{"id":"https://openalex.org/W4312400385","doi":"https://doi.org/10.1109/mnet.127.2200280","title":"A Malicious Domains Detection Method Based on File Sandbox Traffic","display_name":"A Malicious Domains Detection Method Based on File Sandbox Traffic","publication_year":2022,"publication_date":"2022-11-03","ids":{"openalex":"https://openalex.org/W4312400385","doi":"https://doi.org/10.1109/mnet.127.2200280"},"language":"en","primary_location":{"id":"doi:10.1109/mnet.127.2200280","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mnet.127.2200280","pdf_url":null,"source":{"id":"https://openalex.org/S186584794","display_name":"IEEE Network","issn_l":"0890-8044","issn":["0890-8044","1558-156X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Network","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5082144617","display_name":"Daojing He","orcid":"https://orcid.org/0000-0002-3820-8128"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Daojing He","raw_affiliation_strings":["Harbin Institute of Technology, Shenzhen, China"],"raw_orcid":"https://orcid.org/0000-0002-3820-8128","affiliations":[{"raw_affiliation_string":"Harbin Institute of Technology, Shenzhen, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5085033173","display_name":"Jiayu Dai","orcid":"https://orcid.org/0000-0001-7423-7500"},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiayu Dai","raw_affiliation_strings":["Software Engineering Institute, East China Normal University, Shanghai, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5109589989","display_name":"Hongjie Gu","orcid":null},"institutions":[{"id":"https://openalex.org/I66867065","display_name":"East China Normal University","ror":"https://ror.org/02n96ep67","country_code":"CN","type":"education","lineage":["https://openalex.org/I66867065"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hongjie Gu","raw_affiliation_strings":["Software Engineering Institute, East China Normal University, Shanghai, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Software Engineering Institute, East China Normal University, Shanghai, China","institution_ids":["https://openalex.org/I66867065"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100540458","display_name":"Shanshan Zhu","orcid":null},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shanshan Zhu","raw_affiliation_strings":["Harbin Institute of Technology, Shenzhen, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Harbin Institute of Technology, Shenzhen, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5091879207","display_name":"Sammy Chan","orcid":"https://orcid.org/0000-0002-8524-229X"},"institutions":[{"id":"https://openalex.org/I168719708","display_name":"City University of Hong Kong","ror":"https://ror.org/03q8dnn23","country_code":"HK","type":"education","lineage":["https://openalex.org/I168719708"]}],"countries":["HK"],"is_corresponding":false,"raw_author_name":"Sammy Chan","raw_affiliation_strings":["Department of Electrical Engineering, City University of Hong Kong, Hong Kong, SAR, China"],"raw_orcid":"https://orcid.org/0000-0002-8524-229X","affiliations":[{"raw_affiliation_string":"Department of Electrical Engineering, City University of Hong Kong, Hong Kong, SAR, China","institution_ids":["https://openalex.org/I168719708"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069706913","display_name":"Jingyong Su","orcid":"https://orcid.org/0000-0003-3216-7027"},"institutions":[{"id":"https://openalex.org/I204983213","display_name":"Harbin Institute of Technology","ror":"https://ror.org/01yqg2h08","country_code":"CN","type":"education","lineage":["https://openalex.org/I204983213"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jingyong Su","raw_affiliation_strings":["Harbin Institute of Technology, Shenzhen, China"],"raw_orcid":"https://orcid.org/0000-0003-3216-7027","affiliations":[{"raw_affiliation_string":"Harbin Institute of Technology, Shenzhen, China","institution_ids":["https://openalex.org/I204983213"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5057916222","display_name":"Mohsen Guizani","orcid":"https://orcid.org/0000-0002-8972-8094"},"institutions":[{"id":"https://openalex.org/I4210113480","display_name":"Mohamed bin Zayed University of Artificial Intelligence","ror":"https://ror.org/0258gkt32","country_code":"AE","type":"education","lineage":["https://openalex.org/I4210113480"]}],"countries":["AE"],"is_corresponding":false,"raw_author_name":"Mohsen Guizani","raw_affiliation_strings":["Mohamed bin Zayed University of Artificial Intelligence (MBZUAI), Abu Dhabi, UAE"],"raw_orcid":"https://orcid.org/0000-0002-8972-8094","affiliations":[{"raw_affiliation_string":"Mohamed bin Zayed University of Artificial Intelligence (MBZUAI), Abu Dhabi, UAE","institution_ids":["https://openalex.org/I4210113480"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5082144617"],"corresponding_institution_ids":["https://openalex.org/I204983213"],"apc_list":null,"apc_paid":null,"fwci":0.2853,"has_fulltext":false,"cited_by_count":2,"citation_normalized_percentile":{"value":0.59463871,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":"37","issue":"6","first_page":"182","last_page":"188"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9988999962806702,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/sandbox","display_name":"Sandbox (software development)","score":0.9681870937347412},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8089073896408081},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7988015413284302},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.5340180993080139},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4219970107078552},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3402640223503113},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3376926779747009},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.13670682907104492}],"concepts":[{"id":"https://openalex.org/C167981075","wikidata":"https://www.wikidata.org/wiki/Q2667186","display_name":"Sandbox (software development)","level":2,"score":0.9681870937347412},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8089073896408081},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7988015413284302},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.5340180993080139},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4219970107078552},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3402640223503113},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3376926779747009},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.13670682907104492},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/mnet.127.2200280","is_oa":false,"landing_page_url":"https://doi.org/10.1109/mnet.127.2200280","pdf_url":null,"source":{"id":"https://openalex.org/S186584794","display_name":"IEEE Network","issn_l":"0890-8044","issn":["0890-8044","1558-156X"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Network","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.699999988079071,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":16,"referenced_works":["https://openalex.org/W2604314403","https://openalex.org/W2617704558","https://openalex.org/W2618530766","https://openalex.org/W2889547652","https://openalex.org/W2957819551","https://openalex.org/W3087318471","https://openalex.org/W3140854437","https://openalex.org/W3150692941","https://openalex.org/W3152893301","https://openalex.org/W3185198511","https://openalex.org/W4210517283","https://openalex.org/W4221148418","https://openalex.org/W4225795409","https://openalex.org/W4241614753","https://openalex.org/W6767173058","https://openalex.org/W6810423172"],"related_works":["https://openalex.org/W2033352828","https://openalex.org/W3208250511","https://openalex.org/W2355810117","https://openalex.org/W3098313552","https://openalex.org/W70177500","https://openalex.org/W2546418048","https://openalex.org/W2076427967","https://openalex.org/W2034129977","https://openalex.org/W1745773915","https://openalex.org/W2765820957"],"abstract_inverted_index":{"With":[0],"the":[1,49,57,89,126],"recent":[2],"increasing":[3],"number":[4],"of":[5,31,51,120,128],"malicious":[6,15,32,54,65,137],"cyber":[7,26],"activities":[8],"using":[9,107,129],"domain":[10,71],"names":[11],"as":[12],"attack":[13],"vectors,":[14],"domains":[16,33,55,66,138],"must":[17],"be":[18],"detected":[19],"and":[20,53,87,114],"blocked":[21],"in":[22,56],"order":[23],"to":[24,37,95,99],"combat":[25],"attackers.":[27],"However,":[28],"current":[29],"studies":[30],"detection":[34,67,97],"are":[35,105],"limited":[36],"Domain":[38],"Name":[39],"System":[40],"(DNS)":[41],"traffic":[42,86,135],"features":[43,73,131],"or":[44],"character":[45],"features,":[46],"which":[47],"ignore":[48],"associations":[50],"malware":[52],"detection.":[58,139],"In":[59],"this":[60],"paper,":[61],"we":[62],"propose":[63],"a":[64],"approach":[68,116],"based":[69,83],"on":[70,84],"relationship":[72,102,130],"extracted":[74,109,132],"from":[75,110,133],"real":[76,111],"sandbox":[77,85,112,134],"traffic.":[78],"We":[79],"construct":[80],"heterogeneous":[81],"graphs":[82],"use":[88],"Relational":[90],"Graph":[91],"Convolutional":[92],"Network":[93],"(RGCN)":[94],"build":[96],"models":[98],"extract":[100],"inter-node":[101],"features.":[103],"Experiments":[104],"conducted":[106],"data":[108],"traffic,":[113],"our":[115],"achieves":[117],"an":[118],"accuracy":[119],"87.11%.":[121],"The":[122],"experimental":[123],"results":[124],"demonstrate":[125],"effectiveness":[127],"for":[136]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}