{"id":"https://openalex.org/W2961635701","doi":"https://doi.org/10.1109/isdfs.2019.8757555","title":"Thwarting C2 Communication of DGA-Based Malware using Process-level DNS Traffic Tracking","display_name":"Thwarting C2 Communication of DGA-Based Malware using Process-level DNS Traffic Tracking","publication_year":2019,"publication_date":"2019-06-01","ids":{"openalex":"https://openalex.org/W2961635701","doi":"https://doi.org/10.1109/isdfs.2019.8757555","mag":"2961635701"},"language":"en","primary_location":{"id":"doi:10.1109/isdfs.2019.8757555","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs.2019.8757555","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5042577114","display_name":"Anjali Menon","orcid":null},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Anjali Menon","raw_affiliation_strings":["Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, United States"],"affiliations":[{"raw_affiliation_string":"Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, United States","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5042577114"],"corresponding_institution_ids":["https://openalex.org/I157725225"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.09356334,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":96},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"5"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/blacklisting","display_name":"Blacklisting","score":0.9095040559768677},{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8555281162261963},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7956092357635498},{"id":"https://openalex.org/keywords/domain-name-system","display_name":"Domain Name System","score":0.7535059452056885},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7476292848587036},{"id":"https://openalex.org/keywords/blacklist","display_name":"Blacklist","score":0.6747965812683105},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.6576464176177979},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.6507911086082458},{"id":"https://openalex.org/keywords/domain-name","display_name":"Domain name","score":0.6352745890617371},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5837039947509766},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4914282560348511},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.4763795733451843},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.4242631196975708},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.41261452436447144},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.14808782935142517},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.12891411781311035},{"id":"https://openalex.org/keywords/telecommunications","display_name":"Telecommunications","score":0.09900370240211487}],"concepts":[{"id":"https://openalex.org/C2779797433","wikidata":"https://www.wikidata.org/wiki/Q632959","display_name":"Blacklisting","level":2,"score":0.9095040559768677},{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8555281162261963},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7956092357635498},{"id":"https://openalex.org/C35026560","wikidata":"https://www.wikidata.org/wiki/Q8767","display_name":"Domain Name System","level":3,"score":0.7535059452056885},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7476292848587036},{"id":"https://openalex.org/C2781345505","wikidata":"https://www.wikidata.org/wiki/Q2535979","display_name":"Blacklist","level":2,"score":0.6747965812683105},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.6576464176177979},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.6507911086082458},{"id":"https://openalex.org/C2988987868","wikidata":"https://www.wikidata.org/wiki/Q32635","display_name":"Domain name","level":3,"score":0.6352745890617371},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5837039947509766},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4914282560348511},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.4763795733451843},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.4242631196975708},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.41261452436447144},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.14808782935142517},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.12891411781311035},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.09900370240211487},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/isdfs.2019.8757555","is_oa":false,"landing_page_url":"https://doi.org/10.1109/isdfs.2019.8757555","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2019 7th International Symposium on Digital Forensics and Security (ISDFS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.47999998927116394,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[{"id":"https://openalex.org/F4320332222","display_name":"University of Illinois at Urbana-Champaign","ror":"https://ror.org/047426m28"}],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":11,"referenced_works":["https://openalex.org/W1561983441","https://openalex.org/W2410828832","https://openalex.org/W2464432954","https://openalex.org/W2487087946","https://openalex.org/W2546910111","https://openalex.org/W2786906486","https://openalex.org/W2890928763","https://openalex.org/W2900892325","https://openalex.org/W2968390691","https://openalex.org/W6633578641","https://openalex.org/W6719105664"],"related_works":["https://openalex.org/W2514488323","https://openalex.org/W2396434032","https://openalex.org/W4312347107","https://openalex.org/W4379616178","https://openalex.org/W1642214788","https://openalex.org/W2733931179","https://openalex.org/W2528956961","https://openalex.org/W1993468264","https://openalex.org/W2095479613","https://openalex.org/W2992107877"],"abstract_inverted_index":{"Many":[0],"modern":[1],"botnet":[2],"malwares":[3,28,61,157,189],"use":[4],"Domain":[5,78,211],"Generation":[6],"Algorithms":[7],"(DGAs)":[8],"to":[9,17,29,45,57,116,143,154,186,201],"dynamically":[10],"generate":[11],"the":[12,50,55,59,104,124,127,160,167,172,179,246],"domain":[13,107,120,232],"names":[14],"that":[15,140,242],"resolve":[16],"their":[18,64,193],"command":[19,65],"and":[20,66,219],"control":[21,67],"(C2)":[22,69],"centers.":[23],"This":[24],"approach":[25],"allows":[26],"these":[27,112],"subvert":[30],"traditional":[31],"detection":[32],"systems":[33],"which":[34,93,224],"rely":[35],"on":[36],"blacklists":[37],"of":[38,52,106,137,162,165,178,216,231],"known":[39,131],"domains":[40],"associated":[41],"with":[42,192],"malicious":[43,180],"activities":[44],"block":[46],"malware":[47],"communications.":[48],"Since":[49],"advent":[51],"DGA-based":[53,156,188],"malwares,":[54],"efforts":[56],"prevent":[58,187],"said":[60],"from":[62,171,190],"contacting":[63],"centers":[68,195],"server":[70],"have":[71,227],"been":[72],"centered":[73],"around":[74],"detecting":[75],"Algorithmically":[76],"Generated":[77],"Names":[79],"through":[80],"lexicographic":[81],"analysis,":[82],"isolating":[83,166],"entire":[84,168],"infected":[85,97,169,199,247],"devices":[86,98],"or":[87],"both.":[88],"Recent":[89],"research":[90],"has":[91],"emerged,":[92],"more":[94],"accurately":[95],"identifies":[96],"in":[99,245],"a":[100,134,138,151,238],"network,":[101],"by":[102,158,209],"monitoring":[103],"volumes":[105],"resolution":[108,233],"failures.":[109,234],"While":[110],"effective,":[111],"techniques":[113],"are":[114],"slow":[115],"identify":[117],"DGA":[118],"generated":[119],"names.":[121],"Even":[122],"after":[123],"delayed":[125],"identification,":[126],"only":[128],"preliminary":[129],"mitigation":[130],"today":[132],"is":[133,141,185],"complete":[135],"shutdown":[136],"device":[139,170,200,248],"suspected":[142],"be":[144],"infected.":[145],"In":[146],"this":[147,208],"paper,":[148],"we":[149,174],"present":[150],"new":[152],"method":[153],"counter":[155],"limiting":[159],"impact":[161],"mitigation.":[163],"Instead":[164],"network":[173,176],"limit":[175],"activity":[177],"process":[181,239],"alone.":[182],"Our":[183],"objective":[184],"communicating":[191],"C2":[194],"while":[196],"allowing":[197],"an":[198],"maintain":[202],"its":[203],"normal":[204],"functionality.":[205],"We":[206],"achieve":[207],"tracking":[210],"Name":[212],"Service":[213],"(DNS)":[214],"responses":[215],"individual":[217],"processes":[218,222,244],"blacklisting":[220,236],"those":[221],"for":[223],"DNS":[225],"traffic":[226],"abnormally":[228],"large":[229],"numbers":[230],"The":[235],"at":[237],"level":[240],"ensures":[241],"non-malicious":[243],"can":[249],"continue":[250],"functioning.":[251]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}