{"id":"https://openalex.org/W3198054520","doi":"https://doi.org/10.1109/tii.2021.3108464","title":"Concept Drift Analysis by Dynamic Residual Projection for Effectively Detecting Botnet Cyber-Attacks in IoT Scenarios","display_name":"Concept Drift Analysis by Dynamic Residual Projection for Effectively Detecting Botnet Cyber-Attacks in IoT Scenarios","publication_year":2021,"publication_date":"2021-08-30","ids":{"openalex":"https://openalex.org/W3198054520","doi":"https://doi.org/10.1109/tii.2021.3108464","mag":"3198054520"},"language":"en","primary_location":{"id":"doi:10.1109/tii.2021.3108464","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2021.3108464","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5060230528","display_name":"Hanli Qiao","orcid":"https://orcid.org/0000-0002-2433-9741"},"institutions":[{"id":"https://openalex.org/I38706770","display_name":"Guilin University of Technology","ror":"https://ror.org/03z391397","country_code":"CN","type":"education","lineage":["https://openalex.org/I38706770"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Hanli Qiao","raw_affiliation_strings":["College of Science, Guilin University of Technology, Center for Data Analysis and Algorithm Technology, Guilin, China"],"affiliations":[{"raw_affiliation_string":"College of Science, Guilin University of Technology, Center for Data Analysis and Algorithm Technology, Guilin, China","institution_ids":["https://openalex.org/I38706770"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011127779","display_name":"Boris Novikov","orcid":"https://orcid.org/0000-0003-4657-0757"},"institutions":[{"id":"https://openalex.org/I118501908","display_name":"National Research University Higher School of Economics","ror":"https://ror.org/055f7t516","country_code":"RU","type":"education","lineage":["https://openalex.org/I118501908"]}],"countries":["RU"],"is_corresponding":false,"raw_author_name":"Boris Novikov","raw_affiliation_strings":["National Research University Higher School of Economics (HSE University), St. Petersburg, Russia"],"affiliations":[{"raw_affiliation_string":"National Research University Higher School of Economics (HSE University), St. Petersburg, Russia","institution_ids":["https://openalex.org/I118501908"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5039614631","display_name":"Jan Olaf Blech","orcid":"https://orcid.org/0000-0003-3840-0811"},"institutions":[{"id":"https://openalex.org/I9927081","display_name":"Aalto University","ror":"https://ror.org/020hwjq30","country_code":"FI","type":"education","lineage":["https://openalex.org/I9927081"]}],"countries":["FI"],"is_corresponding":false,"raw_author_name":"Jan Olaf Blech","raw_affiliation_strings":["School of Electrical Engineering, Aalto University, Espoo, Finland"],"affiliations":[{"raw_affiliation_string":"School of Electrical Engineering, Aalto University, Espoo, Finland","institution_ids":["https://openalex.org/I9927081"]}]}],"institutions":[],"countries_distinct_count":3,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5060230528"],"corresponding_institution_ids":["https://openalex.org/I38706770"],"apc_list":null,"apc_paid":null,"fwci":4.301,"has_fulltext":false,"cited_by_count":47,"citation_normalized_percentile":{"value":0.94390566,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":96,"max":100},"biblio":{"volume":"18","issue":"6","first_page":"3692","last_page":"3701"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12761","display_name":"Data Stream Mining Techniques","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9980000257492065,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8098273277282715},{"id":"https://openalex.org/keywords/residual","display_name":"Residual","score":0.6768418550491333},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.6562336683273315},{"id":"https://openalex.org/keywords/concept-drift","display_name":"Concept drift","score":0.6402772068977356},{"id":"https://openalex.org/keywords/data-stream-mining","display_name":"Data stream mining","score":0.6334102153778076},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5458593368530273},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.54014652967453},{"id":"https://openalex.org/keywords/constant-false-alarm-rate","display_name":"Constant false alarm rate","score":0.5384665727615356},{"id":"https://openalex.org/keywords/data-stream","display_name":"Data stream","score":0.5375015735626221},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.5214516520500183},{"id":"https://openalex.org/keywords/projection","display_name":"Projection (relational algebra)","score":0.4618811309337616},{"id":"https://openalex.org/keywords/cloud-computing","display_name":"Cloud computing","score":0.45069369673728943},{"id":"https://openalex.org/keywords/false-alarm","display_name":"False alarm","score":0.42150044441223145},{"id":"https://openalex.org/keywords/sliding-window-protocol","display_name":"Sliding window protocol","score":0.4114944338798523},{"id":"https://openalex.org/keywords/cyber-attack","display_name":"Cyber-attack","score":0.4108218550682068},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.36366191506385803},{"id":"https://openalex.org/keywords/window","display_name":"Window (computing)","score":0.26291781663894653},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.21567419171333313},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.18295595049858093},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.10710346698760986}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8098273277282715},{"id":"https://openalex.org/C155512373","wikidata":"https://www.wikidata.org/wiki/Q287450","display_name":"Residual","level":2,"score":0.6768418550491333},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.6562336683273315},{"id":"https://openalex.org/C60777511","wikidata":"https://www.wikidata.org/wiki/Q3045002","display_name":"Concept drift","level":3,"score":0.6402772068977356},{"id":"https://openalex.org/C89198739","wikidata":"https://www.wikidata.org/wiki/Q3079880","display_name":"Data stream mining","level":2,"score":0.6334102153778076},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5458593368530273},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.54014652967453},{"id":"https://openalex.org/C77052588","wikidata":"https://www.wikidata.org/wiki/Q644307","display_name":"Constant false alarm rate","level":2,"score":0.5384665727615356},{"id":"https://openalex.org/C2778484313","wikidata":"https://www.wikidata.org/wiki/Q1172540","display_name":"Data stream","level":2,"score":0.5375015735626221},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.5214516520500183},{"id":"https://openalex.org/C57493831","wikidata":"https://www.wikidata.org/wiki/Q3134666","display_name":"Projection (relational algebra)","level":2,"score":0.4618811309337616},{"id":"https://openalex.org/C79974875","wikidata":"https://www.wikidata.org/wiki/Q483639","display_name":"Cloud computing","level":2,"score":0.45069369673728943},{"id":"https://openalex.org/C2776836416","wikidata":"https://www.wikidata.org/wiki/Q1364844","display_name":"False alarm","level":2,"score":0.42150044441223145},{"id":"https://openalex.org/C102392041","wikidata":"https://www.wikidata.org/wiki/Q592860","display_name":"Sliding window protocol","level":3,"score":0.4114944338798523},{"id":"https://openalex.org/C201307755","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber-attack","level":2,"score":0.4108218550682068},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.36366191506385803},{"id":"https://openalex.org/C2778751112","wikidata":"https://www.wikidata.org/wiki/Q835016","display_name":"Window (computing)","level":2,"score":0.26291781663894653},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.21567419171333313},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.18295595049858093},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.10710346698760986},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tii.2021.3108464","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tii.2021.3108464","pdf_url":null,"source":{"id":"https://openalex.org/S184777250","display_name":"IEEE Transactions on Industrial Informatics","issn_l":"1551-3203","issn":["1551-3203","1941-0050"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Industrial Informatics","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Life below water","score":0.8500000238418579,"id":"https://metadata.un.org/sdg/14"}],"awards":[{"id":"https://openalex.org/G7661095377","display_name":null,"funder_award_id":"2020GXNSFBA297011","funder_id":"https://openalex.org/F4320322768","funder_display_name":"Natural Science Foundation of Guangxi Province"},{"id":"https://openalex.org/G8336904280","display_name":null,"funder_award_id":"61862019","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320322768","display_name":"Natural Science Foundation of Guangxi Province","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W161970714","https://openalex.org/W433644524","https://openalex.org/W1689711448","https://openalex.org/W1904826605","https://openalex.org/W2068835593","https://openalex.org/W2150581013","https://openalex.org/W2252617635","https://openalex.org/W2289463038","https://openalex.org/W2400184102","https://openalex.org/W2552178666","https://openalex.org/W2580715962","https://openalex.org/W2586432806","https://openalex.org/W2588336250","https://openalex.org/W2604808495","https://openalex.org/W2768696376","https://openalex.org/W2804522644","https://openalex.org/W2806697149","https://openalex.org/W2809054032","https://openalex.org/W2901312569","https://openalex.org/W2910314742","https://openalex.org/W2911505293","https://openalex.org/W2921573932","https://openalex.org/W2921608598","https://openalex.org/W2944122571","https://openalex.org/W2962621836","https://openalex.org/W2963748489","https://openalex.org/W2990495437","https://openalex.org/W2991507433","https://openalex.org/W3005260862","https://openalex.org/W3006526650","https://openalex.org/W3014810737","https://openalex.org/W3015744214","https://openalex.org/W3016307237","https://openalex.org/W3017341171","https://openalex.org/W3024476475","https://openalex.org/W3035366542","https://openalex.org/W3095531713","https://openalex.org/W3109979169","https://openalex.org/W3119833890","https://openalex.org/W3132230013","https://openalex.org/W6606588654"],"related_works":["https://openalex.org/W127192698","https://openalex.org/W1567139212","https://openalex.org/W2940903377","https://openalex.org/W4229924696","https://openalex.org/W3108897387","https://openalex.org/W4386121812","https://openalex.org/W4307392573","https://openalex.org/W2912132049","https://openalex.org/W2186919162","https://openalex.org/W2899726586"],"abstract_inverted_index":{"IoT":[0,59,84],"devices":[1,11],"typically":[2],"stream":[3],"data":[4,166],"such":[5],"as":[6],"sensor":[7],"values":[8],"to":[9,27,71,99,154,189,195,204,223],"other":[10],"including":[12],"cloud-based":[13],"services.":[14],"Analyzing":[15,34],"these":[16],"streams":[17,35],"for":[18],"cyber-attacks":[19,73],"is":[20,25,138,171,201],"a":[21,142,145],"challenging":[22],"task.":[23],"This":[24],"due":[26],"the":[28,63,67,75,97,101,108,117,151,160,168,176,181,186,190,196,216,224],"infinite":[29],"nature":[30],"of":[31,80,91,96,162,218],"stream-based":[32],"datatypes.":[33],"can":[36],"require":[37],"additional":[38],"real-time":[39],"processing":[40],"and":[41,82,211,229],"computational":[42],"performance":[43,128],"capabilities.":[44],"In":[45,193],"this":[46],"article,":[47],"we":[48,65],"focus":[49],"on":[50,74,150],"how":[51],"concept":[52,68,102,121,135,156],"drifts":[53],"affect":[54],"Botnet":[55],"cyber-attack":[56],"detection":[57,111],"in":[58,165,185],"scenarios.":[60],"To":[61],"reveal":[62],"result,":[64],"incorporate":[66],"drift":[69,103,122,136,157],"analysis":[70,137],"detect":[72],"Bot-IoT":[76,98,197],"dataset,":[77,198],"which":[78],"consists":[79],"legitimate":[81],"simulated":[83],"network":[85],"traffics,":[86],"together":[87],"with":[88,116,221],"various":[89],"types":[90],"attacks.":[92],"We":[93,124,140],"designed":[94],"subdatasets":[95],"ensure":[100],"occurs":[104],"that":[105],"eventually":[106],"complete":[107],"experiments.":[109],"The":[110,213],"accuracies":[112],"improved":[113],"15%\u201326%":[114],"compared":[115],"classification":[118],"models":[119],"without":[120],"analysis.":[123,158],"also":[125,202],"gain":[126],"superior":[127],"results":[129,214],"by":[130,174,180],"comparing":[131,175],"confusion":[132],"matrices":[133],"when":[134],"ongoing.":[139],"propose":[141],"technique":[143],"featuring":[144],"dynamic":[146],"sliding":[147],"window":[148,188],"based":[149],"residual":[152,182],"projection":[153,183],"perform":[155],"During":[159],"process":[161],"finding":[163],"concepts":[164],"streams,":[167],"sample":[169],"number":[170],"updated":[172],"dynamically":[173],"anomalous":[177],"quantity":[178],"obtained":[179],"method":[184,200,220],"current":[187],"previous":[191],"one.":[192],"addition":[194],"our":[199,219],"applied":[203],"two":[205],"popular":[206],"synthetic":[207],"datasets":[208],"SEA":[209],"Concept":[210],"UG-2C-5D.":[212],"demonstrate":[215],"effectiveness":[217],"respect":[222],"false":[225],"alarm":[226],"rate,":[227],"misses,":[228],"average":[230],"delay.":[231]},"counts_by_year":[{"year":2026,"cited_by_count":6},{"year":2025,"cited_by_count":14},{"year":2024,"cited_by_count":13},{"year":2023,"cited_by_count":11},{"year":2022,"cited_by_count":3}],"updated_date":"2026-03-27T14:29:43.386196","created_date":"2025-10-10T00:00:00"}