{"id":"https://openalex.org/W3143295709","doi":"https://doi.org/10.1155/2021/6653386","title":"HTTP-Based APT Malware Infection Detection Using URL Correlation Analysis","display_name":"HTTP-Based APT Malware Infection Detection Using URL Correlation Analysis","publication_year":2021,"publication_date":"2021-04-07","ids":{"openalex":"https://openalex.org/W3143295709","doi":"https://doi.org/10.1155/2021/6653386","mag":"3143295709"},"language":"en","primary_location":{"id":"doi:10.1155/2021/6653386","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2021/6653386","pdf_url":"https://downloads.hindawi.com/journals/scn/2021/6653386.pdf","source":{"id":"https://openalex.org/S120683614","display_name":"Security and Communication Networks","issn_l":"1939-0114","issn":["1939-0114","1939-0122"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319869","host_organization_name":"Hindawi Publishing Corporation","host_organization_lineage":["https://openalex.org/P4310319869"],"host_organization_lineage_names":["Hindawi Publishing Corporation"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security and Communication Networks","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://downloads.hindawi.com/journals/scn/2021/6653386.pdf","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5029715489","display_name":"Weina Niu","orcid":"https://orcid.org/0000-0002-3235-3463"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Wei-Na Niu","raw_affiliation_strings":["School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100609141","display_name":"Jiao Xie","orcid":"https://orcid.org/0000-0003-2857-3823"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiao Xie","raw_affiliation_strings":["School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100780268","display_name":"Xiaosong Zhang","orcid":"https://orcid.org/0000-0001-9886-1412"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]},{"id":"https://openalex.org/I4210136793","display_name":"Peng Cheng Laboratory","ror":"https://ror.org/03qdqbt06","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210136793"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xiao-Song Zhang","raw_affiliation_strings":["Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen 518040, China","School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China"],"affiliations":[{"raw_affiliation_string":"Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen 518040, China","institution_ids":["https://openalex.org/I4210136793"]},{"raw_affiliation_string":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100329450","display_name":"Chong Wang","orcid":"https://orcid.org/0000-0002-6462-1522"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Chong Wang","raw_affiliation_strings":["School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101938010","display_name":"Xinqiang Li","orcid":"https://orcid.org/0000-0002-5141-3900"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xin-Qiang Li","raw_affiliation_strings":["School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101893410","display_name":"Ruidong Chen","orcid":"https://orcid.org/0000-0002-1970-5743"},"institutions":[{"id":"https://openalex.org/I150229711","display_name":"University of Electronic Science and Technology of China","ror":"https://ror.org/04qr3zq92","country_code":"CN","type":"education","lineage":["https://openalex.org/I150229711"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Rui-Dong Chen","raw_affiliation_strings":["School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China (UESTC), Chengdu 611731, China","institution_ids":["https://openalex.org/I150229711"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100442739","display_name":"Xiaolei Liu","orcid":"https://orcid.org/0000-0001-8510-4025"},"institutions":[{"id":"https://openalex.org/I2801345734","display_name":"China Academy of Engineering Physics","ror":"https://ror.org/039vqpp67","country_code":"CN","type":"facility","lineage":["https://openalex.org/I2801345734"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Xiao-Lei Liu","raw_affiliation_strings":["Institute of Computer Application, China Academy of Engineering Physics, Mianyang 621900, China"],"affiliations":[{"raw_affiliation_string":"Institute of Computer Application, China Academy of Engineering Physics, Mianyang 621900, China","institution_ids":["https://openalex.org/I2801345734"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5100442739"],"corresponding_institution_ids":["https://openalex.org/I2801345734"],"apc_list":{"value":2100,"currency":"USD","value_usd":2100},"apc_paid":{"value":2100,"currency":"USD","value_usd":2100},"fwci":1.0803,"has_fulltext":true,"cited_by_count":8,"citation_normalized_percentile":{"value":0.76174878,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":97},"biblio":{"volume":"2021","issue":null,"first_page":"1","last_page":"12"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8250813484191895},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7551162242889404},{"id":"https://openalex.org/keywords/header","display_name":"Header","score":0.484793096780777},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.40875905752182007},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.36971166729927063},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3502683639526367},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.1931149661540985},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.15891975164413452}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8250813484191895},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7551162242889404},{"id":"https://openalex.org/C48105269","wikidata":"https://www.wikidata.org/wiki/Q1141160","display_name":"Header","level":2,"score":0.484793096780777},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.40875905752182007},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.36971166729927063},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3502683639526367},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.1931149661540985},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.15891975164413452}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1155/2021/6653386","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2021/6653386","pdf_url":"https://downloads.hindawi.com/journals/scn/2021/6653386.pdf","source":{"id":"https://openalex.org/S120683614","display_name":"Security and Communication Networks","issn_l":"1939-0114","issn":["1939-0114","1939-0122"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319869","host_organization_name":"Hindawi Publishing Corporation","host_organization_lineage":["https://openalex.org/P4310319869"],"host_organization_lineage_names":["Hindawi Publishing Corporation"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security and Communication Networks","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:3cffcd45a06f4d3988b09dc203497718","is_oa":true,"landing_page_url":"https://doaj.org/article/3cffcd45a06f4d3988b09dc203497718","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Security and Communication Networks, Vol 2021 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1155/2021/6653386","is_oa":true,"landing_page_url":"https://doi.org/10.1155/2021/6653386","pdf_url":"https://downloads.hindawi.com/journals/scn/2021/6653386.pdf","source":{"id":"https://openalex.org/S120683614","display_name":"Security and Communication Networks","issn_l":"1939-0114","issn":["1939-0114","1939-0122"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319869","host_organization_name":"Hindawi Publishing Corporation","host_organization_lineage":["https://openalex.org/P4310319869"],"host_organization_lineage_names":["Hindawi Publishing Corporation"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Security and Communication Networks","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1121271761","display_name":null,"funder_award_id":"Program","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G1700739897","display_name":null,"funder_award_id":"PY20210160","funder_id":"https://openalex.org/F4320321536","funder_display_name":"China Academy of Engineering Physics"},{"id":"https://openalex.org/G2087396116","display_name":null,"funder_award_id":"China","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2206035631","display_name":null,"funder_award_id":"6190226","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G2678352498","display_name":null,"funder_award_id":"2016QY13Z2302","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G320636478","display_name":null,"funder_award_id":"2016QY13Z2302","funder_id":"https://openalex.org/F4320321536","funder_display_name":"China Academy of Engineering Physics"},{"id":"https://openalex.org/G3317480652","display_name":null,"funder_award_id":"Science","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G391238517","display_name":null,"funder_award_id":", and","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5407219275","display_name":null,"funder_award_id":"SJ2020A08","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5421636069","display_name":null,"funder_award_id":"SJ2020A08","funder_id":"https://openalex.org/F4320321536","funder_display_name":"China Academy of Engineering Physics"},{"id":"https://openalex.org/G553121097","display_name":null,"funder_award_id":"JG2019055","funder_id":"https://openalex.org/F4320321536","funder_display_name":"China Academy of Engineering Physics"},{"id":"https://openalex.org/G5939423041","display_name":null,"funder_award_id":"Technology","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5994120800","display_name":null,"funder_award_id":"Natural","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G630459151","display_name":null,"funder_award_id":"61902262","funder_id":"https://openalex.org/F4320321536","funder_display_name":"China Academy of Engineering Physics"},{"id":"https://openalex.org/G66755767","display_name":null,"funder_award_id":"JG2019055","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G7411095270","display_name":null,"funder_award_id":"PY20210160","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8050651220","display_name":null,"funder_award_id":"202101","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G935485695","display_name":null,"funder_award_id":"61902262","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321536","display_name":"China Academy of Engineering Physics","ror":"https://ror.org/039vqpp67"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3143295709.pdf","grobid_xml":"https://content.openalex.org/works/W3143295709.grobid-xml"},"referenced_works_count":21,"referenced_works":["https://openalex.org/W70584117","https://openalex.org/W1504269120","https://openalex.org/W1583098994","https://openalex.org/W1775772884","https://openalex.org/W2012543144","https://openalex.org/W2026621111","https://openalex.org/W2077753963","https://openalex.org/W2114250523","https://openalex.org/W2167382913","https://openalex.org/W2171200911","https://openalex.org/W2564186131","https://openalex.org/W2602502610","https://openalex.org/W2740113232","https://openalex.org/W2781133758","https://openalex.org/W2808451423","https://openalex.org/W2884020303","https://openalex.org/W2994607020","https://openalex.org/W2996504599","https://openalex.org/W3000410487","https://openalex.org/W3002573977","https://openalex.org/W6981170678"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W4387369504","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"APT":[0,20,59,68,85,95,166,184,193],"malware":[1,21,60,69,86,167,185,194],"exploits":[2],"HTTP":[3,28,42,103,112,159,168],"to":[4,13,66,89,114,142,207],"establish":[5],"communication":[6],"with":[7,70],"a":[8,116,137,228],"C":[9,11],"&amp;":[10],"server":[12],"hide":[14],"their":[15],"malicious":[16],"activities.":[17],"Thus,":[18],"HTTP-based":[19,58],"infection":[22],"can":[23,189],"be":[24],"discovered":[25],"by":[26,97,127,242],"analyzing":[27,98],"traffic.":[29,104],"Recent":[30],"methods":[31],"have":[32,150,179,203,221],"been":[33],"dependent":[34],"on":[35],"the":[36,51,56,99,107,111,123,144,152,182,218,231,238],"extraction":[37],"of":[38,102,233],"statistical":[39],"features":[40,52],"from":[41,55,161,170],"traffic,":[43,195],"which":[44,82,234],"is":[45,200],"suitable":[46],"for":[47],"machine":[48],"learning.":[49],"However,":[50],"they":[53],"extract":[54],"limited":[57],"traffic":[61,87,186],"dataset":[62],"are":[63],"too":[64],"simple":[65],"detect":[67,191],"strong":[71],"randomness":[72],"insufficiently.":[73],"In":[74],"this":[75],"paper,":[76],"we":[77,121],"propose":[78],"an":[79],"innovative":[80],"approach":[81,210,226],"could":[83],"uncover":[84],"related":[88],"data":[90],"exfiltration":[91],"and":[92,131,163,174,196,215,217,237],"other":[93],"suspect":[94],"activities":[96],"header":[100,113],"fields":[101],"We":[105,134,149,202],"use":[106,136],"Referer":[108],"field":[109],"in":[110],"construct":[115],"web":[117,124],"request":[118,125,140],"graph.":[119],"Then,":[120],"optimize":[122],"graph":[126],"combining":[128],"URL":[129],"similarity":[130],"redirect":[132],"reconstruction.":[133],"also":[135,204],"normal":[138,158],"uncorrelated":[139],"filter":[141,143],"remaining":[145],"unrelated":[146],"legitimate":[147],"requests.":[148],"evaluated":[151],"proposed":[153],"method":[154,188],"using":[155],"1.48":[156],"GB":[157],"flow":[160,169],"clickminer":[162],"280":[164],"MB":[165],"Stratosphere":[171],"Lab,":[172],"Contagiodump,":[173],"pcapanalysis.":[175],"The":[176],"experimental":[177,219],"results":[178,220],"shown":[180],"that":[181,223],"URL-correlation-based":[183],"detection":[187,225],"correctly":[190],"96.08%":[192,236],"its":[197],"recall":[198],"rate":[199],"98.87%.":[201],"conducted":[205],"experiments":[206],"compare":[208],"our":[209,224],"against":[211],"Jiang\u2019s":[212],"method,":[213],"MalHunter,":[214],"BotDet,":[216],"confirmed":[222],"has":[227],"better":[229],"performance,":[230],"accuracy":[232],"reached":[235],"F1":[239],"value":[240],"increased":[241],"more":[243],"than":[244],"5%.":[245]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":3}],"updated_date":"2026-04-19T08:26:33.389920","created_date":"2025-10-10T00:00:00"}