{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,3]],"date-time":"2026-04-03T15:46:06Z","timestamp":1775231166404,"version":"3.50.1"},"reference-count":90,"publisher":"Springer Science and Business Media LLC","issue":"7","license":[{"start":{"date-parts":[[2015,12,12]],"date-time":"2015-12-12T00:00:00Z","timestamp":1449878400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput &amp; Applic"],"published-print":{"date-parts":[[2017,7]]},"DOI":"10.1007\/s00521-015-2128-0","type":"journal-article","created":{"date-parts":[[2015,12,12]],"date-time":"2015-12-12T05:34:00Z","timestamp":1449898440000},"page":"1541-1558","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":93,"title":["A survey of botnet detection based on DNS"],"prefix":"10.1007","volume":"28","author":[{"given":"Kamal","family":"Alieyan","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ammar","family":"ALmomani","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmad","family":"Manasrah","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mohammed M.","family":"Kadhum","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"key":"2128_CR1","doi-asserted-by":"crossref","unstructured":"Stevanovic M, Revsbech K, Pedersen JM, Sharp R, Jensen CD (2012) A collaborative approach to botnet protection. In: Quirchmayr G, Basl J, You I, Xu L, Weippl E (eds) International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES 2012), pp 624\u2013638 \u00a0","DOI":"10.1007\/978-3-642-32498-7_47"},{"key":"2128_CR2","unstructured":"Stevanovic M, Pedersen JM (2013) Machine learning for identifying botnet network traffic, Technical report, Aalborg University \u00a0"},{"key":"2128_CR3","doi-asserted-by":"crossref","unstructured":"Alomari E, Manickam S, Gupta B, Karuppayah S, Alfaris R (2012) Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art. arXiv preprint arXiv:12080403","DOI":"10.5120\/7640-0724"},{"issue":"3","key":"2128_CR4","doi-asserted-by":"crossref","first-page":"502","DOI":"10.1016\/j.comcom.2010.04.007","volume":"34","author":"W Lu","year":"2011","unstructured":"Lu W, Rammidi G, Ghorbani AA (2011) Clustering botnet communication traffic based on n-gram feature selection. Comput Commun 34(3):502\u2013514","journal-title":"Comput Commun"},{"key":"2128_CR5","unstructured":"McAfee. (2015) McAfee labs threats report. Accessed 18 May 2015. http:\/\/www.mcafee.com\/us\/resources\/reports\/rp-quarterly-threat-q4-2014.pdf"},{"key":"2128_CR6","doi-asserted-by":"crossref","unstructured":"Karim A, Salleh RB, Shiraz M, Shah SAA, Awan I, Anuar NB (2014) Botnet detection techniques: review, future trends, and issues. J Zhejiang Univ Sci C 15(11):943\u2013983","DOI":"10.1631\/jzus.C1300242"},{"key":"2128_CR7","unstructured":"Yukonhiatou C, Kittitornkun S, Kikuchi H, Sisaat K, Terada M, Ishii H (2014) Temporal behaviors of Top-10 malware download in 2010\u20132012. In: 2014 International on electrical engineering congress (iEECON). IEEE, pp 1\u20134"},{"key":"2128_CR8","doi-asserted-by":"crossref","unstructured":"Tiirmaa-Klaar H, Gassen J, Gerhards-Padilla E, Martini P (2013) Botnets: how to fight the ever-growing threat on a technical level. In: Tiirmaa-Klaar H et al. (eds) Botnets. Springer, London, pp 41\u201397","DOI":"10.1007\/978-1-4471-5216-3_2"},{"key":"2128_CR9","unstructured":"Harris KD, General A, Lookout A (2014) Cybersecurity in the Golden State. http:\/\/napi.net-flow.com\/sananselmochamber.org\/documents\/CybersecurityReport.pdf"},{"key":"2128_CR10","unstructured":"Botnets101- (2013) What they are and how to avoid them. http:\/\/www.fbi.gov\/news\/news_blog\/botnets-101\/"},{"key":"2128_CR11","unstructured":"Emre Y (2011) A literature survey about recent botnet trends. http:\/\/geant3.archive.geant.net\/Media_Centre\/Media_Library\/Media%20Library\/botnet_trends_M2.pdf"},{"key":"2128_CR12","doi-asserted-by":"crossref","unstructured":"Tiirmaa-Klaar H, Gassen J, Gerhards-Padilla E, Martini P (2013) Botnets, cybercrime and national security. In: Botnets, SpringerBriefs in Cybersecurity. Springer, London, pp 1\u201340","DOI":"10.1007\/978-1-4471-5216-3_1"},{"key":"2128_CR13","doi-asserted-by":"crossref","unstructured":"Shan G, Wang Y, Xie M, Lv H, Chi X (2014) Visual detection of anomalies in DNS query log data. In: 2014 IEEE Pacific visualization symposium (PacificVis). IEEE, pp 258\u2013261","DOI":"10.1109\/PacificVis.2014.23"},{"issue":"1","key":"2128_CR14","first-page":"51","volume":"7","author":"N Davuth","year":"2013","unstructured":"Davuth N, Kim S-R (2013) Classification of malicious domain names using support vector machine and Bi-gram method. Int J Secur Its Appl 7(1):51\u201358","journal-title":"Int J Secur Its Appl"},{"key":"2128_CR15","doi-asserted-by":"crossref","unstructured":"He Y, Zhong Z, Krasser S, Tang Y (2010) Mining DNS for malicious domain registrations. In: 2010 6th International conference on collaborative computing: networking, applications and worksharing (CollaborateCom). IEEE, pp 1\u20136","DOI":"10.4108\/icst.collaboratecom.2010.5"},{"key":"2128_CR16","unstructured":"Manasrah AM, Hasan A, Abouabdalla OA, Ramadass S (2009) Detecting botnet activities based on abnormal DNS traffic. arXiv preprint arXiv:09110487"},{"issue":"4","key":"2128_CR17","doi-asserted-by":"crossref","first-page":"45","DOI":"10.1145\/2501654.2501659","volume":"45","author":"RA Rodr\u00edguez-G\u00f3mez","year":"2013","unstructured":"Rodr\u00edguez-G\u00f3mez RA, Maci\u00e1-Fern\u00e1ndez G, Garc\u00eda-Teodoro P (2013) Survey and taxonomy of botnet research through life-cycle. ACM Comput Surv (CSUR) 45(4):45","journal-title":"ACM Comput Surv (CSUR)"},{"key":"2128_CR18","doi-asserted-by":"crossref","unstructured":"Choi H, Lee H, Lee H, Kim H (2007) Botnet detection by monitoring group activities in DNS traffic. In: 7th IEEE international conference on computer and information technology, 2007 (CIT 2007). IEEE, pp 715\u2013720","DOI":"10.1109\/CIT.2007.90"},{"issue":"4","key":"2128_CR19","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1145\/2584679","volume":"16","author":"L Bilge","year":"2014","unstructured":"Bilge L, Sen S, Balzarotti D, Kirda E, Kruegel C (2014) EXPOSURE: a passive DNS analysis service to detect and report malicious domains. ACM Trans Inf Syst Secur (TISSEC) 16(4):14","journal-title":"ACM Trans Inf Syst Secur (TISSEC)"},{"key":"2128_CR20","unstructured":"Bilge L, Kirda E, Kruegel C, Balduzzi M (2011) EXPOSURE: finding malicious domains using passive DNS analysis. In: NDSS"},{"key":"2128_CR21","doi-asserted-by":"crossref","unstructured":"ALmomani A, Gupta B, Wan T-C, Altaher A, Manickam S (2013) Phishing dynamic evolving neural fuzzy framework for online detection zero-day phishing email. arXiv preprint arXiv:13020629","DOI":"10.17485\/ijst\/2013\/v6i1.18"},{"key":"2128_CR22","doi-asserted-by":"crossref","unstructured":"Al-Mo AAD, Wan T-C, Al-Saedi K, Altaher A, Ramadass S, Manasrah A, Melhiml LB, Anbar M (2011) An online model on evolving phishing e-mail detection and classification method. J Appl Sci 11(18):3301\u20133307","DOI":"10.3923\/jas.2011.3301.3307"},{"key":"2128_CR23","doi-asserted-by":"crossref","unstructured":"Kirubavathi G, Anitha R (2014) Botnets: a study and analysis. In: Krishnan GSS, Anitha R, Lekshmi RS, Senthil Kumar M, Bonato A, Gra\u00f1a M (eds) Computational intelligence, cyber security and computational models. Springer, India, pp 203\u2013214","DOI":"10.1007\/978-81-322-1680-3_23"},{"key":"2128_CR24","doi-asserted-by":"crossref","unstructured":"Zeidanloo HR, Shooshtari MJZ, Amoli PV, Safari M, Zamani M (2010) A taxonomy of botnet detection techniques. In: 2010 3rd IEEE international conference on computer science and information technology (ICCSIT). IEEE, pp 158\u2013162","DOI":"10.1109\/ICCSIT.2010.5563555"},{"key":"2128_CR25","doi-asserted-by":"crossref","unstructured":"Abu Rajab M, Zarfoss J, Monrose F, Terzis A (2006) A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement. ACM, pp 41\u201352","DOI":"10.1145\/1177080.1177086"},{"issue":"2","key":"2128_CR26","first-page":"208","volume":"10","author":"RS Abdullah","year":"2013","unstructured":"Abdullah RS, Abdollah MF, Noh ZAM, Mas\u2019ud MZ, Selamat SR, Yusof R, Melaka UTM (2013) Revealing the criterion on botnet detection technique. IJCSI Int J Comput Sci Issues 10(2):208\u2013215","journal-title":"IJCSI Int J Comput Sci Issues"},{"key":"2128_CR27","doi-asserted-by":"crossref","unstructured":"Liu L, Chen S, Yan G, Zhang Z (2008) Bottracer: execution-based bot-like malware detection. In: Wu T-C, Lei C-L, Rijmen V, Lee D-T (eds) Information security. Springer, Berlin, Heidelberg, pp 97\u2013113","DOI":"10.1007\/978-3-540-85886-7_7"},{"key":"2128_CR28","doi-asserted-by":"crossref","unstructured":"Feily M, Shahrestani A, Ramadass S (2009) A survey of botnet and botnet detection. In: Third international conference on emerging security information, systems and technologies, 2009 (SECURWARE\u201909). IEEE, pp 268\u2013273","DOI":"10.1109\/SECURWARE.2009.48"},{"key":"2128_CR29","unstructured":"Jing L, Yang X, Kaveh G, Hongmei D, Jingyuan Z (2009) Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP journal on wireless communications and networking, IEEE Computer Society, Vol. 2009, pp 1184\u20131187"},{"key":"2128_CR30","doi-asserted-by":"crossref","unstructured":"Khattak S, Ramay NR, Khan KR, Syed A, Khayam SA (2014) A taxonomy of botnet behavior, detection, and defense. In: Hossain E (ed) Communications surveys and tutorials, 16(2). IEEE, pp 898\u2013924","DOI":"10.1109\/SURV.2013.091213.00134"},{"issue":"2","key":"2128_CR31","doi-asserted-by":"crossref","first-page":"378","DOI":"10.1016\/j.comnet.2012.07.021","volume":"57","author":"SS Silva","year":"2013","unstructured":"Silva SS, Silva RM, Pinto RC, Salles RM (2013) Botnets: a survey. Comput Netw 57(2):378\u2013403","journal-title":"Comput Netw"},{"key":"2128_CR32","unstructured":"Weimer F (2005) Passive DNS replication. In: FIRST conference on computer security incident, p 98"},{"key":"2128_CR33","doi-asserted-by":"crossref","unstructured":"Zdrnja B, Brownlee N, Wessels D (2007) Passive monitoring of DNS anomalies. In: Sommer R, Hammerli B (eds) Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, Heidelberg, pp 129\u2013139","DOI":"10.1007\/978-3-540-73614-1_8"},{"key":"2128_CR34","doi-asserted-by":"crossref","unstructured":"Janbeglou M, Naderi H, Brownlee N (2014) Effectiveness of DNS-based security approaches in large-scale networks. In: 2014 28th International conference on advanced information networking and applications workshops (WAINA). IEEE, pp 524\u2013529","DOI":"10.1109\/WAINA.2014.87"},{"key":"2128_CR35","unstructured":"Dagon D, Zou CC, Lee W (2006) Modeling botnet propagation using time zones. In: NDSS, pp 2\u201313"},{"key":"2128_CR36","doi-asserted-by":"crossref","unstructured":"Oberheide J, Karir M, Mao ZM (2007) Characterizing dark DNS behavior. In: H\u00e4mmerli BM, Sommer R (eds) Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, Heidelberg, pp 140\u2013156","DOI":"10.1007\/978-3-540-73614-1_9"},{"key":"2128_CR37","doi-asserted-by":"crossref","unstructured":"Li Z, Goyal A, Chen Y, Paxson V (2009) Automating analysis of large-scale botnet probing events. In: Proceedings of the 4th international symposium on information, computer, and communications security. ACM, pp 11\u201322","DOI":"10.1145\/1533057.1533063"},{"key":"2128_CR38","doi-asserted-by":"crossref","unstructured":"Rieck K, Schwenk G, Limmer T, Holz T, Laskov P (2010) Botzilla: detecting the phoning home of malicious software. In: Proceedings of the 2010 ACM symposium on applied computing. ACM, pp 1978\u20131984","DOI":"10.1145\/1774088.1774506"},{"issue":"5","key":"2128_CR39","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1016\/j.future.2010.06.004","volume":"27","author":"V-H Pham","year":"2011","unstructured":"Pham V-H, Dacier M (2011) Honeypot trace forensics: the observation viewpoint matters. Future Gen Comput Syst 27(5):539\u2013546","journal-title":"Future Gen Comput Syst"},{"key":"2128_CR40","unstructured":"Aiello M, Mongelli M, Papaleo G (2014) DNS tunneling detection through statistical fingerprints of protocol messages and machine learning. Int J Commun Syst 28(14):1987\u20132002"},{"key":"2128_CR41","doi-asserted-by":"crossref","unstructured":"Aiello M, Mongelli M, Papaleo G (2014) Supervised learning approaches with majority voting for DNS tunneling detection. In: International joint conference SOCO\u201914\u2013CISIS\u201914\u2013ICEUTE\u201914. Springer, Berlin, pp 463\u2013472","DOI":"10.1007\/978-3-319-07995-0_46"},{"key":"2128_CR42","doi-asserted-by":"crossref","unstructured":"Panimalar P, Rameshkumar K (2014) A review on taxonomy of botnet detection. In: 2014 International conference on advances in engineering and technology (ICAET). IEEE, pp 1\u20134","DOI":"10.1109\/ICAET.2014.7105225"},{"key":"2128_CR43","doi-asserted-by":"crossref","unstructured":"Li C, Jiang W, Zou X (2009) Botnet: survey and case study. In: 2009 Fourth International Conference on Innovative computing, information and control (ICICIC). IEEE, pp 1184\u20131187","DOI":"10.1109\/ICICIC.2009.127"},{"issue":"1","key":"2128_CR44","first-page":"23","volume":"4","author":"J Vania","year":"2013","unstructured":"Vania J, Meniya A, Jethva H (2013) A review on botnet and detection technique. Int J Comput Trends Technol 4(1):23\u201329","journal-title":"Int J Comput Trends Technol"},{"key":"2128_CR45","unstructured":"Gu G, Porras PA, Yegneswaran V, Fong MW, Lee W (2007) BotHunter: detecting malware infection through IDS-driven dialog correlation. In: Usenix security, pp 1\u201316"},{"key":"2128_CR46","unstructured":"Nechaev B, Gurtov A (2013) Classification of botnet detection techniques. Helsinki Institute for Information Technology HIIT"},{"key":"2128_CR47","unstructured":"SNORT. www.snort.org"},{"key":"2128_CR48","unstructured":"Ramachandran A, Feamster N, Dagon D (2006) Revealing botnet membership using DNSBL counter-intelligence. In: Proceedings of the 2nd USENIX steps to reducing unwanted traffic on the Internet, pp 49\u201354"},{"key":"2128_CR49","doi-asserted-by":"crossref","unstructured":"Oro D, Luna J, Felguera T, Vilanova M, Serna J (2010) Benchmarking IP blacklists for financial botnet detection. In: 2010 Sixth international conference on information assurance and security (IAS). IEEE, pp 62\u201367","DOI":"10.1109\/ISIAS.2010.5604040"},{"key":"2128_CR50","doi-asserted-by":"publisher","unstructured":"Sinha S, Bailey M, Jahanian F (2008) Shades of grey: on the effectiveness of reputation-based \u201cblacklists\u201d. In: 3rd International conference on malicious and unwanted software, 2008 (MALWARE 2008), pp 57\u201364. doi: 10.1109\/MALWARE.2008.4690858","DOI":"10.1109\/MALWARE.2008.4690858"},{"key":"2128_CR51","unstructured":"Antonakakis M, Perdisci R, Dagon D, Lee W, Feamster N (2010) Building a dynamic reputation system for DNS. In: USENIX security symposium, pp 273\u2013290"},{"key":"2128_CR52","doi-asserted-by":"crossref","unstructured":"Kheir N, Tran F, Caron P, Deschamps N (2014) Mentor: positive DNS reputation to skim-off benign domains in botnet C&C blacklists. In: Cuppens-Boulahia N, Cuppens F, Jajodia S, El Kalam AA, Sans T (eds) ICT systems security and privacy protection. Springer, Berlin, Heidelberg, pp 1\u201314","DOI":"10.1007\/978-3-642-55415-5_1"},{"key":"2128_CR53","doi-asserted-by":"crossref","unstructured":"Yadav S, Reddy AKK, Reddy A, Ranjan S (2010) Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement. ACM, pp 48\u201361","DOI":"10.1145\/1879141.1879148"},{"key":"2128_CR54","doi-asserted-by":"crossref","unstructured":"Stinson E, Mitchell JC (2007) Characterizing bots\u2019 remote control behavior. In: H\u00e4mmerli BM, Sommer R (eds) Detection of intrusions and malware, and vulnerability assessment. Springer, Berlin, Heidelberg, pp 89\u2013108","DOI":"10.1007\/978-3-540-73614-1_6"},{"key":"2128_CR55","doi-asserted-by":"crossref","unstructured":"Shin S, Xu Z, Gu G (2012) EFFORT: efficient and effective bot malware detection. In: 2012 Proceedings IEEE INFOCOM. IEEE, pp 2846\u20132850","DOI":"10.1109\/INFCOM.2012.6195713"},{"key":"2128_CR56","doi-asserted-by":"crossref","unstructured":"Rahim A, Bin Muhaya FT (2010) Discovering the botnet detection techniques. In: Kim T-H, Fang W-C, Khurram Khan M, Arnett KP, Kang H-J, \u015al\u0119zak D (eds) Security technology, disaster recovery and business continuity. Springer, Berlin, Heidelberg, pp 231\u2013235","DOI":"10.1007\/978-3-642-17610-4_26"},{"key":"2128_CR57","doi-asserted-by":"publisher","unstructured":"Raghava NS, Sahgal D, Chandna S (2012) Classification of botnet detection based on botnet architecture. In: 2012 International conference on communication systems and network technologies (CSNT), pp 569\u2013572. doi: 10.1109\/csnt.2012.128","DOI":"10.1109\/csnt.2012.128"},{"key":"2128_CR58","doi-asserted-by":"crossref","unstructured":"Gu G, Yegneswaran V, Porras P, Stoll J, Lee W (2009) Active botnet probing to identify obscure command and control channels. In: Annual computer security applications conference, 2009 (ACSAC\u201909). IEEE, pp 241\u2013253","DOI":"10.1109\/ACSAC.2009.30"},{"key":"2128_CR59","doi-asserted-by":"crossref","unstructured":"Strayer WT, Lapsely D, Walsh R, Livadas C (2008) Botnet detection based on network behavior. In: Lee W, Wang C, Dagon D (eds) Botnet detection. Springer, USA, pp 1\u201324","DOI":"10.1007\/978-0-387-68768-1_1"},{"key":"2128_CR60","doi-asserted-by":"crossref","first-page":"72","DOI":"10.1016\/j.jnca.2014.09.016","volume":"47","author":"X Ma","year":"2015","unstructured":"Ma X, Zhang J, Li Z, Li J, Tao J, Guan X, Lui JC, Towsley D (2015) Accurate DNS query characteristics estimation via active probing. J Netw Comput Appl 47:72\u201384","journal-title":"J Netw Comput Appl"},{"key":"2128_CR61","doi-asserted-by":"crossref","unstructured":"Ma J, Saul LK, Savage S, Voelker GM (2009) Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD international conference on knowledge discovery and data mining. ACM, pp 1245\u20131254","DOI":"10.1145\/1557019.1557153"},{"key":"2128_CR62","unstructured":"Holz T, Gorecki C, Rieck K, Freiling FC (2008) Measuring and detecting fast-flux service networks. In: NDSS"},{"key":"2128_CR63","doi-asserted-by":"crossref","unstructured":"Villamar\u00edn-Salom\u00f3n R, Brustoloni JC (2008) Identifying botnets using anomaly detection techniques applied to DNS traffic. In: 5th IEEE consumer communications and networking conference, 2008 (CCNC 2008). IEEE, pp 476\u2013481","DOI":"10.1109\/ccnc08.2007.112"},{"key":"2128_CR64","doi-asserted-by":"crossref","unstructured":"Cranor CD, Gansner E, Krishnamurthy B, Spatscheck O (2001) Characterizing large DNS traces using graphs. In: Proceedings of the 1st ACM SIGCOMM workshop on internet measurement. ACM, pp 55\u201367","DOI":"10.1145\/505202.505210"},{"key":"2128_CR65","doi-asserted-by":"crossref","unstructured":"Wills CE, Mikhailov M, Shang H (2003) Inferring relative popularity of internet applications by actively querying DNS caches. In: Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement. ACM, pp 78\u201390","DOI":"10.1145\/948205.948216"},{"key":"2128_CR66","unstructured":"Gardiner J, Cova M, Nagaraja S (2014) Command & control: understanding, denying and detecting. arXiv preprint arXiv:14081136"},{"key":"2128_CR67","doi-asserted-by":"crossref","first-page":"852","DOI":"10.1016\/j.procs.2013.05.109","volume":"17","author":"C Qi","year":"2013","unstructured":"Qi C, Chen X, Xu C, Shi J, Liu P (2013) A bigram based real time DNS tunnel detection approach. Procedia Comput Sci 17:852\u2013860","journal-title":"Procedia Comput Sci"},{"key":"2128_CR68","doi-asserted-by":"crossref","unstructured":"Kang BBH (2011) DNS-based botnet detection. In: Encyclopedia of cryptography and security. Springer, USA, pp 362\u2013363","DOI":"10.1007\/978-1-4419-5906-5_845"},{"key":"2128_CR69","doi-asserted-by":"crossref","unstructured":"Marko P, Vilhan P (2012) Efficient detection of malicious nodes based on DNS and statistical methods. In: 2012 IEEE 10th international symposium on applied machine intelligence and informatics (SAMI). IEEE, pp 227\u2013230","DOI":"10.1109\/SAMI.2012.6208963"},{"key":"2128_CR70","unstructured":"Hu X, Knysz M, Shin KG (2009) RB-Seeker: auto-detection of redirection botnets. In: NDSS"},{"issue":"1","key":"2128_CR71","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1016\/j.comnet.2011.07.018","volume":"56","author":"H Choi","year":"2012","unstructured":"Choi H, Lee H (2012) Identifying botnets by capturing group activities in DNS traffic. Comput Netw 56(1):20\u201333","journal-title":"Comput Netw"},{"key":"2128_CR72","doi-asserted-by":"publisher","unstructured":"Sanchez F, Duan Z, Dong Y (2012) Blocking spam by separating end\u2010user machines from legitimate mail server machines. Secur Commun Netw. doi: 10.1002\/sec.587","DOI":"10.1002\/sec.587"},{"key":"2128_CR73","unstructured":"Antonakakis M, Perdisci R, Lee W, Vasiloglou N II, Dagon D (2011) Detecting malware domains at the upper DNS hierarchy. In: USENIX security symposium, p 16"},{"key":"2128_CR74","doi-asserted-by":"crossref","unstructured":"Jiang N, Cao J, Jin Y, Li L, Zhang Z-L (2010) Identifying suspicious activities through DNS failure graph analysis. In: 2010 18th IEEE international conference on network protocols (ICNP). IEEE, pp 144\u2013153","DOI":"10.1109\/ICNP.2010.5762763"},{"key":"2128_CR75","doi-asserted-by":"crossref","unstructured":"Perdisci R, Corona I, Dagon D, Lee W (2009) Detecting malicious flux service networks through passive analysis of recursive DNS traces. In: Annual computer security applications conference, 2009 (ACSAC\u201909). IEEE, pp 311\u2013320","DOI":"10.1109\/ACSAC.2009.36"},{"issue":"3","key":"2128_CR76","doi-asserted-by":"crossref","first-page":"264","DOI":"10.1145\/331499.331504","volume":"31","author":"AK Jain","year":"1999","unstructured":"Jain AK, Murty MN, Flynn PJ (1999) Data clustering: a review. ACM Comput Surv (CSUR) 31(3):264\u2013323","journal-title":"ACM Comput Surv (CSUR)"},{"key":"2128_CR77","doi-asserted-by":"crossref","unstructured":"Choi H, Lee H, Kim H (2009) BotGAD: detecting botnets by capturing group activities in network traffic. In: Proceedings of the fourth international ICST conference on COMmunication system softWAre and middlewaRE. ACM, p 2","DOI":"10.1145\/1621890.1621893"},{"key":"2128_CR78","doi-asserted-by":"crossref","unstructured":"Huang S-Y, Mao C-H, Lee H-M (2010) Fast-flux service network detection based on spatial snapshot mechanism for delay-free detection. In: Proceedings of the 5th ACM symposium on information, computer and communications security. ACM, pp 101\u2013111","DOI":"10.1145\/1755688.1755702"},{"issue":"2","key":"2128_CR79","doi-asserted-by":"crossref","first-page":"501","DOI":"10.1016\/j.comnet.2012.07.017","volume":"57","author":"H-T Lin","year":"2013","unstructured":"Lin H-T, Lin Y-Y, Chiang J-W (2013) Genetic-based real-time fast-flux service networks detection. Comput Netw 57(2):501\u2013513","journal-title":"Comput Netw"},{"key":"2128_CR80","doi-asserted-by":"crossref","unstructured":"Yadav S, Reddy AN (2012) Winning with DNS failures: strategies for faster botnet detection. In: Rajarajan M, Piper F, Wang H, Kesidis G (eds) Security and privacy in communication networks. Springer, Berlin, Heidelberg, pp 446\u2013459","DOI":"10.1007\/978-3-642-31909-9_26"},{"key":"2128_CR81","doi-asserted-by":"crossref","first-page":"15","DOI":"10.1016\/j.diin.2014.11.001","volume":"12","author":"R Sharifnya","year":"2015","unstructured":"Sharifnya R, Abadi M (2015) DFBotKiller: domain-flux botnet detection based on the history of group activities and failures in DNS traffic. Digit Investig 12:15\u201326","journal-title":"Digit Investig"},{"key":"2128_CR82","doi-asserted-by":"crossref","unstructured":"Zhang Y, Zhang Y, Xiao J (2014) Detecting the DGA-based malicious domain names. In: Yuan Y, Wu X, Lu Y (eds) Trustworthy computing and services. Springer, Berlin, Heidelberg, pp 130\u2013137","DOI":"10.1007\/978-3-662-43908-1_17"},{"key":"2128_CR83","doi-asserted-by":"crossref","unstructured":"Manadhata PK, Yadav S, Rao P, Horne W (2014) Detecting malicious domains via graph inference. In: Kuty\u0142owski M, Vaidya J (eds) Computer security-ESORICS 2014. Springer International Publishing, pp 1\u201318","DOI":"10.1145\/2666652.2666659"},{"key":"2128_CR84","unstructured":"Schiavoni S (2013) Finding, characterizing and tracking domain generation algorithms from passive DNS monitoring. http:\/\/hdl.handle.net\/10589\/78505"},{"key":"2128_CR85","doi-asserted-by":"crossref","unstructured":"Stalmans E, Irwin B (2011) A framework for DNS based detection and mitigation of malware infections on a network. In: 2011 Information security South Africa (ISSA). IEEE, pp 1\u20138","DOI":"10.1109\/ISSA.2011.6027531"},{"key":"2128_CR86","doi-asserted-by":"crossref","unstructured":"Nogueira A, Salvador P, Blessa F (2010) A botnet detection system based on neural networks. In: 2010 Fifth international conference on digital telecommunications (ICDT). IEEE, pp 57\u201362","DOI":"10.1109\/ICDT.2010.19"},{"issue":"15","key":"2128_CR87","doi-asserted-by":"crossref","first-page":"3275","DOI":"10.1016\/j.comnet.2011.05.026","volume":"55","author":"K Wang","year":"2011","unstructured":"Wang K, Huang C-Y, Lin S-J, Lin Y-D (2011) A fuzzy pattern-based filtering algorithm for botnet detection. Comput Netw 55(15):3275\u20133286","journal-title":"Comput Netw"},{"issue":"11","key":"2128_CR88","doi-asserted-by":"crossref","first-page":"1849","DOI":"10.1002\/sec.898","volume":"7","author":"K Wang","year":"2014","unstructured":"Wang K, Huang CY, Tsai LY, Lin YD (2014) Behavior-based botnet detection in parallel. Secur Commun Netw 7(11):1849\u20131859","journal-title":"Secur Commun Netw"},{"key":"2128_CR89","doi-asserted-by":"crossref","unstructured":"Eslahi M, Salleh R, Anuar NB (2012) Bots and botnets: an overview of characteristics, detection and challenges. In: 2012 IEEE international conference on control system, computing and engineering (ICCSCE). IEEE, pp 349\u2013354","DOI":"10.1109\/ICCSCE.2012.6487169"},{"issue":"6","key":"2128_CR90","doi-asserted-by":"crossref","first-page":"353","DOI":"10.1016\/j.cose.2011.05.008","volume":"30","author":"JJ Davis","year":"2011","unstructured":"Davis JJ, Clark AJ (2011) Data preprocessing for anomaly based network intrusion detection: a review. Comput Secur 30(6):353\u2013375","journal-title":"Comput Secur"}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-015-2128-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00521-015-2128-0\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-015-2128-0","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-015-2128-0.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,9,12]],"date-time":"2020-09-12T14:53:29Z","timestamp":1599922409000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00521-015-2128-0"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,12,12]]},"references-count":90,"journal-issue":{"issue":"7","published-print":{"date-parts":[[2017,7]]}},"alternative-id":["2128"],"URL":"https:\/\/doi.org\/10.1007\/s00521-015-2128-0","relation":{},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,12,12]]}}}