{"id":"https://openalex.org/W4384834336","doi":"https://doi.org/10.23919/cycon58705.2023.10182001","title":"Towards Generalizing Machine Learning Models to Detect Command and Control Attack Traffic","display_name":"Towards Generalizing Machine Learning Models to Detect Command and Control Attack Traffic","publication_year":2023,"publication_date":"2023-05-29","ids":{"openalex":"https://openalex.org/W4384834336","doi":"https://doi.org/10.23919/cycon58705.2023.10182001"},"language":"en","primary_location":{"id":"doi:10.23919/cycon58705.2023.10182001","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cycon58705.2023.10182001","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5092503392","display_name":"Lina Gehri","orcid":null},"institutions":[{"id":"https://openalex.org/I35440088","display_name":"ETH Zurich","ror":"https://ror.org/05a28rw58","country_code":"CH","type":"education","lineage":["https://openalex.org/I2799323385","https://openalex.org/I35440088"]}],"countries":["CH"],"is_corresponding":true,"raw_author_name":"Lina Gehri","raw_affiliation_strings":["ETH Zurich,Department of Electrical Engineering and Information Technology,Zurich,Switzerland","Department of Electrical Engineering and Information Technology, ETH Zurich, Zurich, Switzerland"],"affiliations":[{"raw_affiliation_string":"ETH Zurich,Department of Electrical Engineering and Information Technology,Zurich,Switzerland","institution_ids":["https://openalex.org/I35440088"]},{"raw_affiliation_string":"Department of Electrical Engineering and Information Technology, ETH Zurich, Zurich, Switzerland","institution_ids":["https://openalex.org/I35440088"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5003682993","display_name":"Roland Meier","orcid":"https://orcid.org/0000-0002-8268-9037"},"institutions":[{"id":"https://openalex.org/I96415178","display_name":"University of Defence","ror":"https://ror.org/04arkmn57","country_code":"CZ","type":"education","lineage":["https://openalex.org/I96415178"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Roland Meier","raw_affiliation_strings":["armasuisse Science and Technology,Cyber-Defence Campus,Thun,Switzerland","Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland"],"affiliations":[{"raw_affiliation_string":"armasuisse Science and Technology,Cyber-Defence Campus,Thun,Switzerland","institution_ids":["https://openalex.org/I96415178"]},{"raw_affiliation_string":"Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5092503393","display_name":"Daniel Hulliger","orcid":null},"institutions":[{"id":"https://openalex.org/I96415178","display_name":"University of Defence","ror":"https://ror.org/04arkmn57","country_code":"CZ","type":"education","lineage":["https://openalex.org/I96415178"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Daniel Hulliger","raw_affiliation_strings":["armasuisse Science and Technology,Cyber-Defence Campus,Thun,Switzerland","Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland"],"affiliations":[{"raw_affiliation_string":"armasuisse Science and Technology,Cyber-Defence Campus,Thun,Switzerland","institution_ids":["https://openalex.org/I96415178"]},{"raw_affiliation_string":"Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland","institution_ids":[]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5048330561","display_name":"Vincent Lenders","orcid":"https://orcid.org/0000-0002-2289-3722"},"institutions":[{"id":"https://openalex.org/I96415178","display_name":"University of Defence","ror":"https://ror.org/04arkmn57","country_code":"CZ","type":"education","lineage":["https://openalex.org/I96415178"]}],"countries":["CZ"],"is_corresponding":false,"raw_author_name":"Vincent Lenders","raw_affiliation_strings":["armasuisse Science and Technology,Cyber-Defence Campus,Thun,Switzerland","Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland"],"affiliations":[{"raw_affiliation_string":"armasuisse Science and Technology,Cyber-Defence Campus,Thun,Switzerland","institution_ids":["https://openalex.org/I96415178"]},{"raw_affiliation_string":"Cyber-Defence Campus, armasuisse Science and Technology, Thun, Switzerland","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5092503392"],"corresponding_institution_ids":["https://openalex.org/I35440088"],"apc_list":null,"apc_paid":null,"fwci":0.787,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.73045906,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":91,"max":98},"biblio":{"volume":null,"issue":null,"first_page":"253","last_page":"271"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9947999715805054,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10917","display_name":"Smart Grid Security and Resilience","score":0.9939000010490417,"subfield":{"id":"https://openalex.org/subfields/2207","display_name":"Control and Systems Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7135924100875854},{"id":"https://openalex.org/keywords/command-and-control","display_name":"Command and control","score":0.5657858848571777},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.5098463892936707},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.46104902029037476},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.3753332197666168},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32009029388427734}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7135924100875854},{"id":"https://openalex.org/C506615639","wikidata":"https://www.wikidata.org/wiki/Q21662260","display_name":"Command and control","level":2,"score":0.5657858848571777},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.5098463892936707},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.46104902029037476},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3753332197666168},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32009029388427734},{"id":"https://openalex.org/C76155785","wikidata":"https://www.wikidata.org/wiki/Q418","display_name":"Telecommunications","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.23919/cycon58705.2023.10182001","is_oa":false,"landing_page_url":"https://doi.org/10.23919/cycon58705.2023.10182001","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 15th International Conference on Cyber Conflict: Meeting Reality (CyCon)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":20,"referenced_works":["https://openalex.org/W1981844530","https://openalex.org/W2033079303","https://openalex.org/W2082290707","https://openalex.org/W2099940443","https://openalex.org/W2767153057","https://openalex.org/W2784567728","https://openalex.org/W2905049115","https://openalex.org/W2905542721","https://openalex.org/W2913497771","https://openalex.org/W2958285686","https://openalex.org/W2961835015","https://openalex.org/W2980576170","https://openalex.org/W3045229347","https://openalex.org/W3082830450","https://openalex.org/W3093410479","https://openalex.org/W3096418565","https://openalex.org/W3108671495","https://openalex.org/W4283817686","https://openalex.org/W4294789904","https://openalex.org/W6843107276"],"related_works":["https://openalex.org/W2961085424","https://openalex.org/W4306674287","https://openalex.org/W3046775127","https://openalex.org/W4394896187","https://openalex.org/W3170094116","https://openalex.org/W4386462264","https://openalex.org/W3107602296","https://openalex.org/W4364306694","https://openalex.org/W4312192474","https://openalex.org/W4283697347"],"abstract_inverted_index":{"Identifying":[0],"compromised":[1,59],"hosts":[2,60],"from":[3,47,116],"network":[4,43,64,98,113,144],"traffic":[5,14,40],"traces":[6,114],"has":[7,52],"become":[8],"challenging":[9],"because":[10],"benign":[11],"and":[12,17,23,85,119,146],"malicious":[13,39],"is":[15],"encrypted,":[16],"both":[18],"use":[19],"the":[20,62,105,124],"same":[21,63],"protocols":[22],"ports.":[24],"Machine":[25],"learning-based":[26],"anomaly":[27],"detection":[28],"models":[29,56,91,139],"have":[30,77,87],"been":[31],"proposed":[32],"to":[33,78,94,96,135,142],"address":[34],"this":[35,101,109],"challenge":[36],"by":[37],"classifying":[38],"based":[41],"on":[42],"flow":[44],"features":[45],"learned":[46,90],"historical":[48],"patterns.":[49],"Previous":[50],"work":[51],"shown":[53],"that":[54,89],"such":[55],"successfully":[57],"identify":[58],"in":[61,66,82],"environment":[65],"which":[67],"they":[68],"were":[69],"trained.":[70],"However,":[71],"cyber":[72,128],"incident":[73],"response":[74],"teams":[75,120],"often":[76,92],"look":[79],"for":[80],"intrusions":[81],"foreign":[83],"networks,":[84],"we":[86,103],"found":[88],"fail":[93],"generalize":[95,140],"different":[97,117],"conditions.":[99],"In":[100],"paper,":[102],"analyse":[104],"root":[106],"cause":[107],"of":[108,121],"problem":[110],"using":[111],"five":[112],"collected":[115],"years":[118],"Locked":[122],"Shields,":[123],"world\u2019s":[125],"largest":[126],"live-fire":[127],"defence":[129],"exercise.":[130],"We":[131],"then":[132],"explore":[133],"techniques":[134],"make":[136],"machine":[137],"learning":[138],"better":[141],"unknown":[143],"environments":[145],"evaluate":[147],"their":[148],"accuracy.":[149]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":1},{"year":2024,"cited_by_count":2}],"updated_date":"2026-04-24T08:23:43.765630","created_date":"2025-10-10T00:00:00"}