{"id":"https://openalex.org/W3157122743","doi":"https://doi.org/10.1109/wcnc49053.2021.9417570","title":"Identifying DGA Malware via Behavior Analysis","display_name":"Identifying DGA Malware via Behavior Analysis","publication_year":2021,"publication_date":"2021-03-29","ids":{"openalex":"https://openalex.org/W3157122743","doi":"https://doi.org/10.1109/wcnc49053.2021.9417570","mag":"3157122743"},"language":"en","primary_location":{"id":"doi:10.1109/wcnc49053.2021.9417570","is_oa":false,"landing_page_url":"https://doi.org/10.1109/wcnc49053.2021.9417570","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Wireless Communications and Networking Conference (WCNC)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5090713660","display_name":"Xiaodong Zang","orcid":"https://orcid.org/0000-0002-8377-5877"},"institutions":[{"id":"https://openalex.org/I202126657","display_name":"Qufu Normal University","ror":"https://ror.org/03ceheh96","country_code":"CN","type":"education","lineage":["https://openalex.org/I202126657"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiaodong Zang","raw_affiliation_strings":["QUFU NORMAL University, QUFU, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"QUFU NORMAL University, QUFU, China","institution_ids":["https://openalex.org/I202126657"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069379086","display_name":"Jian Gong","orcid":"https://orcid.org/0000-0001-5786-713X"},"institutions":[{"id":"https://openalex.org/I76569877","display_name":"Southeast University","ror":"https://ror.org/04ct4d772","country_code":"CN","type":"education","lineage":["https://openalex.org/I76569877"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jian Gong","raw_affiliation_strings":["Southeast University, NanJing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Southeast University, NanJing, China","institution_ids":["https://openalex.org/I76569877"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5054900975","display_name":"Ping Zong","orcid":"https://orcid.org/0000-0003-1748-1683"},"institutions":[{"id":"https://openalex.org/I41198531","display_name":"Nanjing University of Posts and Telecommunications","ror":"https://ror.org/043bpky34","country_code":"CN","type":"education","lineage":["https://openalex.org/I41198531"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Ping Zong","raw_affiliation_strings":["Nanjing University Of Posts And Telecommunications, NanJing, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University Of Posts And Telecommunications, NanJing, China","institution_ids":["https://openalex.org/I41198531"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.3207,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.59386244,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"6"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/netflow","display_name":"NetFlow","score":0.9384435415267944},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7628395557403564},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.745768666267395},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.6339778900146484},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5844877362251282},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.5128257870674133},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.5029808878898621},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4851123094558716},{"id":"https://openalex.org/keywords/false-positive-paradox","display_name":"False positive paradox","score":0.48230767250061035},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.47845029830932617},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.4757021367549896},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4398777484893799},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.42787033319473267},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.42002612352371216},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.360421359539032},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.28597313165664673},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.27762025594711304},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.09138879179954529}],"concepts":[{"id":"https://openalex.org/C188067584","wikidata":"https://www.wikidata.org/wiki/Q219363","display_name":"NetFlow","level":2,"score":0.9384435415267944},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7628395557403564},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.745768666267395},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.6339778900146484},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5844877362251282},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.5128257870674133},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.5029808878898621},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4851123094558716},{"id":"https://openalex.org/C64869954","wikidata":"https://www.wikidata.org/wiki/Q1859747","display_name":"False positive paradox","level":2,"score":0.48230767250061035},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.47845029830932617},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.4757021367549896},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4398777484893799},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.42787033319473267},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.42002612352371216},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.360421359539032},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.28597313165664673},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.27762025594711304},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.09138879179954529},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/wcnc49053.2021.9417570","is_oa":false,"landing_page_url":"https://doi.org/10.1109/wcnc49053.2021.9417570","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2021 IEEE Wireless Communications and Networking Conference (WCNC)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[{"id":"https://openalex.org/F4320313559","display_name":"CERN","ror":"https://ror.org/01ggx4157"},{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320337504","display_name":"Research and Development","ror":"https://ror.org/027s68j25"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":15,"referenced_works":["https://openalex.org/W4861383","https://openalex.org/W1976866799","https://openalex.org/W2008066750","https://openalex.org/W2166870846","https://openalex.org/W2239778906","https://openalex.org/W2401054255","https://openalex.org/W2464432954","https://openalex.org/W2528500008","https://openalex.org/W2743402300","https://openalex.org/W2890928763","https://openalex.org/W2988067895","https://openalex.org/W2995346162","https://openalex.org/W3011866104","https://openalex.org/W6713023146","https://openalex.org/W6719105664"],"related_works":["https://openalex.org/W2929621094","https://openalex.org/W1996006176","https://openalex.org/W4285325964","https://openalex.org/W4230824443","https://openalex.org/W2038807247","https://openalex.org/W2184748140","https://openalex.org/W2097156747","https://openalex.org/W2110675786","https://openalex.org/W2559738661","https://openalex.org/W2023981610"],"abstract_inverted_index":{"The":[0],"behavior":[1,11,20,80,103,185],"of":[2,12,21,27,59,87,120,123,128,135,142,147,152,181,192,196],"the":[3,10,13,18,25,28,94,97,100,105,118,121,130,133,145,153,158,179],"domain":[4,29,51,159],"name":[5],"is":[6,169],"actually":[7],"demonstrated":[8],"by":[9,116],"IP":[14,155,182],"address.":[15],"By":[16],"observing":[17],"traffic":[19,88,184],"their":[22],"resolved":[23,154],"IPs,":[24],"maliciousness":[26],"names":[30,160],"can":[31,187],"be":[32],"further":[33],"divided.":[34],"Deep":[35],"packets":[36],"inspection,":[37],"reverse":[38],"engineering":[39],"and":[40,56,104,114,144],"other":[41],"approaches":[42],"based":[43],"on":[44],"clustering":[45],"technique":[46],"in":[47,62,125,139],"detecting":[48],"malware":[49,78,194],"using":[50,117],"generation":[52],"algorithms(DGA)":[53],"are":[54,90,111],"inefficient":[55],"with":[57],"lots":[58],"false":[60],"positives":[61],"large-scale":[63],"networks.":[64],"To":[65],"address":[66,183],"these":[67],"challenges,":[68],"this":[69],"paper":[70],"introduces":[71],"a":[72],"novel":[73],"idea":[74],"to":[75,157,171],"identify":[76],"DGA-based":[77,193],"via":[79],"analysis.":[81],"More":[82],"specifically,":[83],"four":[84],"different":[85],"types":[86],"behaviors":[89,110],"focused,":[91],"such":[92],"as":[93],"rhythmic":[95],"behavior,":[96,99],"cyclical":[98],"access":[101,131],"stable":[102],"service":[106],"diversity":[107],"behavior.":[108],"These":[109],"characterized,":[112],"modeled":[113],"evaluated":[115],"metrics":[119],"number":[122,134,146],"flows":[124],"each":[126,140],"period":[127,141],"time,":[129],"interval,":[132],"corresponding":[136,156],"communication":[137],"IPs":[138],"time":[143],"application":[148,180],"types.":[149],"NetFlow":[150],"data":[151],"collected":[161],"from":[162],"China":[163],"Education":[164],"Research":[165],"Network":[166],"backbone":[167],"(CERNET)":[168],"applied":[170],"verify":[172],"our":[173],"proposal.":[174],"Experimental":[175],"results":[176],"demonstrate":[177],"that":[178],"analysis":[186],"detect":[188],"C&":[189],"C":[190],"channels":[191],"regardless":[195],"its":[197],"payload":[198],"content.":[199]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}