{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T17:48:14Z","timestamp":1768412894703,"version":"3.49.0"},"reference-count":62,"publisher":"Springer Science and Business Media LLC","issue":"11","license":[{"start":{"date-parts":[[2016,10,3]],"date-time":"2016-10-03T00:00:00Z","timestamp":1475452800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Neural Comput & Applic"],"published-print":{"date-parts":[[2018,6]]},"DOI":"10.1007\/s00521-016-2564-5","type":"journal-article","created":{"date-parts":[[2016,10,3]],"date-time":"2016-10-03T09:53:59Z","timestamp":1475488439000},"page":"991-1004","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":86,"title":["A P2P Botnet detection scheme based on decision tree and adaptive multilayer neural networks"],"prefix":"10.1007","volume":"29","author":[{"given":"Mohammad","family":"Alauthaman","sequence":"first","affiliation":[]},{"given":"Nauman","family":"Aslam","sequence":"additional","affiliation":[]},{"given":"Li","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Rafe","family":"Alasem","sequence":"additional","affiliation":[]},{"given":"M. A.","family":"Hossain","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2016,10,3]]},"reference":[{"issue":"2","key":"2564_CR1","doi-asserted-by":"crossref","first-page":"378","DOI":"10.1016\/j.comnet.2012.07.021","volume":"57","author":"SRSC Silva","year":"2013","unstructured":"Silva SRSC, Silva RMP, Pinto RCG, Salles RM (2013) Botnets: a survey. Comput Netw 57(2):378\u2013403","journal-title":"Comput Netw"},{"key":"2564_CR2","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1145\/2501654.2501659","volume":"45","author":"RA Rodr\u00edguez-G\u00f3mez","year":"2013","unstructured":"Rodr\u00edguez-G\u00f3mez RA, Maci\u00e1-Fern\u00e1ndez G, Garc\u00eda-Teodoro P (2013) Survey and taxonomy of botnet research through life-cycle. ACM Comput Surv 45:1\u201333","journal-title":"ACM Comput Surv"},{"key":"2564_CR3","doi-asserted-by":"crossref","first-page":"502","DOI":"10.1016\/j.comcom.2010.04.007","volume":"34","author":"W Lu","year":"2011","unstructured":"Lu W, Rammidi G, Ghorbani AA (2011) Clustering botnet communication traffic based on n-gram feature selection. Comput Commun 34:502\u2013514","journal-title":"Comput Commun"},{"key":"2564_CR4","doi-asserted-by":"crossref","unstructured":"Zeidanloo HR, Manaf AB, Vahdani P, Tabatabaei F, Zamani M (2010) Botnet detection based on traffic monitoring. Presented at the international conference on networking and information technology (ICNIT), Manila","DOI":"10.1109\/ICNIT.2010.5508552"},{"key":"2564_CR5","unstructured":"Han K-S, Im E (2012) A survey on P2P Botnet detection. In: Kim KJ, Ahn SJ (eds) Proceedings of the international conference on IT convergence and security 2011, vol 120. Springer, The Netherlands, pp 589\u2013593"},{"key":"2564_CR6","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1007\/978-3-540-73614-1_2","volume-title":"Detection of intrusions and malware, and vulnerability assessment","author":"C Ludl","year":"2007","unstructured":"Ludl C, McAllister S, Kirda E, Kruegel C (2007) On the effectiveness of techniques to detect phishing sites. In: H\u00e4mmerli B, Sommer R (eds) Detection of intrusions and malware, and vulnerability assessment, vol 4579. Springer, Berlin, pp 20\u201339"},{"key":"2564_CR7","doi-asserted-by":"crossref","first-page":"93","DOI":"10.1007\/978-3-642-34129-8_9","volume-title":"Information and communications security","author":"J Felix","year":"2012","unstructured":"Felix J, Joseph C, Ghorbani A (2012) Group behavior metrics for P2P Botnet detection. In: Chim T, Yuen T (eds) Information and communications security, vol 7618. Springer, Berlin, pp 93\u2013104"},{"key":"2564_CR8","doi-asserted-by":"crossref","unstructured":"Davis CR, Fernandez JM, Neville S (2009) Optimising sybil attacks against P2P-based botnets. Presented at the the 4th international conference on malicious and unwanted software, Montreal, QC","DOI":"10.1109\/MALWARE.2009.5403016"},{"key":"2564_CR9","unstructured":"Chao L, Wei J, Xin Z (2009) Botnet: survey and case study. Presented at the fourth international conference on innovative computing, information and control (ICICIC), Kaohsiung"},{"key":"2564_CR10","first-page":"1","volume":"8","author":"T Holz","year":"2008","unstructured":"Holz T, Steiner M, Dahl F, Biersack E, Freiling FC (2008) Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. LEET 8:1\u20139","journal-title":"LEET"},{"key":"2564_CR11","doi-asserted-by":"crossref","unstructured":"Feily M, Shahrestani A, Ramadass S (2009) A survey of Botnet and Botnet detection. In: Third international conference on emerging security information, systems and technologies, SECURWARE \u201809, pp 268\u2013273","DOI":"10.1109\/SECURWARE.2009.48"},{"key":"2564_CR12","doi-asserted-by":"crossref","unstructured":"Zeidanloo HR, Shooshtari MJZ, Amoli PV, Safari M, Zamani M (2010) A taxonomy of Botnet detection techniques. Presented at the 3rd IEEE international conference on computer science and information technology (ICCSIT), Chengdu","DOI":"10.1109\/ICCSIT.2010.5563555"},{"key":"2564_CR13","first-page":"194","volume":"19","author":"R Babak","year":"2014","unstructured":"Babak R, Roberto P, Andrea L, Kang L (2014) PeerRush: mining for unwanted P2P traffic. J Inf Secur Appl 19:194\u2013208","journal-title":"J Inf Secur Appl"},{"key":"2564_CR14","unstructured":"D. TAX (2001) One-class classification. Ph.D. thesis, TU Delft University"},{"key":"2564_CR15","doi-asserted-by":"crossref","unstructured":"Garg S, Singh AK, Sarje AK, Peddoju SK (2013) Behaviour analysis of machine learning algorithms for detecting P2P botnets. In: 15th International Conference on advanced computing technologies (ICACT), pp 1\u20134","DOI":"10.1109\/ICACT.2013.6710523"},{"issue":"4","key":"2564_CR16","doi-asserted-by":"crossref","first-page":"320","DOI":"10.1007\/s12083-012-0150-x","volume":"7","author":"H Jiang","year":"2014","unstructured":"Jiang H, Shao X (2014) Detecting P2P botnets by discovering flow dependency in C&C traffic. Peer-to-Peer Netw Appl 7(4):320\u2013331","journal-title":"Peer-to-Peer Netw Appl"},{"key":"2564_CR17","doi-asserted-by":"crossref","first-page":"82","DOI":"10.1007\/978-3-642-34038-3_12","volume-title":"Information computing and applications","author":"H Li","year":"2012","unstructured":"Li H, Hu G, Yang Y (2012) Research on P2P Botnet network behaviors and modeling. In: Liu C, Wang L, Yang A (eds) Information computing and applications, vol 307. Springer, Berlin, pp 82\u201389"},{"key":"2564_CR18","doi-asserted-by":"crossref","unstructured":"Seungwon S, Zhaoyan X, Guofei G (2012) EFFORT: efficient and effective bot malware detection. Presented at the INFOCOM Proceedings IEEE, Orlando, FL","DOI":"10.1109\/INFCOM.2012.6195713"},{"key":"2564_CR19","doi-asserted-by":"crossref","unstructured":"Masud MM, Al-khateeb T, Khan L, Thuraisingham B, Hamlen KW (2008) Flow-based identification of botnet traffic by mining multiple log files. Presented at the first international conference on distributed framework and applications, Penang","DOI":"10.1109\/ICDFMA.2008.4784437"},{"key":"2564_CR20","volume-title":"Data mining: practical machine learning tools and techniques","author":"IH Witten","year":"2005","unstructured":"Witten IH, Frank E (2005) Data mining: practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco","edition":"2"},{"key":"2564_CR21","unstructured":"Junjie Z, Perdisci R, Wenke L, Sarfraz U, Xiapu L (2011) Detecting stealthy P2P botnets using statistical traffic fingerprints. Presented at the IEEE\/IFIP 41st international conference on dependable systems and networks (DSN), Hong Kong"},{"key":"2564_CR22","doi-asserted-by":"crossref","first-page":"264","DOI":"10.1145\/331499.331504","volume":"31","author":"AK Jain","year":"1999","unstructured":"Jain AK, Murty MN, Flynn PJ (1999) Data clustering: a review. ACM Comput Surv 31:264\u2013323","journal-title":"ACM Comput Surv"},{"key":"2564_CR23","doi-asserted-by":"crossref","first-page":"141","DOI":"10.1023\/A:1009783824328","volume":"1","author":"T Zhang","year":"1997","unstructured":"Zhang T, Ramakrishnan R, Livny M (1997) BIRCH: a new data clustering algorithm and its applications. Data Min Knowl Discov 1:141\u2013182","journal-title":"Data Min Knowl Discov"},{"key":"2564_CR24","unstructured":"Wen-Hwa L, Chia-Ching C (2010) Peer to Peer Botnet detection using data mining scheme. Presented at the the international conference on internet technology and applications, Wuhan"},{"key":"2564_CR25","doi-asserted-by":"crossref","first-page":"228","DOI":"10.1007\/978-3-642-23496-5_17","volume-title":"Autonomic and trusted computing","author":"G Fedynyshyn","year":"2011","unstructured":"Fedynyshyn G, Chuah M, Tan G (2011) Detection and Classification of Different Botnet C&C Channels. In: Calero JA, Yang L, M\u00e1rmol F, Garc\u00eda Villalba L, Li A, Wang Y (eds) Autonomic and trusted computing, vol 6906. Springer, Berlin, pp 228\u2013242"},{"key":"2564_CR26","doi-asserted-by":"crossref","first-page":"27","DOI":"10.1109\/TIFS.2013.2290197","volume":"9","author":"J Zhang","year":"2014","unstructured":"Zhang J, Perdisci R, Lee W, Luo X, Sarfraz U (2014) Building a scalable system for stealthy P2P-botnet detection. IEEE Trans Inf Forensics Secur 9:27\u201338","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2564_CR27","doi-asserted-by":"crossref","unstructured":"Zhao D, Traore I (2012) P2P botnet detection through malicious fast flux network identification. In: Seventh international conference on P2P, parallel, grid, cloud and internet computing (3PGCIC), pp 170\u2013175","DOI":"10.1109\/3PGCIC.2012.48"},{"key":"2564_CR28","volume-title":"Classification and regression trees","author":"L Breiman","year":"1984","unstructured":"Breiman L, Friedman JH, Olshen RA, Stone CJ (1984) Classification and regression trees. Wadsworth Inc., Belmont, California"},{"key":"2564_CR29","doi-asserted-by":"crossref","unstructured":"Riedmiller M, Braun H (1993) A direct adaptive method for faster backpropagation learning: the RPROP algorithm. Presented at the IEEE international conference on neural networks, San Francisco","DOI":"10.1109\/ICNN.1993.298623"},{"key":"2564_CR30","first-page":"51","volume":"19","author":"K-S Han","year":"2009","unstructured":"Han K-S, Lim K-H, Im E-G (2009) The traffic analysis of P2P-based storm botnet using honeynet. J Korea Inst Inf Secur Cryptol 19:51\u201361","journal-title":"J Korea Inst Inf Secur Cryptol"},{"key":"2564_CR31","unstructured":"Sang-Kyun N, Joo-Hyung O, Jae-Seo L, Bong-Nam N, Hyun-Cheol J (2009) Detecting P2P botnets using a multi-phased flow model. Presented at the third international conference on digital society, Cancun"},{"key":"2564_CR32","doi-asserted-by":"crossref","first-page":"1849","DOI":"10.1002\/sec.898","volume":"7","author":"K Wang","year":"2014","unstructured":"Wang K, Huang C-Y, Tsai L-Y, Lin Y-D (2014) Behavior-based botnet detection in parallel. Secur Commun Netw 7:1849\u20131859","journal-title":"Secur Commun Netw"},{"key":"2564_CR33","doi-asserted-by":"crossref","unstructured":"Sinclair G, Nunnery C, Kang BB (2009) The waledac protocol: the how and why. In: 4th International conference on malicious and unwanted software (MALWARE), pp 69\u201377","DOI":"10.1109\/MALWARE.2009.5403015"},{"key":"2564_CR34","unstructured":"Holz T, Steiner M, Dahl F, Biersack E, Freiling F (2008) Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. Presented at the proceedings of the 1st Usenix workshop on large-scale exploits and emergent threats, San Francisco, California"},{"key":"2564_CR35","doi-asserted-by":"crossref","first-page":"676","DOI":"10.1109\/TIFS.2011.2173486","volume":"7","author":"S Shin","year":"2012","unstructured":"Shin S, Gu G, Reddy N, Lee CP (2012) A large-scale empirical study of conficker. IEEE Trans Inf Forensics Secur 7:676\u2013690","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"2564_CR36","doi-asserted-by":"crossref","unstructured":"Binsalleeh H, Ormerod T, Boukhtouta A, Sinha P, Youssef A, Debbabi M et al (2010) On the analysis of the Zeus botnet crimeware toolkit. In: Eighth annual international conference on privacy security and trust (PST), pp 31\u201338","DOI":"10.1109\/PST.2010.5593240"},{"key":"2564_CR37","doi-asserted-by":"crossref","unstructured":"Marnerides AK, Mauthe AU (2016) Analysis and characterisation of botnet scan traffic. In: 2016 International conference on computing, networking and communications (ICNC), pp 1\u20137","DOI":"10.1109\/ICCNC.2016.7440627"},{"key":"2564_CR38","unstructured":"Gu G, Zhang J, Lee W (2008) BotSniffer: detecting botnet command and control channels in network traffic. Presented at the 15th annual network and distributed system security symposium, San Diego"},{"key":"2564_CR39","unstructured":"Gu G, Perdisci R, Zhang J, Lee W (2008) BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: USENIX security symposium, pp 139\u2013154"},{"key":"2564_CR40","unstructured":"Goebel J, Holz T (2007) Rishi: identify bot contaminated hosts by IRC nickname evaluation. In: Proceedings of USENIX HotBots Cambridge, MA, pp 8\u20138"},{"key":"2564_CR41","doi-asserted-by":"crossref","unstructured":"Yen T-F, Reiter MK (2008) Traffic aggregation for malware detection. Presented at the proceedings of the 5th international conference on detection of intrusions and malware, and vulnerability assessment, Paris","DOI":"10.1007\/978-3-540-70542-0_11"},{"key":"2564_CR42","unstructured":"Jun L, Shunyi Z, Yanqing L, Junrong Y (2008) Real-time P2P traffic identification. Presented at the IEEE global telecommunications conference, New Orleans"},{"key":"2564_CR43","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1007\/978-3-319-15916-4_8","volume-title":"Propagation phenomena in real world networks","author":"P Wang","year":"2015","unstructured":"Wang P, Wu L, Aslam B, Zou C (2015) Analysis of Peer-to-Peer botnet attacks and defenses. In: Kr\u00f3l D, Fay D, Gabry\u015b B (eds) Propagation phenomena in real world networks, vol 85. Springer, Berlin, pp 183\u2013214"},{"key":"2564_CR44","unstructured":"Xiaomei D, Fei L, Xiaohua L, Xiaocong Y (2010) A novel Bot detection algorithm based on API call correlation. Presented at the seventh international conference on fuzzy systems and knowledge discovery (FSKD), Yantai, Shandong"},{"key":"2564_CR45","doi-asserted-by":"crossref","unstructured":"Dan L, Yichao L, Yue H, Zongwen L (2010) A P2P-botnet detection model and algorithms based on network streams analysis. Presented at the international conference on future information technology and management engineering (FITME), Changzhou","DOI":"10.1109\/FITME.2010.5655788"},{"key":"2564_CR46","doi-asserted-by":"crossref","unstructured":"Perdisci R, Guofei G, Wenke L (2006) Using an ensemble of one-class SVM classifiers to harden payload-based anomaly detection systems. Presented at the sixth international conference on data mining (ICDM), Hong Kong","DOI":"10.1109\/ICDM.2006.165"},{"key":"2564_CR47","doi-asserted-by":"crossref","first-page":"242","DOI":"10.1007\/978-3-642-14706-7_19","volume-title":"Computer network security","author":"H Nguyen","year":"2010","unstructured":"Nguyen H, Petrovi\u0107 S, Franke K (2010) A comparison of feature-selection methods for intrusion detection. In: Kotenko I, Skormin V (eds) Computer network security, vol 6258. Springer, Berlin, pp 242\u2013255"},{"key":"2564_CR48","doi-asserted-by":"crossref","unstructured":"Livadas C, Walsh R, Lapsley D, Strayer WT (2006) Usilng machine learning technliques to identify botnet traffic. Presented at the proceedings 31st IEEE conference on local computer networks, Tampa, FL","DOI":"10.1109\/LCN.2006.322210"},{"key":"2564_CR49","doi-asserted-by":"crossref","first-page":"177","DOI":"10.1023\/B:MACH.0000035476.95130.99","volume":"57","author":"P Putten Van der","year":"2004","unstructured":"Van der Putten P, Van Someren M (2004) A bias-variance analysis of a real world learning problem: the CoIL challenge 2000. Mach Learn 57:177\u2013195","journal-title":"Mach Learn"},{"key":"2564_CR50","unstructured":"Kira K, Rendell LA (1992) The feature selection problem: traditional methods and a new algorithm. Presented at the proceedings of the tenth national conference on artificial intelligence, San Jose, California"},{"key":"2564_CR51","doi-asserted-by":"crossref","first-page":"23","DOI":"10.1023\/A:1025667309714","volume":"53","author":"M Robnik-\u0160ikonja","year":"2003","unstructured":"Robnik-\u0160ikonja M, Kononenko I (2003) Theoretical and empirical analysis of ReliefF and RReliefF. Mach Learn 53:23\u201369","journal-title":"Mach Learn"},{"key":"2564_CR52","doi-asserted-by":"crossref","unstructured":"Jolliffe I (2005) Principal component analysis. Wiley Online Library","DOI":"10.1002\/0470013192.bsa501"},{"key":"2564_CR53","volume-title":"Introduction to data mining","author":"P-N Tan","year":"2006","unstructured":"Tan P-N, Steinbach M, Kumar V (2006) Introduction to data mining. Pearson, London, UK"},{"key":"2564_CR54","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1656274.1656278","volume":"11","author":"M Hall","year":"2009","unstructured":"Hall M, Frank E, Holmes G, Pfahringer B, Reutemann P, Witten IH (2009) The WEKA data mining software: an update. SIGKDD Explor Newsl 11:10\u201318","journal-title":"SIGKDD Explor Newsl"},{"key":"2564_CR55","volume-title":"Book review: neural networks for pattern recognition","author":"A Nigrin","year":"1994","unstructured":"Nigrin A (1994) Book review: neural networks for pattern recognition, vol 5. MIT Press, New York"},{"key":"2564_CR56","doi-asserted-by":"crossref","first-page":"11994","DOI":"10.1016\/j.eswa.2009.05.029","volume":"36","author":"C-F Tsai","year":"2009","unstructured":"Tsai C-F, Hsu Y-F, Lin C-Y, Lin W-Y (2009) Intrusion detection by machine learning: a review. Expert Syst Appl 36:11994\u201312000","journal-title":"Expert Syst Appl"},{"key":"2564_CR57","doi-asserted-by":"crossref","first-page":"65","DOI":"10.1016\/j.eswa.2005.01.006","volume":"29","author":"MA Razi","year":"2005","unstructured":"Razi MA, Athappilly K (2005) A comparative predictive analysis of neural networks (NNs), nonlinear regression and classification and regression tree (CART) models. Expert Syst Appl 29:65\u201374","journal-title":"Expert Syst Appl"},{"key":"2564_CR58","doi-asserted-by":"crossref","unstructured":"Saad S, Traore I, Ghorbani A, Sayed B, Zhao D, Lu W, Felix J, Hakimian P (2011) Detecting P2P botnets through network behavior analysis and machine learning. Presented at the ninth annual international conference on privacy, security and trust (PST), Montreal, QC","DOI":"10.1109\/PST.2011.5971980"},{"key":"2564_CR59","doi-asserted-by":"crossref","first-page":"357","DOI":"10.1016\/j.cose.2011.12.012","volume":"31","author":"A Shiravi","year":"2012","unstructured":"Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31:357\u2013374","journal-title":"Comput Secur"},{"key":"2564_CR60","doi-asserted-by":"crossref","unstructured":"Yen T-F, Reiter M (2008) Traffic aggregation for malware detection. Presented at the 5th international conference on detection of intrusions and malware, and vulnerability assessmen, Paris","DOI":"10.1007\/978-3-540-70542-0_11"},{"key":"2564_CR61","unstructured":"Gu G, Porras P, Yegneswaran V, Fong M, Lee W (2007) BotHunter: detecting malware infection through IDS-driven dialog correlation. Presented at the proceedings of 16th USENIX security symposium on USENIX security symposium, Boston, MA"},{"key":"2564_CR62","doi-asserted-by":"crossref","first-page":"311","DOI":"10.1002\/sam.10054","volume":"2","author":"A Dries","year":"2009","unstructured":"Dries A, R\u00fcckert U (2009) Adaptive concept drift detection. Stat Anal Data Min 2:311\u2013327","journal-title":"Stat Anal Data Min"}],"container-title":["Neural Computing and Applications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s00521-016-2564-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-016-2564-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s00521-016-2564-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,9,14]],"date-time":"2019-09-14T02:27:27Z","timestamp":1568428047000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s00521-016-2564-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,10,3]]},"references-count":62,"journal-issue":{"issue":"11","published-print":{"date-parts":[[2018,6]]}},"alternative-id":["2564"],"URL":"https:\/\/doi.org\/10.1007\/s00521-016-2564-5","relation":{},"ISSN":["0941-0643","1433-3058"],"issn-type":[{"value":"0941-0643","type":"print"},{"value":"1433-3058","type":"electronic"}],"subject":[],"published":{"date-parts":[[2016,10,3]]}}}