{"id":"https://openalex.org/W3165436718","doi":"https://doi.org/10.1186/s42400-021-00093-7","title":"LSTM RNN: detecting exploit kits using redirection chain sequences","display_name":"LSTM RNN: detecting exploit kits using redirection chain sequences","publication_year":2021,"publication_date":"2021-07-11","ids":{"openalex":"https://openalex.org/W3165436718","doi":"https://doi.org/10.1186/s42400-021-00093-7","mag":"3165436718"},"language":"en","primary_location":{"id":"doi:10.1186/s42400-021-00093-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-021-00093-7","pdf_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-021-00093-7","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"diamond","oa_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-021-00093-7","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5072987802","display_name":"Jonah Burgess","orcid":"https://orcid.org/0000-0003-4378-483X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":true,"raw_author_name":"Jonah Burgess","raw_affiliation_strings":["Centre for Secure Information Technologies (CSIT), Queen\u2019s University Belfast, Northern Ireland Science Park, Queen\u2019s Road, Belfast, BT3 9DT, UK","Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen\u2019s University Belfast, Northern Ireland Science Park, Queen\u2019s Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5017537630","display_name":"Philip O\u2019Kane","orcid":"https://orcid.org/0000-0002-7792-336X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Philip O\u2019Kane","raw_affiliation_strings":["Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103020013","display_name":"Sakir Sezer","orcid":"https://orcid.org/0000-0003-2857-616X"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Sakir Sezer","raw_affiliation_strings":["Centre for Secure Information Technologies (CSIT), Queen\u2019s University Belfast, Northern Ireland Science Park, Queen\u2019s Road, Belfast, BT3 9DT, UK","Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen\u2019s University Belfast, Northern Ireland Science Park, Queen\u2019s Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5080315320","display_name":"Domhnall Carlin","orcid":"https://orcid.org/0000-0002-8424-2757"},"institutions":[{"id":"https://openalex.org/I126231945","display_name":"Queen's University Belfast","ror":"https://ror.org/00hswnk62","country_code":"GB","type":"education","lineage":["https://openalex.org/I126231945"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Domhnall Carlin","raw_affiliation_strings":["Centre for Secure Information Technologies (CSIT), Queen\u2019s University Belfast, Northern Ireland Science Park, Queen\u2019s Road, Belfast, BT3 9DT, UK","Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK"],"affiliations":[{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen\u2019s University Belfast, Northern Ireland Science Park, Queen\u2019s Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]},{"raw_affiliation_string":"Centre for Secure Information Technologies (CSIT), Queen's University Belfast, Northern Ireland Science Park, Queen's Road, Belfast, BT3 9DT, UK","institution_ids":["https://openalex.org/I126231945"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5072987802"],"corresponding_institution_ids":["https://openalex.org/I126231945"],"apc_list":null,"apc_paid":null,"fwci":3.1278,"has_fulltext":true,"cited_by_count":12,"citation_normalized_percentile":{"value":0.92557927,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":"4","issue":"1","first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9994000196456909,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9139410257339478},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8496146202087402},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7566850185394287},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5449981689453125},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4910743236541748},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.46847501397132874},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.46310824155807495},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4047326147556305},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3966744542121887},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3243541121482849}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9139410257339478},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8496146202087402},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7566850185394287},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5449981689453125},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4910743236541748},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.46847501397132874},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.46310824155807495},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4047326147556305},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3966744542121887},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3243541121482849},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1186/s42400-021-00093-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-021-00093-7","pdf_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-021-00093-7","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},{"id":"pmh:oai:pure.qub.ac.uk/portal:publications/579602e5-6a0a-4c7c-bb67-cecfa0c19833","is_oa":true,"landing_page_url":"https://pure.qub.ac.uk/en/publications/579602e5-6a0a-4c7c-bb67-cecfa0c19833","pdf_url":"https://pureadmin.qub.ac.uk/ws/files/243843018/LSTM_RNN_Detecting_Exploit_Kits_using_Redirection_Chain_Sequences.pdf","source":{"id":"https://openalex.org/S4306402319","display_name":"Research Portal (Queen's University Belfast)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I126231945","host_organization_name":"Queen's University Belfast","host_organization_lineage":["https://openalex.org/I126231945"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Burgess , J , O'Kane , P , Sezer , S &amp; Carlin , D 2021 , ' LSTM RNN: Detecting Exploit Kits using Redirection Chain Sequences ' , Cybersecurity , vol. 4 , 25 . https://doi.org/10.1186/s42400-021-00093-7","raw_type":"article"},{"id":"pmh:oai:doaj.org/article:68930ceb3138467a9b189dd15d00db44","is_oa":true,"landing_page_url":"https://doaj.org/article/68930ceb3138467a9b189dd15d00db44","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by-sa","license_id":"https://openalex.org/licenses/cc-by-sa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Cybersecurity, Vol 4, Iss 1, Pp 1-15 (2021)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1186/s42400-021-00093-7","is_oa":true,"landing_page_url":"https://doi.org/10.1186/s42400-021-00093-7","pdf_url":"https://cybersecurity.springeropen.com/track/pdf/10.1186/s42400-021-00093-7","source":{"id":"https://openalex.org/S3035238565","display_name":"Cybersecurity","issn_l":"2523-3246","issn":["2523-3246"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319965","host_organization_name":"Springer Nature","host_organization_lineage":["https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Nature"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Cybersecurity","raw_type":"journal-article"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.7900000214576721,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3165436718.pdf","grobid_xml":"https://content.openalex.org/works/W3165436718.grobid-xml"},"referenced_works_count":20,"referenced_works":["https://openalex.org/W1636478641","https://openalex.org/W2058949392","https://openalex.org/W2083391339","https://openalex.org/W2084835421","https://openalex.org/W2117202485","https://openalex.org/W2296488620","https://openalex.org/W2302325356","https://openalex.org/W2605123824","https://openalex.org/W2792736988","https://openalex.org/W2793171130","https://openalex.org/W2794786175","https://openalex.org/W2894950245","https://openalex.org/W2906692229","https://openalex.org/W2918605809","https://openalex.org/W2945430668","https://openalex.org/W2955975921","https://openalex.org/W2969295985","https://openalex.org/W2970485246","https://openalex.org/W2974849064","https://openalex.org/W3022221092"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W2536018345","https://openalex.org/W4312814274","https://openalex.org/W4285370786","https://openalex.org/W2296488620","https://openalex.org/W2358353312","https://openalex.org/W1966145327"],"abstract_inverted_index":{"Abstract":[0],"While":[1],"consumers":[2],"use":[3],"the":[4,13,43,49,65,96,114,162,172,179],"web":[5],"to":[6,52,74,84,107,185],"perform":[7],"routine":[8],"activities,":[9],"they":[10,80],"are":[11,120,155],"under":[12],"constant":[14],"threat":[15],"of":[16,56,100,116,135,146,169,181],"attack":[17],"from":[18],"malicious":[19,38,70],"websites.":[20],"Even":[21],"when":[22],"visiting":[23],"\u2018trusted\u2019":[24],"sites,":[25],"there":[26],"is":[27,33,140],"always":[28],"a":[29,37,54,101,128,132,143],"risk":[30],"that":[31],"site":[32],"compromised,":[34],"and,":[35],"hosting":[36],"script.":[39],"In":[40],"this":[41,93],"scenario,":[42],"injected":[44],"script":[45],"would":[46],"typically":[47],"force":[48],"victim\u2019s":[50],"browser":[51],"undergo":[53],"series":[55],"redirects":[57],"before":[58],"reaching":[59],"an":[60,166],"attacker-controlled":[61],"domain,":[62],"which,":[63],"delivers":[64],"actual":[66],"malware.":[67],"Although":[68],"these":[69],"redirection":[71,152],"chains":[72],"aim":[73],"frustrate":[75],"detection":[76],"and":[77,130,149],"analysis":[78],"efforts,":[79],"could":[81],"be":[82],"used":[83],"help":[85],"identify":[86],"web-based":[87],"attacks.":[88],"Building":[89],"upon":[90],"previous":[91],"work,":[92],"paper":[94],"presents":[95],"first":[97],"known":[98],"application":[99],"Long":[102],"Short-Term":[103],"Memory":[104],"(LSTM)":[105],"network":[106],"detect":[108],"Exploit":[109],"Kit":[110],"(EK)":[111],"traffic,":[112],"utilising":[113],"structure":[115],"HTTP":[117],"redirects.":[118],"Samples":[119],"processed":[121],"as":[122],"sequences,":[123],"where":[124],"each":[125],"timestep":[126],"represents":[127],"redirect":[129],"contains":[131],"unique":[133],"combination":[134],"48":[136],"features.":[137],"The":[138],"experiment":[139],"conducted":[141],"using":[142],"ground-truth":[144],"dataset":[145],"1279":[147],"EK":[148],"5910":[150],"benign":[151],"chains.":[153],"Hyper-parameters":[154],"tuned":[156],"via":[157],"K-fold":[158],"cross-validation":[159],"(5f-CV),":[160],"with":[161],"optimal":[163],"configuration":[164],"achieving":[165],"F1":[167],"score":[168],"0.9878":[170],"against":[171],"unseen":[173],"test":[174],"set.":[175],"Furthermore,":[176],"we":[177],"compare":[178],"results":[180],"isolated":[182],"feature":[183],"categories":[184],"assess":[186],"their":[187],"importance.":[188]},"counts_by_year":[{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":5},{"year":2023,"cited_by_count":3},{"year":2022,"cited_by_count":3}],"updated_date":"2026-04-04T16:13:02.066488","created_date":"2025-10-10T00:00:00"}