_ids":["https://openalex.org/I197347611"],"apc_list":null,"apc_paid":null,"fwci":0.6896,"has_fulltext":false,"cited_by_count":15,"citation_normalized_percentile":{"value":0.7731101,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.99493008852005},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7478359341621399},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.7454177141189575},{"id":"https://openalex.org/keywords/spamming","display_name":"Spamming","score":0.6186033487319946},{"id":"https://openalex.org/keywords/evasion","display_name":"Evasion (ethics)","score":0.5512962937355042},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5426607131958008},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5319148898124695},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.49688175320625305},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4393320083618164},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.4310373067855835},{"id":"https://openalex.org/keywords/host","display_name":"Host (biology)","score":0.4300185739994049},{"id":"https://openalex.org/keywords/deep-packet-inspection","display_name":"Deep packet inspection","score":0.4232117235660553},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.18465465307235718},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.08848467469215393}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.99493008852005},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7478359341621399},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.7454177141189575},{"id":"https://openalex.org/C158955206","wikidata":"https://www.wikidata.org/wiki/Q83058","display_name":"Spamming","level":3,"score":0.6186033487319946},{"id":"https://openalex.org/C2781251061","wikidata":"https://www.wikidata.org/wiki/Q5416089","display_name":"Evasion (ethics)","level":3,"score":0.5512962937355042},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5426607131958008},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5319148898124695},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.49688175320625305},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4393320083618164},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.4310373067855835},{"id":"https://openalex.org/C126831891","wikidata":"https://www.wikidata.org/wiki/Q221673","display_name":"Host (biology)","level":2,"score":0.4300185739994049},{"id":"https://openalex.org/C204679922","wikidata":"https://www.wikidata.org/wiki/Q734252","display_name":"Deep packet inspection","level":3,"score":0.4232117235660553},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.18465465307235718},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.08848467469215393},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C8891405","wikidata":"https://www.wikidata.org/wiki/Q1059","display_name":"Immune system","level":2,"score":0.0},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C203014093","wikidata":"https://www.wikidata.org/wiki/Q101929","display_name":"Immunology","level":1,"score":0.0},{"id":"https://openalex.org/C18903297","wikidata":"https://www.wikidata.org/wiki/Q7150","display_name":"Ecology","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/malware.2014.6999414","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2014.6999414","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.6600000262260437}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":32,"referenced_works":["https://openalex.org/W27994497","https://openalex.org/W47988595","https://openalex.org/W191098608","https://openalex.org/W1531782611","https://openalex.org/W1583098994","https://openalex.org/W1594972289","https://openalex.org/W1775772884","https://openalex.org/W1809063480","https://openalex.org/W1909110254","https://openalex.org/W1932621476","https://openalex.org/W1954903228","https://openalex.org/W2000412410","https://openalex.org/W2021753915","https://openalex.org/W2059078968","https://openalex.org/W2082550445","https://openalex.org/W2087995184","https://openalex.org/W2120256168","https://openalex.org/W2126881776","https://openalex.org/W2144242878","https://openalex.org/W2157949690","https://openalex.org/W2164348526","https://openalex.org/W2561380899","https://openalex.org/W4299328742","https://openalex.org/W6601890406","https://openalex.org/W6607784307","https://openalex.org/W6631877889","https://openalex.org/W6634779276","https://openalex.org/W6635614179","https://openalex.org/W6638021444","https://openalex.org/W6640663528","https://openalex.org/W6655902396","https://openalex.org/W6843793546"],"related_works":["https://openalex.org/W2124355208","https://openalex.org/W4307740390","https://openalex.org/W4230824443","https://openalex.org/W2038807247","https://openalex.org/W2097156747","https://openalex.org/W2559738661","https://openalex.org/W4205698284","https://openalex.org/W2176994834","https://openalex.org/W1481472066","https://openalex.org/W3005900565"],"abstract_inverted_index":{"Botnets":[0],"are":[1],"widely":[2],"used":[3],"for":[4,50],"acquiring":[5],"economic":[6],"profits,":[7],"by":[8,71,109,157],"launching":[9],"attacks":[10],"such":[11,57],"as":[12,58],"distributed":[13],"denial-of-service":[14],"(DDoS),":[15],"identification":[16],"theft,":[17],"ad-ware":[18],"installation,":[19],"mass":[20],"spamming,":[21],"and":[22,65,151,184,192],"click":[23],"frauds.":[24],"Many":[25],"approaches":[26],"have":[27,48],"been":[28],"proposed":[29],"to":[30,106,123,140],"detect":[31,107,141],"botnet,":[32],"which":[33,53],"rely":[34],"on":[35,40],"end-host":[36],"installations":[37],"or":[38,77],"operate":[39],"network":[41,174],"traffic":[42,89,155],"with":[43,197],"deep":[44],"packet":[45,59],"inspection.":[46],"They":[47],"limitations":[49],"detecting":[51],"botnets":[52,108,143],"use":[54],"evasion":[55,147],"techniques":[56],"encryption,":[60],"fast":[61],"flux,":[62],"dynamic":[63],"DNS":[64,131,167],"DGA.":[66],"Sporadic":[67],"botnet":[68,195],"behavior":[69,150],"caused":[70],"disconnecting":[72],"the":[73,125,129,153,165],"power":[74],"of":[75,93,133,145],"system":[76],"botnet's":[78],"own":[79],"nature":[80],"also":[81],"brings":[82],"unignorable":[83],"false":[84,94,199],"detection.":[85],"Furthermore,":[86],"normal":[87,158],"user's":[88],"causes":[90],"a":[91,101,171],"lot":[92],"alarms.":[95],"In":[96],"this":[97],"paper,":[98],"we":[99,163],"propose":[100],"novel":[102],"approach":[103],"called":[104],"PsyBoG":[105,113,188],"capturing":[110],"periodic":[111,130],"activities.":[112],"leverages":[114],"signal":[115],"processing":[116],"techniques,":[117,148],"PSD":[118,136],"(Power":[119],"Spectral":[120],"Density)":[121],"analysis,":[122],"discover":[124],"major":[126],"frequencies":[127],"from":[128,170],"queries":[132],"botnets.":[134],"The":[135],"analysis":[137],"allows":[138],"us":[139],"sophisticated":[142],"irrespective":[144],"their":[146],"sporadic":[149],"even":[152],"noise":[154],"generated":[156],"users.":[159],"To":[160],"evaluate":[161],"PsyBoG,":[162],"utilize":[164],"real-world":[166],"traces":[168],"collected":[169],"/16":[172],"campus":[173],"including":[175],"more":[176],"than":[177],"48,046K":[178],"queries,":[179],"34K":[180],"distinct":[181],"IP":[182],"addresses":[183],"146K":[185],"domains.":[186],"Finally,":[187],"caught":[189],"19":[190],"unknown":[191],"6":[193],"known":[194],"groups":[196],"0.1%":[198],"positives.":[200]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":2},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":2},{"year":2016,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}