{"id":"https://openalex.org/W7126173075","doi":"https://doi.org/10.1109/raid67961.2025.00042","title":"The Persistent Threat of DGA-Domains Used by Botnets","display_name":"The Persistent Threat of DGA-Domains Used by Botnets","publication_year":2025,"publication_date":"2025-10-19","ids":{"openalex":"https://openalex.org/W7126173075","doi":"https://doi.org/10.1109/raid67961.2025.00042"},"language":null,"primary_location":{"id":"doi:10.1109/raid67961.2025.00042","is_oa":false,"landing_page_url":"https://doi.org/10.1109/raid67961.2025.00042","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063993176","display_name":"Arthur Drichel","orcid":null},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Arthur Drichel","raw_affiliation_strings":["RWTH Aachen University"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University","institution_ids":["https://openalex.org/I887968799"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5124411981","display_name":"Ulrike Meyer","orcid":null},"institutions":[{"id":"https://openalex.org/I887968799","display_name":"RWTH Aachen University","ror":"https://ror.org/04xfq0f34","country_code":"DE","type":"education","lineage":["https://openalex.org/I887968799"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Ulrike Meyer","raw_affiliation_strings":["RWTH Aachen University"],"affiliations":[{"raw_affiliation_string":"RWTH Aachen University","institution_ids":["https://openalex.org/I887968799"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5063993176"],"corresponding_institution_ids":["https://openalex.org/I887968799"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.75388708,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"506","last_page":"522"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8787999749183655,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.8787999749183655,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.02539999969303608,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.012900000438094139,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9876999855041504},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.5498999953269958},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4982999861240387},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.3402999937534332},{"id":"https://openalex.org/keywords/cyber-threats","display_name":"Cyber threats","score":0.3319999873638153}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9876999855041504},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7444000244140625},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.5922999978065491},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.5498999953269958},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4982999861240387},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.3402999937534332},{"id":"https://openalex.org/C3018725008","wikidata":"https://www.wikidata.org/wiki/Q4071928","display_name":"Cyber threats","level":2,"score":0.3319999873638153},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3131999969482422},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.27549999952316284},{"id":"https://openalex.org/C3008058167","wikidata":"https://www.wikidata.org/wiki/Q84263196","display_name":"Coronavirus disease 2019 (COVID-19)","level":4,"score":0.2687000036239624}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/raid67961.2025.00042","is_oa":false,"landing_page_url":"https://doi.org/10.1109/raid67961.2025.00042","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 28th International Symposium on Research in Attacks, Intrusions and Defenses (RAID)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Industry, innovation and infrastructure","id":"https://metadata.un.org/sdg/9","score":0.5830960273742676}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":39,"referenced_works":["https://openalex.org/W33239550","https://openalex.org/W1595868485","https://openalex.org/W1994859552","https://openalex.org/W1998843210","https://openalex.org/W2070440035","https://openalex.org/W2075986968","https://openalex.org/W2082550445","https://openalex.org/W2342718701","https://openalex.org/W2344804892","https://openalex.org/W2523421704","https://openalex.org/W2528572867","https://openalex.org/W2728121559","https://openalex.org/W2768793959","https://openalex.org/W2786906486","https://openalex.org/W2904027722","https://openalex.org/W2912464539","https://openalex.org/W2942650110","https://openalex.org/W2946898425","https://openalex.org/W2954590176","https://openalex.org/W2974735516","https://openalex.org/W2995774794","https://openalex.org/W3085382268","https://openalex.org/W3109909009","https://openalex.org/W3123313586","https://openalex.org/W3131352160","https://openalex.org/W3133309708","https://openalex.org/W3145510714","https://openalex.org/W3173684417","https://openalex.org/W3197465574","https://openalex.org/W4205759134","https://openalex.org/W4281856661","https://openalex.org/W4285276629","https://openalex.org/W4288079986","https://openalex.org/W4328028678","https://openalex.org/W4380985984","https://openalex.org/W4383753505","https://openalex.org/W4383989173","https://openalex.org/W4385412492","https://openalex.org/W4394709582"],"related_works":[],"abstract_inverted_index":{"Botnets":[0],"often":[1],"employ":[2],"Domain":[3],"Generation":[4],"Algorithms":[5],"(DGAs)":[6],"to":[7,23,41,48,89,139,214,224],"evade":[8],"detection":[9],"and":[10,16,27,83,147,203],"maintain":[11],"communication":[12],"with":[13,161],"their":[14,30,43],"Command":[15],"Control":[17],"(C2)":[18],"servers.":[19],"Despite":[20],"extensive":[21],"efforts":[22],"contain":[24],"individual":[25],"botnets":[26,82,178],"take":[28,148],"down":[29],"C2":[31],"infrastructure,":[32],"a":[33,55,66,118,129,150,220],"significant":[34],"knowledge":[35],"gap":[36,64],"remains":[37],"regarding":[38],"the":[39,74,95,182,190,200,205],"extent":[40],"which":[42,71,174],"associated":[44,160],"DGA-generated":[45],"domains":[46,163],"continue":[47],"be":[49],"registered":[50,97],"by":[51,77,93,134,165,177],"malicious":[52,158,201],"actors,":[53,136],"posing":[54],"latent":[56],"threat.":[57],"In":[58,154],"this":[59,63],"paper,":[60],"we":[61,72,127,156,193],"close":[62],"through":[65],"comprehensive":[67],"measurement":[68],"study":[69],"in":[70,101],"quantify":[73],"threats":[75],"posed":[76],"botnets,":[78],"including":[79],"both":[80],"active":[81],"those":[84],"that":[85,179,196],"have":[86,180,198],"been":[87,181],"subject":[88],"previous":[90,144,185],"takedown":[91,186],"operations,":[92],"analyzing":[94],"daily":[96],"domain":[98],"names":[99],"included":[100],"1165":[102],"DNS":[103],"zone":[104],"files,":[105],"covering":[106],"$80.62":[107],"\\%$":[108],"of":[109,120,152,173,184,207],"all":[110],"1445":[111],"currently":[112],"valid":[113],"Top-Level":[114],"Domains":[115],"(TLDs),":[116],"over":[117,149],"period":[119],"$\\mathbf{1":[121],"3}$":[122],"months.":[123],"During":[124],"our":[125],"study,":[126],"observe":[128],"decade-old":[130],"botnet":[131],"being":[132],"reactivated":[133],"new":[135],"allowing":[137],"them":[138],"receive":[140],"incoming":[141],"connections":[142],"from":[143],"dormant":[145],"infections":[146],"number":[151],"machines.":[153],"total,":[155],"uncover":[157,215],"activities":[159],"7058":[162],"generated":[164],"58":[166],"different":[167],"known":[168],"DGAs,":[169,218],"at":[170],"least":[171],"17":[172],"are":[175],"used":[176],"target":[183],"operations.":[187],"To":[188],"improve":[189],"status":[191],"quo,":[192],"discuss":[194],"approaches":[195],"could":[197],"prevented":[199],"acts":[202],"highlight":[204],"potential":[206],"recently":[208],"proposed":[209],"Machine":[210],"Learning":[211],"(ML)":[212],"techniques":[213],"yet":[216],"unknown":[217],"enabling":[219],"more":[221],"proactive":[222],"approach":[223],"threat":[225],"detection.":[226]},"counts_by_year":[],"updated_date":"2026-02-03T00:53:05.648605","created_date":"2026-02-01T00:00:00"}