{"id":"https://openalex.org/W2012917383","doi":"https://doi.org/10.1145/2676869","title":"A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means","display_name":"A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means","publication_year":2015,"publication_date":"2015-04-03","ids":{"openalex":"https://openalex.org/W2012917383","doi":"https://doi.org/10.1145/2676869","mag":"2012917383"},"language":"en","primary_location":{"id":"doi:10.1145/2676869","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2676869","pdf_url":null,"source":{"id":"https://openalex.org/S4210170305","display_name":"ACM Transactions on Management Information Systems","issn_l":"2158-656X","issn":["2158-656X","2158-6578"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Management Information Systems","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5040630140","display_name":"Shing-Han Li","orcid":null},"institutions":[{"id":"https://openalex.org/I43566213","display_name":"National Taipei University of Business","ror":"https://ror.org/029hrv109","country_code":"TW","type":"education","lineage":["https://openalex.org/I43566213"]}],"countries":["TW"],"is_corresponding":true,"raw_author_name":"Shing-Han Li","raw_affiliation_strings":["Department of Accounting Information, National Taipei University of Business, Taipei, Taiwan","Department of Accounting Information, National Taipei University of Business, Taipei, Taiwan#TAB#"],"affiliations":[{"raw_affiliation_string":"Department of Accounting Information, National Taipei University of Business, Taipei, Taiwan","institution_ids":["https://openalex.org/I43566213"]},{"raw_affiliation_string":"Department of Accounting Information, National Taipei University of Business, Taipei, Taiwan#TAB#","institution_ids":["https://openalex.org/I43566213"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5111128365","display_name":"Yu\u2010Cheng Kao","orcid":null},"institutions":[{"id":"https://openalex.org/I65196183","display_name":"Tatung University","ror":"https://ror.org/030m18266","country_code":"TW","type":"education","lineage":["https://openalex.org/I65196183"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Yu-Cheng Kao","raw_affiliation_strings":["Department of Information Management, Tatung University, Taipei, Taiwan","Department of Information Management, Tatung University , Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Department of Information Management, Tatung University, Taipei, Taiwan","institution_ids":["https://openalex.org/I65196183"]},{"raw_affiliation_string":"Department of Information Management, Tatung University , Taipei, Taiwan","institution_ids":["https://openalex.org/I65196183"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064524736","display_name":"Zong-Cyuan Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I65196183","display_name":"Tatung University","ror":"https://ror.org/030m18266","country_code":"TW","type":"education","lineage":["https://openalex.org/I65196183"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Zong-Cyuan Zhang","raw_affiliation_strings":["Department of Information Management, Tatung University, Taipei, Taiwan","Department of Information Management, Tatung University , Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Department of Information Management, Tatung University, Taipei, Taiwan","institution_ids":["https://openalex.org/I65196183"]},{"raw_affiliation_string":"Department of Information Management, Tatung University , Taipei, Taiwan","institution_ids":["https://openalex.org/I65196183"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008045741","display_name":"Ying-Ping Chuang","orcid":null},"institutions":[{"id":"https://openalex.org/I65196183","display_name":"Tatung University","ror":"https://ror.org/030m18266","country_code":"TW","type":"education","lineage":["https://openalex.org/I65196183"]}],"countries":["TW"],"is_corresponding":false,"raw_author_name":"Ying-Ping Chuang","raw_affiliation_strings":["Department of Information Management, Tatung University, Taipei, Taiwan","Department of Information Management, Tatung University , Taipei, Taiwan"],"affiliations":[{"raw_affiliation_string":"Department of Information Management, Tatung University, Taipei, Taiwan","institution_ids":["https://openalex.org/I65196183"]},{"raw_affiliation_string":"Department of Information Management, Tatung University , Taipei, Taiwan","institution_ids":["https://openalex.org/I65196183"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091354653","display_name":"David C. Yen","orcid":"https://orcid.org/0000-0001-7093-0877"},"institutions":[{"id":"https://openalex.org/I122713931","display_name":"SUNY Oneonta","ror":"https://ror.org/02r3ym141","country_code":"US","type":"education","lineage":["https://openalex.org/I122713931"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David C. Yen","raw_affiliation_strings":["School of Economics and Business, SUNY College at Oneonta, Department of Information Systems and Analytics, Oneonta, NY","School of Economics and Business, SUNY College at Oneonta, Department of Information Systems and Analytics, Oneonta, NY#TAB#"],"affiliations":[{"raw_affiliation_string":"School of Economics and Business, SUNY College at Oneonta, Department of Information Systems and Analytics, Oneonta, NY","institution_ids":["https://openalex.org/I122713931"]},{"raw_affiliation_string":"School of Economics and Business, SUNY College at Oneonta, Department of Information Systems and Analytics, Oneonta, NY#TAB#","institution_ids":["https://openalex.org/I122713931"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5040630140"],"corresponding_institution_ids":["https://openalex.org/I43566213"],"apc_list":null,"apc_paid":null,"fwci":5.3251,"has_fulltext":false,"cited_by_count":52,"citation_normalized_percentile":{"value":0.95919644,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"6","issue":"1","first_page":"1","last_page":"30"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.9808492660522461},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7394329309463501},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6540877223014832},{"id":"https://openalex.org/keywords/denial-of-service-attack","display_name":"Denial-of-service attack","score":0.5779016017913818},{"id":"https://openalex.org/keywords/network-security","display_name":"Network security","score":0.5613892674446106},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.5524274706840515},{"id":"https://openalex.org/keywords/network-packet","display_name":"Network packet","score":0.5497600436210632},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.5202416181564331},{"id":"https://openalex.org/keywords/flow-network","display_name":"Flow network","score":0.5108789801597595},{"id":"https://openalex.org/keywords/phishing","display_name":"Phishing","score":0.4606269896030426},{"id":"https://openalex.org/keywords/intrusion-detection-system","display_name":"Intrusion detection system","score":0.4198913872241974},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.15099015831947327}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.9808492660522461},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7394329309463501},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6540877223014832},{"id":"https://openalex.org/C38822068","wikidata":"https://www.wikidata.org/wiki/Q131406","display_name":"Denial-of-service attack","level":3,"score":0.5779016017913818},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.5613892674446106},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.5524274706840515},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.5497600436210632},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.5202416181564331},{"id":"https://openalex.org/C114809511","wikidata":"https://www.wikidata.org/wiki/Q1412924","display_name":"Flow network","level":2,"score":0.5108789801597595},{"id":"https://openalex.org/C83860907","wikidata":"https://www.wikidata.org/wiki/Q135005","display_name":"Phishing","level":3,"score":0.4606269896030426},{"id":"https://openalex.org/C35525427","wikidata":"https://www.wikidata.org/wiki/Q745881","display_name":"Intrusion detection system","level":2,"score":0.4198913872241974},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.15099015831947327},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C126255220","wikidata":"https://www.wikidata.org/wiki/Q141495","display_name":"Mathematical optimization","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/2676869","is_oa":false,"landing_page_url":"https://doi.org/10.1145/2676869","pdf_url":null,"source":{"id":"https://openalex.org/S4210170305","display_name":"ACM Transactions on Management Information Systems","issn_l":"2158-656X","issn":["2158-656X","2158-6578"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Transactions on Management Information Systems","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.7200000286102295,"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":49,"referenced_works":["https://openalex.org/W24706290","https://openalex.org/W152567854","https://openalex.org/W191098608","https://openalex.org/W208128215","https://openalex.org/W1483125898","https://openalex.org/W1583098994","https://openalex.org/W1585002319","https://openalex.org/W1775772884","https://openalex.org/W1964267679","https://openalex.org/W1968625510","https://openalex.org/W1977556410","https://openalex.org/W1990846772","https://openalex.org/W2011430131","https://openalex.org/W2012258043","https://openalex.org/W2026621111","https://openalex.org/W2029305100","https://openalex.org/W2039545426","https://openalex.org/W2044512962","https://openalex.org/W2044833080","https://openalex.org/W2051715830","https://openalex.org/W2061455058","https://openalex.org/W2070784798","https://openalex.org/W2072426588","https://openalex.org/W2094123363","https://openalex.org/W2097865740","https://openalex.org/W2099505562","https://openalex.org/W2109364787","https://openalex.org/W2111393363","https://openalex.org/W2115768458","https://openalex.org/W2123066915","https://openalex.org/W2135353422","https://openalex.org/W2135646341","https://openalex.org/W2140190241","https://openalex.org/W2152195021","https://openalex.org/W2154874878","https://openalex.org/W2159909072","https://openalex.org/W2162101611","https://openalex.org/W2170047692","https://openalex.org/W2274233302","https://openalex.org/W2334376481","https://openalex.org/W2375152015","https://openalex.org/W2534170501","https://openalex.org/W2604146482","https://openalex.org/W2914982603","https://openalex.org/W2951109492","https://openalex.org/W4239127116","https://openalex.org/W4240476022","https://openalex.org/W4302312764","https://openalex.org/W6638669139"],"related_works":["https://openalex.org/W2294483539","https://openalex.org/W2378449000","https://openalex.org/W3187581118","https://openalex.org/W3143747655","https://openalex.org/W2002178493","https://openalex.org/W2901835651","https://openalex.org/W4230824443","https://openalex.org/W2038807247","https://openalex.org/W2097156747","https://openalex.org/W2559738661"],"abstract_inverted_index":{"In":[0,292],"today's":[1],"world,":[2],"Botnet":[3,19,84,127,170,250,284],"has":[4,66],"become":[5],"one":[6],"of":[7,25,83,88,108,119,217,233,249,262],"the":[8,22,81,89,106,117,131,139,199,207,211,215,223,227,234,246,252,259,282,288,309,316],"greatest":[9],"threats":[10],"to":[11,20,28,44,73,104,137,154,158,198,205,244,280,299],"network":[12,175,189,218,228,235,265],"security.":[13],"Network":[14],"attackers,":[15],"or":[16,32,100],"Botmasters,":[17],"use":[18],"launch":[21],"Distributed":[23],"Denial":[24],"Service":[26],"(DDoS)":[27],"paralyze":[29],"large-scale":[30],"websites":[31],"steal":[33,45],"confidential":[34],"data":[35,123],"from":[36,222],"infected":[37,212],"computers.":[38,213],"They":[39],"also":[40],"employ":[41],"\u201cphishing\u201d":[42],"attacks":[43],"sensitive":[46],"information":[47],"(such":[48],"as":[49,266],"users\u2019":[50],"accounts":[51],"and":[52,70,79,122,134,151,162,188,203,230,239,301,306,315],"passwords),":[53],"send":[54],"bulk":[55],"email":[56],"advertising,":[57],"and/or":[58],"conduct":[59],"click":[60],"fraud.":[61],"Even":[62],"though":[63],"detection":[64,289],"technology":[65],"been":[67,77],"much":[68],"improved":[69],"some":[71],"solutions":[72],"Internet":[74],"security":[75],"have":[76],"proposed":[78,275,295],"improved,":[80],"threat":[82],"still":[85,112],"exists.":[86],"Most":[87],"past":[90],"studies":[91,202],"dealing":[92],"with":[93],"this":[94,274,294],"issue":[95],"used":[96,204,243,305],"either":[97],"packet":[98,120,132],"contents":[99,133],"traffic":[101],"flow":[102,135,224,260],"characteristics":[103,136],"identify":[105],"invasion":[107],"Botnet.":[109],"However,":[110],"there":[111],"exist":[113],"many":[114],"problems":[115,161],"in":[116,226,251,308],"areas":[118],"encryption":[121],"privacy,":[124],"simply":[125],"because":[126],"can":[128,277,302],"easily":[129],"change":[130],"circumvent":[138],"Intrusion":[140],"Detection":[141],"System":[142],"(IDS).":[143],"This":[144,255],"study":[145,256],"combines":[146],"Particle":[147],"Swarm":[148],"Optimization":[149],"(PSO)":[150],"K-means":[152,240],"algorithms":[153],"provide":[155],"a":[156,167,263],"solution":[157],"remedy":[159],"those":[160],"develop,":[163],"step":[164],"by":[165],"step,":[166],"mechanism":[168],"for":[169],"detection.":[171],"First,":[172],"three":[173],"important":[174],"behaviors":[176,194,219],"are":[177,195,220,242],"identified:":[178],"long":[179],"active":[180],"communication":[181,208],"behavior":[182,186,191],"(ActBehavior),":[183],"connection":[184],"failure":[185],"(FailBehavior),":[187],"scanning":[190],"(ScanBehavior).":[192],"These":[193],"defined":[196],"according":[197],"relevant":[200],"prior":[201],"analyze":[206],"activities":[209],"among":[210],"Second,":[214],"features":[216],"extracted":[221],"traces":[225,261],"layer":[229,232],"transport":[231],"equipment.":[236],"Third,":[237],"PSO":[238],"techniques":[241],"uncover":[245],"host":[247],"members":[248,285],"organizational":[253],"network.":[254,319],"mainly":[257],"utilizes":[258],"campus":[264,310],"an":[267],"experiment.":[268],"The":[269],"experimental":[270],"findings":[271],"show":[272],"that":[273],"approach":[276,296],"be":[278,303],"employed":[279],"detect":[281],"suspicious":[283],"earlier":[286],"than":[287],"application":[290],"systems.":[291],"addition,":[293],"is":[297],"easy":[298],"implement":[300],"further":[304],"extended":[307],"dormitory":[311],"network,":[312],"home":[313],"networks,":[314],"mobile":[317],"3G":[318]},"counts_by_year":[{"year":2025,"cited_by_count":4},{"year":2023,"cited_by_count":4},{"year":2022,"cited_by_count":4},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":12},{"year":2019,"cited_by_count":8},{"year":2018,"cited_by_count":5},{"year":2017,"cited_by_count":6},{"year":2016,"cited_by_count":4},{"year":2015,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}