{"id":"https://openalex.org/W2973142416","doi":"https://doi.org/10.1109/tii.2019.2940742","title":"ConnSpoiler: Disrupting C&amp;C Communication of IoT-Based Botnet Through Fast Detection of Anomalous Domain Queries","display_name":"ConnSpoiler: Disrupting C&amp;C Communication of IoT-Based Botnet Through Fast Detection of Anomalous Domain Queries","publication_year":2019,"publication_date":"2019-09-11","ids":{"openalex":"https://openalex.org/W2973142416","doi":"https://doi.org/10.1109/tii.2019.2940742","mag":"2973142416"},"language":"en","primary_location":{"id":"doi:10.1109/tii.2019.2940742","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2019.2940742","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100411650","display_name":"Lihua Yin","orcid":"https://orcid.org/0000-0001-8829-4442"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Lihua Yin","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101981612","display_name":"Xi Luo","orcid":"https://orcid.org/0000-0002-4677-9430"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xi Luo","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038265266","display_name":"Chunsheng Zhu","orcid":"https://orcid.org/0000-0001-8041-0197"},"institutions":[{"id":"https://openalex.org/I3045169105","display_name":"Southern University of Science and Technology","ror":"https://ror.org/049tv2d57","country_code":"CN","type":"education","lineage":["https://openalex.org/I3045169105"]},{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chunsheng Zhu","raw_affiliation_strings":["PCL Research Center of Networks and Communications, Peng Cheng Laboratory, Shenzhen, China","SUSTech Institute of Future Networks, Southern University of Science and Technology, Shenzhen, China"],"affiliations":[{"raw_affiliation_string":"PCL Research Center of Networks and Communications, Peng Cheng Laboratory, Shenzhen, China","institution_ids":["https://openalex.org/I4210136793"]},{"raw_affiliation_string":"SUSTech Institute of Future Networks, Southern University of Science and Technology, Shenzhen, China","institution_ids":["https://openalex.org/I3045169105"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100436492","display_name":"Limin Wang","orcid":"https://orcid.org/0000-0001-9618-9239"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Liming Wang","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5083915362","display_name":"Zhen Xu","orcid":"https://orcid.org/0000-0001-7011-3236"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhen Xu","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101486498","display_name":"Hui Lu","orcid":"https://orcid.org/0000-0002-4120-7716"},"institutions":[{"id":"https://openalex.org/I37987034","display_name":"Guangzhou University","ror":"https://ror.org/05ar8rn06","country_code":"CN","type":"education","lineage":["https://openalex.org/I37987034"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hui Lu","raw_affiliation_strings":["Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Institute of Advanced Technology, Guangzhou University, Guangzhou, China","institution_ids":["https://openalex.org/I37987034"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100411650"],"corresponding_institution_ids":["https://openalex.org/I37987034"],"apc_list":null,"apc_paid":null,"fwci":8.3557,"has_fulltext":false,"cited_by_count":68,"citation_normalized_percentile":{"value":0.9791464,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"16","issue":"2","first_page":"1373","last_page":"1384"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994999766349792,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9784362316131592},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.8616911768913269},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.804290771484375},{"id":"https://openalex.org/keywords/server","display_name":"Server","score":0.6441857814788818},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5730555057525635},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5388893485069275},{"id":"https://openalex.org/keywords/internet-of-things","display_name":"Internet of Things","score":0.5317208766937256},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5299476385116577},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4720733165740967},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.46140187978744507},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.38506683707237244},{"id":"https://openalex.org/keywords/distributed-computing","display_name":"Distributed computing","score":0.32572704553604126},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.161189466714859}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9784362316131592},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.8616911768913269},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.804290771484375},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.6441857814788818},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5730555057525635},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5388893485069275},{"id":"https://openalex.org/C81860439","wikidata":"https://www.wikidata.org/wiki/Q251212","display_name":"Internet of Things","level":2,"score":0.5317208766937256},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5299476385116577},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4720733165740967},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.46140187978744507},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.38506683707237244},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.32572704553604126},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.161189466714859},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tii.2019.2940742","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2019.2940742","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.6399999856948853,"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1385053764","display_name":null,"funder_award_id":"61872420","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1899389134","display_name":null,"funder_award_id":"2018YFB0803504","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"},{"id":"https://openalex.org/G306953338","display_name":null,"funder_award_id":"61872100","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5389229631","display_name":null,"funder_award_id":"2018YFB2100400","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W4861383","https://openalex.org/W1561983441","https://openalex.org/W1583098994","https://openalex.org/W1744212210","https://openalex.org/W1954903228","https://openalex.org/W2008066750","https://openalex.org/W2015917933","https://openalex.org/W2055234825","https://openalex.org/W2136495567","https://openalex.org/W2141971016","https://openalex.org/W2160566431","https://openalex.org/W2410828832","https://openalex.org/W2464432954","https://openalex.org/W2528500008","https://openalex.org/W2546910111","https://openalex.org/W2588126298","https://openalex.org/W2614419969","https://openalex.org/W2748868501","https://openalex.org/W2750680860","https://openalex.org/W2758096849","https://openalex.org/W2775033655","https://openalex.org/W2786991412","https://openalex.org/W2806161436","https://openalex.org/W2808681425","https://openalex.org/W2889547652","https://openalex.org/W2890928763","https://openalex.org/W2898516715","https://openalex.org/W2907369926","https://openalex.org/W2919470885","https://openalex.org/W2931991156","https://openalex.org/W2949341542","https://openalex.org/W2963273426","https://openalex.org/W4234559128","https://openalex.org/W6633578641","https://openalex.org/W6634779276","https://openalex.org/W6640663528","https://openalex.org/W6719105664","https://openalex.org/W6728635635","https://openalex.org/W6729497825","https://openalex.org/W6743493502","https://openalex.org/W6743799543"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W4230824443","https://openalex.org/W2038807247","https://openalex.org/W2097156747","https://openalex.org/W1599449514","https://openalex.org/W2559738661","https://openalex.org/W2898126008","https://openalex.org/W86804927"],"abstract_inverted_index":{"The":[0],"development":[1],"of":[2,4,11,39,57,73,82,105,150],"Internet":[3],"Things":[5],"(IoT)":[6],"dramatically":[7],"facilitates":[8],"the":[9,15,49,55,63,71,74,79,103,129,154,165,172],"integration":[10],"computing":[12],"systems":[13],"with":[14,43,52],"physical":[16],"world.":[17],"However,":[18],"as":[19],"IoT":[20,131],"devices":[21,156,213],"are":[22,215],"more":[23],"easy":[24],"to":[25,35,61,69,120,163,175,185],"compromise":[26],"than":[27],"desktop":[28],"computers,":[29],"cybercriminals":[30],"have":[31],"founded":[32],"IoT-based":[33,58,99],"botnets":[34,100],"launch":[36],"Distributed":[37],"Denial":[38],"Service":[40],"(DDoS)":[41],"attacks":[42],"unprecedented":[44],"traffic":[45],"volume.":[46],"To":[47],"mitigate":[48],"damages":[50],"associated":[51],"these":[53],"attacks,":[54],"detection":[56],"botnet":[59],"has":[60,144],"preempt":[62],"command":[64],"and":[65,123,178,207],"control":[66],"(C&C)":[67],"communication":[68],"prevent":[70,164],"delivery":[72],"attack":[75],"codes.":[76],"Motivated":[77],"by":[78,101,217],"extensively":[80],"implementation":[81],"domain":[83],"generation":[84],"algorithm":[85],"in":[86,88,110],"botnets,":[87],"this":[89],"article,":[90],"we":[91],"propose":[92],"ConnSpoiler,":[93],"a":[94,111,135,145],"lightweight":[95],"system":[96,118],"that":[97,209,214],"detects":[98],"identifying":[102],"stream":[104],"algorithmically":[106],"generated":[107],"domains":[108,174],"(AGDs)":[109],"fast":[112],"way.":[113],"ConnSpoiler":[114,143,169,194],"only":[115,170],"needs":[116],"negligible":[117],"resources":[119],"take":[121,176],"effect":[122,177],"thus":[124],"can":[125,161],"execute":[126],"well":[127],"on":[128,196],"resource-restraint":[130],"devices.":[132],"By":[133],"outfitting":[134],"powerful":[136],"statistical":[137],"algorithm,":[138],"i.e.,":[139],"threshold":[140],"random":[141],"walk,":[142],"high":[146],"probability":[147],"(about":[148],"94%)":[149],"detecting":[151],"infection":[152],"before":[153],"compromised":[155,216],"connect":[157],"C&C":[158],"servers,":[159],"which":[160],"help":[162],"succeeding":[166],"attacks.":[167],"Moreover,":[168],"requires":[171],"benign":[173],"therefore":[179],"does":[180],"not":[181],"need":[182],"extra":[183],"effort":[184],"label":[186],"malicious":[187],"samples":[188],"for":[189],"training":[190],"phase.":[191],"We":[192],"evaluate":[193],"based":[195],"real-world":[197],"DNS":[198],"traffics":[199],"collected":[200],"from":[201],"two":[202],"different":[203],"large":[204],"ISP":[205],"networks":[206],"show":[208],"it":[210],"accurately":[211],"identifies":[212],"unknown":[218],"botnets.":[219]},"counts_by_year":[{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":6},{"year":2023,"cited_by_count":8},{"year":2022,"cited_by_count":13},{"year":2021,"cited_by_count":13},{"year":2020,"cited_by_count":19}],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-10T00:00:00"}