{"id":"https://openalex.org/W2469580049","doi":"https://doi.org/10.1109/noms.2016.7502964","title":"How to choose from different botnet detection systems?","display_name":"How to choose from different botnet detection systems?","publication_year":2016,"publication_date":"2016-04-01","ids":{"openalex":"https://openalex.org/W2469580049","doi":"https://doi.org/10.1109/noms.2016.7502964","mag":"2469580049"},"language":"en","primary_location":{"id":"doi:10.1109/noms.2016.7502964","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms.2016.7502964","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5062570225","display_name":"Fariba Haddadi","orcid":"https://orcid.org/0000-0001-7940-5550"},"institutions":[{"id":"https://openalex.org/I129902397","display_name":"Dalhousie University","ror":"https://ror.org/01e6qks80","country_code":"CA","type":"education","lineage":["https://openalex.org/I129902397"]}],"countries":["CA"],"is_corresponding":true,"raw_author_name":"Fariba Haddadi","raw_affiliation_strings":["Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","institution_ids":["https://openalex.org/I129902397"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5036788743","display_name":"Duong-Tien Phan","orcid":null},"institutions":[{"id":"https://openalex.org/I129902397","display_name":"Dalhousie University","ror":"https://ror.org/01e6qks80","country_code":"CA","type":"education","lineage":["https://openalex.org/I129902397"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"Duong-Tien Phan","raw_affiliation_strings":["Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","institution_ids":["https://openalex.org/I129902397"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5008462534","display_name":"A. Nur Zincir\u2010Heywood","orcid":"https://orcid.org/0000-0003-2796-7265"},"institutions":[{"id":"https://openalex.org/I129902397","display_name":"Dalhousie University","ror":"https://ror.org/01e6qks80","country_code":"CA","type":"education","lineage":["https://openalex.org/I129902397"]}],"countries":["CA"],"is_corresponding":false,"raw_author_name":"A. Nur Zincir-Heywood","raw_affiliation_strings":["Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada"],"affiliations":[{"raw_affiliation_string":"Faculty of Computer Science, Dalhousie University, Halifax, NS, Canada","institution_ids":["https://openalex.org/I129902397"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5062570225"],"corresponding_institution_ids":["https://openalex.org/I129902397"],"apc_list":null,"apc_paid":null,"fwci":1.4477,"has_fulltext":false,"cited_by_count":12,"citation_normalized_percentile":{"value":0.83866367,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"1079","last_page":"1084"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9801385402679443},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.8078066110610962},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7592135667800903},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5427423119544983},{"id":"https://openalex.org/keywords/feature-extraction","display_name":"Feature extraction","score":0.5150722861289978},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4691789448261261},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4458930790424347},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.38661056756973267},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3381996750831604},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.1407814621925354},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.06977716088294983}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9801385402679443},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.8078066110610962},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7592135667800903},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5427423119544983},{"id":"https://openalex.org/C52622490","wikidata":"https://www.wikidata.org/wiki/Q1026626","display_name":"Feature extraction","level":2,"score":0.5150722861289978},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4691789448261261},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4458930790424347},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.38661056756973267},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3381996750831604},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.1407814621925354},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.06977716088294983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/noms.2016.7502964","is_oa":false,"landing_page_url":"https://doi.org/10.1109/noms.2016.7502964","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"NOMS 2016 - 2016 IEEE/IFIP Network Operations and Management Symposium","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.4300000071525574}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":17,"referenced_works":["https://openalex.org/W191098608","https://openalex.org/W757277879","https://openalex.org/W1587106557","https://openalex.org/W1737793783","https://openalex.org/W1916198581","https://openalex.org/W2071436263","https://openalex.org/W2101737524","https://openalex.org/W2159909072","https://openalex.org/W2188584537","https://openalex.org/W2331488455","https://openalex.org/W2406037958","https://openalex.org/W2751318774","https://openalex.org/W3037625526","https://openalex.org/W4247117628","https://openalex.org/W6607784307","https://openalex.org/W6687341372","https://openalex.org/W6713761039"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W2901835651","https://openalex.org/W2883616266","https://openalex.org/W186576250","https://openalex.org/W2002178493","https://openalex.org/W2372254325","https://openalex.org/W3005861778","https://openalex.org/W2185627654","https://openalex.org/W3160314615"],"abstract_inverted_index":{"Given":[0],"that":[1],"botnets":[2,27],"represent":[3],"one":[4],"of":[5,26,41,76,98,107,117],"the":[6,23,29,39,49,96],"most":[7],"aggressive":[8],"threats":[9],"against":[10],"cybersecurity,":[11],"various":[12],"detection":[13,33,42,78,109],"approaches":[14],"have":[15],"been":[16],"studied.":[17],"However,":[18],"whichever":[19],"approach":[20],"is":[21,111],"used,":[22],"evolving":[24],"nature":[25],"and":[28,55,70],"required":[30],"pre-defined":[31],"botnet":[32,88],"rule":[34,52],"sets":[35,90],"employed":[36],"may":[37],"affect":[38],"performance":[40,75],"systems.":[43],"In":[44],"this":[45],"work,":[46],"we":[47],"explore":[48],"effectiveness":[50],"two":[51,56],"based":[53,60,69],"systems":[54,79,100],"machine":[57],"learning":[58],"(ML)":[59],"techniques":[61],"with":[62],"different":[63],"feature":[64],"extraction":[65],"methods":[66],"(packet":[67],"payload":[68],"traffic":[71],"flow":[72],"based).":[73],"The":[74],"these":[77,99],"range":[80],"from":[81],"0%":[82],"to":[83,103],"100%":[84],"on":[85],"thirteen":[86],"public":[87],"data":[89],"(i.e.":[91],"CTU-13).":[92],"We":[93],"further":[94],"analyze":[95],"performances":[97],"in":[101],"order":[102],"understand":[104],"which":[105,115],"type":[106,116],"a":[108],"system":[110],"more":[112],"effective":[113],"for":[114],"an":[118],"application.":[119]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2022,"cited_by_count":1},{"year":2021,"cited_by_count":2},{"year":2020,"cited_by_count":3},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":1},{"year":2017,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}