{"id":"https://openalex.org/W3045985317","doi":"https://doi.org/10.3906/elk-1908-150","title":"ZEKI: unsupervised zero-day exploit kit intelligence","display_name":"ZEKI: unsupervised zero-day exploit kit intelligence","publication_year":2020,"publication_date":"2020-03-10","ids":{"openalex":"https://openalex.org/W3045985317","doi":"https://doi.org/10.3906/elk-1908-150","mag":"3045985317"},"language":"en","primary_location":{"id":"doi:10.3906/elk-1908-150","is_oa":false,"landing_page_url":"https://doi.org/10.3906/elk-1908-150","pdf_url":null,"source":{"id":"https://openalex.org/S32837994","display_name":"TURKISH JOURNAL OF ELECTRICAL ENGINEERING & COMPUTER SCIENCES","issn_l":"1300-0632","issn":["1300-0632","1303-6203"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318422","host_organization_name":"Scientific and Technological Research Council of Turkey (TUBITAK)","host_organization_lineage":["https://openalex.org/P4310318422"],"host_organization_lineage_names":["Scientific and Technological Research Council of Turkey (TUBITAK)"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"TURKISH JOURNAL OF ELECTRICAL ENGINEERING &amp; COMPUTER SCIENCES","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5004905221","display_name":"Emre S\u00fcren","orcid":"https://orcid.org/0000-0003-2356-8590"},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Emre SUREN","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":1,"corresponding_author_ids":["https://openalex.org/A5004905221"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.1524,"has_fulltext":false,"cited_by_count":1,"citation_normalized_percentile":{"value":0.42936596,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":94},"biblio":{"volume":"28","issue":"4","first_page":"1859","last_page":"1870"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.996399998664856,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9840999841690063,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":0.9354000091552734,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.906161904335022},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.8576894402503967},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8375404477119446},{"id":"https://openalex.org/keywords/cluster-analysis","display_name":"Cluster analysis","score":0.659462571144104},{"id":"https://openalex.org/keywords/payload","display_name":"Payload (computing)","score":0.5615158677101135},{"id":"https://openalex.org/keywords/malware-analysis","display_name":"Malware analysis","score":0.5537934899330139},{"id":"https://openalex.org/keywords/download","display_name":"Download","score":0.4561029076576233},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.42930835485458374},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.34593576192855835},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.27733612060546875},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.25409337878227234}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.906161904335022},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.8576894402503967},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8375404477119446},{"id":"https://openalex.org/C73555534","wikidata":"https://www.wikidata.org/wiki/Q622825","display_name":"Cluster analysis","level":2,"score":0.659462571144104},{"id":"https://openalex.org/C134066672","wikidata":"https://www.wikidata.org/wiki/Q1424639","display_name":"Payload (computing)","level":3,"score":0.5615158677101135},{"id":"https://openalex.org/C2779395397","wikidata":"https://www.wikidata.org/wiki/Q15731404","display_name":"Malware analysis","level":3,"score":0.5537934899330139},{"id":"https://openalex.org/C2780154274","wikidata":"https://www.wikidata.org/wiki/Q7126717","display_name":"Download","level":2,"score":0.4561029076576233},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.42930835485458374},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.34593576192855835},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.27733612060546875},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.25409337878227234},{"id":"https://openalex.org/C158379750","wikidata":"https://www.wikidata.org/wiki/Q214111","display_name":"Network packet","level":2,"score":0.0}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.3906/elk-1908-150","is_oa":false,"landing_page_url":"https://doi.org/10.3906/elk-1908-150","pdf_url":null,"source":{"id":"https://openalex.org/S32837994","display_name":"TURKISH JOURNAL OF ELECTRICAL ENGINEERING & COMPUTER SCIENCES","issn_l":"1300-0632","issn":["1300-0632","1303-6203"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310318422","host_organization_name":"Scientific and Technological Research Council of Turkey (TUBITAK)","host_organization_lineage":["https://openalex.org/P4310318422"],"host_organization_lineage_names":["Scientific and Technological Research Council of Turkey (TUBITAK)"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"TURKISH JOURNAL OF ELECTRICAL ENGINEERING &amp; COMPUTER SCIENCES","raw_type":"journal-article"},{"id":"pmh:oai:open.metu.edu.tr:11511/64284","is_oa":false,"landing_page_url":"https://hdl.handle.net/11511/64284","pdf_url":null,"source":{"id":"https://openalex.org/S4306402495","display_name":"OpenMETU (Middle East Technical University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I201799495","host_organization_name":"Middle East Technical University","host_organization_lineage":["https://openalex.org/I201799495"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":""}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W1966145327","https://openalex.org/W2768892939","https://openalex.org/W2469507153","https://openalex.org/W2008790809","https://openalex.org/W2134874482","https://openalex.org/W4285507391","https://openalex.org/W2397240470","https://openalex.org/W2602767565","https://openalex.org/W170652726","https://openalex.org/W2883822334"],"abstract_inverted_index":{"Over":[0],"the":[1,10,22,43,93,99,109,125,150,160,187,192,200,212],"last":[2],"few":[3],"years,":[4],"exploit":[5,33],"kits":[6],"(EKs)":[7],"have":[8],"become":[9],"de":[11],"facto":[12],"medium":[13],"for":[14,60,70,83],"large-scale":[15],"spread":[16],"of":[17,152,158],"malware.":[18,48],"Drive-by":[19],"download":[20,129],"is":[21,26,40,106,156],"leading":[23],"method":[24,165],"that":[25,64,112,155,176,197],"widely":[27],"used":[28],"by":[29,91,133],"EK":[30,51,162,195],"flavors":[31,196],"to":[32,41,128,138,207],"web-based":[34],"client-side":[35],"vulnerabilities.":[36],"Their":[37],"principal":[38],"goal":[39],"infect":[42,114],"victim's":[44],"system":[45,154,204],"with":[46,169,191,211],"a":[47,80,118,130,153,170],"In":[49,75],"addition,":[50],"families":[52],"evolve":[53],"quickly,":[54],"where":[55,122],"they":[56],"port":[57],"zero-day":[58],"exploits":[59],"brand":[61],"new":[62],"vulnerabilities":[63],"were":[65],"never":[66],"seen":[67],"before":[68],"and":[69,172],"which":[71],"no":[72],"patch":[73],"exists.":[74],"this":[76],"paper,":[77],"we":[78],"propose":[79],"novel":[81],"approach":[82,105],"categorizing":[84],"malware":[85],"infection":[86,181],"incidents":[87,188],"conducted":[88],"through":[89],"EKs":[90,113,123],"leveraging":[92],"inherent":[94],"\"overall":[95],"URL":[96],"patterns\"":[97],"in":[98,147],"HTTP":[100,136],"traffic":[101],"chain.":[102],"The":[103,164,203],"proposed":[104],"based":[107],"on":[108],"key":[110],"finding":[111],"victim":[115],"systems":[116],"using":[117],"specially":[119],"designed":[120],"chain,":[121],"lead":[124],"web":[126],"browser":[127],"malicious":[131,142],"payload":[132],"issuing":[134],"several":[135],"requests":[137],"more":[139],"than":[140],"one":[141],"domain":[143],"addresses.":[144],"This":[145],"practice":[146],"use":[148],"enables":[149],"development":[151],"capable":[157],"clustering":[159,209],"responsible":[161],"instances.":[163],"has":[166],"been":[167],"evaluated":[168],"popular":[171],"publicly":[173],"available":[174],"dataset":[175],"contains":[177],"240":[178],"different":[179],"real-world":[180],"cases":[182],"involving":[183],"over":[184],"2250":[185],"URLs,":[186],"being":[189],"linked":[190],"4":[193],"major":[194],"occurred":[198],"throughout":[199],"year":[201],"2016.":[202],"achieves":[205],"up":[206],"93.7%":[208],"accuracy":[210],"estimators":[213],"experimented.":[214]},"counts_by_year":[{"year":2022,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}