{"id":"https://openalex.org/W2767129667","doi":"https://doi.org/10.1145/3140549.3140552","title":"Detecting Stealthy Botnets in a Resource-Constrained Environment using Reinforcement Learning","display_name":"Detecting Stealthy Botnets in a Resource-Constrained Environment using Reinforcement Learning","publication_year":2017,"publication_date":"2017-10-30","ids":{"openalex":"https://openalex.org/W2767129667","doi":"https://doi.org/10.1145/3140549.3140552","mag":"2767129667"},"language":"en","primary_location":{"id":"doi:10.1145/3140549.3140552","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3140549.3140552","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 Workshop on Moving Target Defense","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5109412228","display_name":"Sridhar Venkatesan","orcid":null},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Sridhar Venkatesan","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5066709657","display_name":"Massimiliano Albanese","orcid":"https://orcid.org/0000-0002-2675-5810"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Massimiliano Albanese","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5046576682","display_name":"Ankit Shah","orcid":"https://orcid.org/0000-0002-8314-6392"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ankit Shah","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5080033909","display_name":"Rajesh Ganesan","orcid":"https://orcid.org/0000-0003-1875-548X"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Rajesh Ganesan","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5010727123","display_name":"Sushil Jajodia","orcid":"https://orcid.org/0000-0003-3210-558X"},"institutions":[{"id":"https://openalex.org/I162714631","display_name":"George Mason University","ror":"https://ror.org/02jqj7156","country_code":"US","type":"education","lineage":["https://openalex.org/I162714631"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sushil Jajodia","raw_affiliation_strings":["George Mason University, Fairfax, VA, USA"],"affiliations":[{"raw_affiliation_string":"George Mason University, Fairfax, VA, USA","institution_ids":["https://openalex.org/I162714631"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5109412228"],"corresponding_institution_ids":["https://openalex.org/I162714631"],"apc_list":null,"apc_paid":null,"fwci":2.9008,"has_fulltext":false,"cited_by_count":28,"citation_normalized_percentile":{"value":0.92340725,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"75","last_page":"85"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9991000294685364,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/botnet","display_name":"Botnet","score":0.8190207481384277},{"id":"https://openalex.org/keywords/reinforcement-learning","display_name":"Reinforcement learning","score":0.7719632387161255},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6972072124481201},{"id":"https://openalex.org/keywords/resource","display_name":"Resource (disambiguation)","score":0.48011231422424316},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4571196734905243},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3426145315170288},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2737899422645569},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.20877963304519653},{"id":"https://openalex.org/keywords/the-internet","display_name":"The Internet","score":0.11809307336807251}],"concepts":[{"id":"https://openalex.org/C22735295","wikidata":"https://www.wikidata.org/wiki/Q317671","display_name":"Botnet","level":3,"score":0.8190207481384277},{"id":"https://openalex.org/C97541855","wikidata":"https://www.wikidata.org/wiki/Q830687","display_name":"Reinforcement learning","level":2,"score":0.7719632387161255},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6972072124481201},{"id":"https://openalex.org/C206345919","wikidata":"https://www.wikidata.org/wiki/Q20380951","display_name":"Resource (disambiguation)","level":2,"score":0.48011231422424316},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4571196734905243},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3426145315170288},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2737899422645569},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.20877963304519653},{"id":"https://openalex.org/C110875604","wikidata":"https://www.wikidata.org/wiki/Q75","display_name":"The Internet","level":2,"score":0.11809307336807251}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3140549.3140552","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3140549.3140552","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2017 Workshop on Moving Target Defense","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1195239028","display_name":null,"funder_award_id":"N00014-13-1-0703","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"},{"id":"https://openalex.org/G3557725478","display_name":null,"funder_award_id":"W911NF- 13-1-0421 and W911NF-13-1-0317","funder_id":"https://openalex.org/F4320338281","funder_display_name":"Army Research Office"}],"funders":[{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"},{"id":"https://openalex.org/F4320338281","display_name":"Army Research Office","ror":"https://ror.org/05epdh915"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":27,"referenced_works":["https://openalex.org/W85747787","https://openalex.org/W191098608","https://openalex.org/W1517527854","https://openalex.org/W1534175858","https://openalex.org/W1544279955","https://openalex.org/W1559834288","https://openalex.org/W1583098994","https://openalex.org/W1601081659","https://openalex.org/W1775772884","https://openalex.org/W1976309217","https://openalex.org/W1976866799","https://openalex.org/W2031163547","https://openalex.org/W2052854132","https://openalex.org/W2058314598","https://openalex.org/W2093331366","https://openalex.org/W2102262986","https://openalex.org/W2105599110","https://openalex.org/W2170214103","https://openalex.org/W2213391909","https://openalex.org/W2341171179","https://openalex.org/W2505159842","https://openalex.org/W2506654222","https://openalex.org/W2519646782","https://openalex.org/W2535913029","https://openalex.org/W2583814745","https://openalex.org/W2701082937","https://openalex.org/W2914982603"],"related_works":["https://openalex.org/W3159690896","https://openalex.org/W1989286518","https://openalex.org/W2921012173","https://openalex.org/W2124456408","https://openalex.org/W2945572725","https://openalex.org/W2758517546","https://openalex.org/W2313847479","https://openalex.org/W1975315982","https://openalex.org/W3134680667","https://openalex.org/W2804396347"],"abstract_inverted_index":{"Modern":[0],"botnets":[1,32,108],"can":[2],"persist":[3],"in":[4,14,22,63,136,149],"networked":[5],"systems":[6],"for":[7],"extended":[8],"periods":[9],"of":[10,25,82,97,106,113,128],"time":[11],"by":[12,109],"operating":[13],"a":[15,36,64,69,79,120,126,137],"stealthy":[16,31,107,152],"manner.":[17],"Despite":[18],"the":[19,23,91,98,104,111,129,144],"progress":[20],"made":[21],"area":[24],"botnet":[26],"prevention,":[27],"detection,":[28],"and":[29,76,87,116,132],"mitigation,":[30],"continue":[33],"to":[34,39,48,58,74,102],"pose":[35],"significant":[37,46],"risk":[38],"enterprises.":[40],"Furthermore,":[41],"existing":[42],"enterprise-scale":[43],"solutions":[44],"require":[45],"resources":[47],"operate":[49],"effectively,":[50],"thus":[51],"they":[52],"are":[53],"not":[54],"practical.":[55],"In":[56],"order":[57],"address":[59],"this":[60],"important":[61],"problem":[62],"resource-constrained":[65],"environment,":[66],"we":[67],"propose":[68],"reinforcement":[70],"learning":[71],"based":[72],"approach":[73,100,146],"optimally":[75],"dynamically":[77],"deploy":[78],"limited":[80],"number":[81,112],"defensive":[83],"mechanisms,":[84],"namely":[85],"honeypots":[86],"network-based":[88],"detectors,":[89],"within":[90],"target":[92],"network.":[93],"The":[94,140],"ultimate":[95],"goal":[96],"proposed":[99,130,145],"is":[101,147],"reduce":[103],"lifetime":[105],"maximizing":[110],"bots":[114],"identified":[115],"taken":[117],"down":[118],"through":[119],"sequential":[121],"decision-making":[122],"process.":[123],"We":[124],"provide":[125],"proof-of-concept":[127],"approach,":[131],"study":[133],"its":[134],"performance":[135],"simulated":[138],"environment.":[139],"results":[141],"show":[142],"that":[143],"promising":[148],"protecting":[150],"against":[151],"botnets.":[153]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":6},{"year":2021,"cited_by_count":3},{"year":2020,"cited_by_count":6},{"year":2019,"cited_by_count":2},{"year":2018,"cited_by_count":6}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}