{"id":"https://openalex.org/W2288411737","doi":"https://doi.org/10.1109/malware.2015.7413691","title":"Stealthy malware traffic - Not as innocent as it looks","display_name":"Stealthy malware traffic - Not as innocent as it looks","publication_year":2015,"publication_date":"2015-10-01","ids":{"openalex":"https://openalex.org/W2288411737","doi":"https://doi.org/10.1109/malware.2015.7413691","mag":"2288411737"},"language":"en","primary_location":{"id":"doi:10.1109/malware.2015.7413691","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2015.7413691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1703.02200","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5052401358","display_name":"Xingsi Zhong","orcid":"https://orcid.org/0000-0003-1045-5220"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Xingsi Zhong","raw_affiliation_strings":["Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA"],"affiliations":[{"raw_affiliation_string":"Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA","institution_ids":["https://openalex.org/I8078737"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5102913309","display_name":"Yu Fu","orcid":"https://orcid.org/0000-0001-7949-0556"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yu Fu","raw_affiliation_strings":["Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA"],"affiliations":[{"raw_affiliation_string":"Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA","institution_ids":["https://openalex.org/I8078737"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103257491","display_name":"Lu Yu","orcid":"https://orcid.org/0000-0002-7235-9640"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lu Yu","raw_affiliation_strings":["Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA"],"affiliations":[{"raw_affiliation_string":"Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA","institution_ids":["https://openalex.org/I8078737"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5016131855","display_name":"Richard R. Brooks","orcid":"https://orcid.org/0000-0002-4240-4762"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Richard Brooks","raw_affiliation_strings":["Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA"],"affiliations":[{"raw_affiliation_string":"Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA","institution_ids":["https://openalex.org/I8078737"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5064203120","display_name":"Ganesh K. Venayagamoorthy","orcid":"https://orcid.org/0000-0003-3154-8119"},"institutions":[{"id":"https://openalex.org/I8078737","display_name":"Clemson University","ror":"https://ror.org/037s24f05","country_code":"US","type":"education","lineage":["https://openalex.org/I8078737"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"G. Kumar Venayagamoorthy","raw_affiliation_strings":["Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA"],"affiliations":[{"raw_affiliation_string":"Holcombe Department of Electrical and Computer Engineering, Clemson University, Clemson, SC, USA","institution_ids":["https://openalex.org/I8078737"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5052401358"],"corresponding_institution_ids":["https://openalex.org/I8078737"],"apc_list":null,"apc_paid":null,"fwci":4.0196,"has_fulltext":false,"cited_by_count":17,"citation_normalized_percentile":{"value":0.94542002,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"110","last_page":"116"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7016104459762573},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.656536340713501},{"id":"https://openalex.org/keywords/protocol","display_name":"Protocol (science)","score":0.6165356636047363},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6063056588172913},{"id":"https://openalex.org/keywords/handshake","display_name":"Handshake","score":0.5449619889259338},{"id":"https://openalex.org/keywords/encryption","display_name":"Encryption","score":0.5335730910301208},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4447183310985565},{"id":"https://openalex.org/keywords/countermeasure","display_name":"Countermeasure","score":0.443692684173584},{"id":"https://openalex.org/keywords/scada","display_name":"SCADA","score":0.4215792715549469},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17679372429847717}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7016104459762573},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.656536340713501},{"id":"https://openalex.org/C2780385302","wikidata":"https://www.wikidata.org/wiki/Q367158","display_name":"Protocol (science)","level":3,"score":0.6165356636047363},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6063056588172913},{"id":"https://openalex.org/C2778000800","wikidata":"https://www.wikidata.org/wiki/Q830043","display_name":"Handshake","level":3,"score":0.5449619889259338},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.5335730910301208},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4447183310985565},{"id":"https://openalex.org/C21593369","wikidata":"https://www.wikidata.org/wiki/Q1032176","display_name":"Countermeasure","level":2,"score":0.443692684173584},{"id":"https://openalex.org/C113863187","wikidata":"https://www.wikidata.org/wiki/Q17498","display_name":"SCADA","level":2,"score":0.4215792715549469},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17679372429847717},{"id":"https://openalex.org/C119599485","wikidata":"https://www.wikidata.org/wiki/Q43035","display_name":"Electrical engineering","level":1,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0},{"id":"https://openalex.org/C142724271","wikidata":"https://www.wikidata.org/wiki/Q7208","display_name":"Pathology","level":1,"score":0.0},{"id":"https://openalex.org/C151319957","wikidata":"https://www.wikidata.org/wiki/Q752739","display_name":"Asynchronous communication","level":2,"score":0.0},{"id":"https://openalex.org/C204787440","wikidata":"https://www.wikidata.org/wiki/Q188504","display_name":"Alternative medicine","level":2,"score":0.0},{"id":"https://openalex.org/C71924100","wikidata":"https://www.wikidata.org/wiki/Q11190","display_name":"Medicine","level":0,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/malware.2015.7413691","is_oa":false,"landing_page_url":"https://doi.org/10.1109/malware.2015.7413691","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1703.02200","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1703.02200","pdf_url":"https://arxiv.org/pdf/1703.02200","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1703.02200","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1703.02200","pdf_url":"https://arxiv.org/pdf/1703.02200","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":30,"referenced_works":["https://openalex.org/W343723671","https://openalex.org/W753768968","https://openalex.org/W1462349742","https://openalex.org/W1578388538","https://openalex.org/W1775772884","https://openalex.org/W1815005891","https://openalex.org/W1977415353","https://openalex.org/W1981049515","https://openalex.org/W1981325931","https://openalex.org/W1985776777","https://openalex.org/W1991209472","https://openalex.org/W2005708967","https://openalex.org/W2031211716","https://openalex.org/W2062656822","https://openalex.org/W2091644335","https://openalex.org/W2094522125","https://openalex.org/W2100374051","https://openalex.org/W2105862475","https://openalex.org/W2123243822","https://openalex.org/W2125838338","https://openalex.org/W2132450919","https://openalex.org/W2154798766","https://openalex.org/W4250706153","https://openalex.org/W4253573210","https://openalex.org/W4256393939","https://openalex.org/W6611692820","https://openalex.org/W6622007658","https://openalex.org/W6628628164","https://openalex.org/W6638021444","https://openalex.org/W6675051462"],"related_works":["https://openalex.org/W2358991869","https://openalex.org/W4285173741","https://openalex.org/W1486050759","https://openalex.org/W2309292492","https://openalex.org/W2735105689","https://openalex.org/W1482833264","https://openalex.org/W2615977515","https://openalex.org/W2106545930","https://openalex.org/W3207859108","https://openalex.org/W1981032420"],"abstract_inverted_index":{"Malware":[0],"is":[1,35,68,96,113],"constantly":[2],"evolving.":[3],"Although":[4],"existing":[5],"countermeasures":[6],"have":[7],"success":[8],"in":[9],"malware":[10],"detection,":[11],"corresponding":[12],"counter-countermeasures":[13],"are":[14],"always":[15],"emerging.":[16],"In":[17],"this":[18],"study,":[19],"a":[20,116],"counter-countermeasure":[21],"that":[22,92,115],"avoids":[23],"network-based":[24],"detection":[25],"approaches":[26],"by":[27,70,98],"camouflaging":[28],"malicious":[29],"traffic":[30,63,79,95],"as":[31,100],"an":[32],"innocuous":[33,58],"protocol":[34,53,59,106],"presented.":[36],"The":[37,65,88],"approach":[38,67],"includes":[39],"two":[40],"steps:":[41],"Traffic":[42],"format":[43],"transformation":[44],"and":[45,76,103],"side-channel":[46,109],"massage":[47],"(SCM).":[48],"Formattransforming":[49],"encryption":[50],"(FTE)":[51],"translates":[52],"syntax":[54],"to":[55],"mimic":[56],"another":[57],"while":[60],"SCM":[61],"obscures":[62],"side-channels.":[64],"proposed":[66],"illustrated":[69],"transforming":[71],"Zeus":[72],"botnet":[73],"(Zbot)":[74],"Command":[75],"Control":[77],"(C&C)":[78],"into":[80],"smart":[81,118],"grid":[82,119],"Phasor":[83,120],"Measurement":[84],"Unit":[85],"(PMU)":[86],"data.":[87,128],"experimental":[89],"results":[90],"show":[91],"the":[93,104,125],"transformed":[94,105],"identified":[97],"Wireshark":[99],"synchrophasor":[101],"protocol,":[102],"fools":[107],"current":[108],"attacks.":[110],"Moreover,":[111],"it":[112],"shown":[114],"real":[117],"Data":[121],"Concentrator":[122],"(PDC)":[123],"accepts":[124],"false":[126],"PMU":[127]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":1},{"year":2020,"cited_by_count":4},{"year":2018,"cited_by_count":6},{"year":2017,"cited_by_count":2},{"year":2016,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}