{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,26]],"date-time":"2026-02-26T15:33:00Z","timestamp":1772119980581,"version":"3.50.1"},"reference-count":32,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2024,12,21]],"date-time":"2024-12-21T00:00:00Z","timestamp":1734739200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,12,21]],"date-time":"2024-12-21T00:00:00Z","timestamp":1734739200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Peer-to-Peer Netw. Appl."],"published-print":{"date-parts":[[2025,1]]},"DOI":"10.1007\/s12083-024-01822-8","type":"journal-article","created":{"date-parts":[[2024,12,21]],"date-time":"2024-12-21T01:14:02Z","timestamp":1734743642000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Enhanced DGA detection in Botnet traffic: leveraging N-Gram, topic modeling, and attention BiLSTM"],"prefix":"10.1007","volume":"18","author":[{"given":"S.","family":"Harishkumar","sequence":"first","affiliation":[]},{"given":"R. S.","family":"Bhuvaneswaran","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,12,21]]},"reference":[{"key":"1822_CR1","doi-asserted-by":"publisher","unstructured":"Chen S, Lang B, Chen Y, Xie C (2023) Detection of algorithmically generated malicious domain names with feature fusion of meaningful word segmentation and N-Gram sequences. Appl Sci (Switzerland) 13(7). https:\/\/doi.org\/10.3390\/app13074406","DOI":"10.3390\/app13074406"},{"key":"1822_CR2","doi-asserted-by":"publisher","unstructured":"Cucchiarelli A, Morbidoni C, Spalazzi L, Baldi M (2021) Algorithmically generated malicious domain names detection based on n-grams features. Expert Syst Applic 170. https:\/\/doi.org\/10.1016\/j.eswa.2020.114551","DOI":"10.1016\/j.eswa.2020.114551"},{"key":"1822_CR3","doi-asserted-by":"publisher","unstructured":"Gavrilut DT, Popoiu G, Benchea R (2016) Identifying DGA-based botnets using network anomaly detection. In: 2016 18th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC). IEEE, pp 292\u2013299.\u00a0https:\/\/doi.org\/10.1109\/SYNASC.2016.053","DOI":"10.1109\/SYNASC.2016.053"},{"key":"1822_CR4","doi-asserted-by":"publisher","unstructured":"Erquiaga MJ, Catania C, Garc\u00eda S (2016) Detecting DGA malware traffic through behavioral models. In: 2016 IEEE Biennial Congress of Argentina (ARGENCON).\u00a0IEEE, pp 1\u20136.\u00a0https:\/\/doi.org\/10.1109\/ARGENCON.2016.7585238","DOI":"10.1109\/ARGENCON.2016.7585238"},{"issue":"1","key":"1822_CR5","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1504\/ijccps.2022.10047145","volume":"1","author":"SS Esmili","year":"2022","unstructured":"Esmili SS, Nazmdeh V (2022) A review of methods for detection and segmentation of kidney stones from CT scan images using image processing method. Int J Cybern Cyber Phys Syst 1(1):1. https:\/\/doi.org\/10.1504\/ijccps.2022.10047145","journal-title":"Int J Cybern Cyber Phys Syst"},{"key":"1822_CR6","doi-asserted-by":"publisher","unstructured":"Gopinath M, Sethuraman SC (2023) A comprehensive survey on deep learning based malware detection techniques. Computer Science Review 47:100529. https:\/\/doi.org\/10.1016\/j.cosrev.2022.100529","DOI":"10.1016\/j.cosrev.2022.100529"},{"key":"1822_CR7","doi-asserted-by":"publisher","unstructured":"Heuer T, Schiering I, Klawnn F, Gabel A, Seeger M (2016) Recognizing time-efficiently local botnet infections-a case study. In: 2016 11th International Conference on Availability, Reliability and Security (ARES). IEEE, pp 304\u2013311.\u00a0https:\/\/doi.org\/10.1109\/ARES.2016.16","DOI":"10.1109\/ARES.2016.16"},{"key":"1822_CR8","doi-asserted-by":"publisher","unstructured":"Highnam K, Puzio D, Luo S, Jennings NR (2021) Real-time detection of dictionary DGA network traffic using deep learning. SN Comput Sci 2(2). https:\/\/doi.org\/10.1007\/s42979-021-00507-w","DOI":"10.1007\/s42979-021-00507-w"},{"key":"1822_CR9","doi-asserted-by":"publisher","first-page":"4406","DOI":"10.1109\/TIFS.2023.3293956","volume":"18","author":"X Hu","year":"2023","unstructured":"Hu X, Chen H, Li M, Cheng G, Li R, Wu H, Yuan Y (2023) ReplaceDGA: BiLSTM-based adversarial DGA with high anti-detection ability. IEEE Trans Inf Forensics Secur 18:4406\u20134421. https:\/\/doi.org\/10.1109\/TIFS.2023.3293956","journal-title":"IEEE Trans Inf Forensics Secur"},{"key":"1822_CR10","doi-asserted-by":"publisher","unstructured":"Ashiq MI, Bhowmick P, Hossain MS, Narman HS (2019) Domain flux-based DGA botnet detection using feedforward neural network. In: MILCOM 2019-2019 IEEE Military Communications Conference (MILCOM). IEEE, pp 1\u20136. https:\/\/doi.org\/10.1109\/MILCOM47813.2019.9020730","DOI":"10.1109\/MILCOM47813.2019.9020730"},{"key":"1822_CR11","doi-asserted-by":"publisher","first-page":"61144","DOI":"10.1109\/ACCESS.2023.3286313","volume":"11","author":"N Kostopoulos","year":"2023","unstructured":"Kostopoulos N, Kalogeras D, Pantazatos D, Grammatikou M, Maglaris V (2023) SHAP interpretations of tree and neural network DNS classifiers for analyzing DGA family characteristics. IEEE Access 11:61144\u201361160. https:\/\/doi.org\/10.1109\/ACCESS.2023.3286313","journal-title":"IEEE Access"},{"key":"1822_CR12","doi-asserted-by":"publisher","unstructured":"Liang J, Chen S, Wei Z, Zhao S, Zhao W (2022) HAGDetector: Heterogeneous DGA domain name detection model. Comput Secur 120. https:\/\/doi.org\/10.1016\/j.cose.2022.102803","DOI":"10.1016\/j.cose.2022.102803"},{"key":"1822_CR13","doi-asserted-by":"publisher","unstructured":"Liu Z, Yun X, Zhang Y, Wang Y (2019) CCGA: clustering and capturing group activities for DGA-based botnets detection. In: 2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications\/13th IEEE International Conference On Big Data Science And Engineering (TrustCom\/BigDataSE). IEEE, pp 136\u2013143. https:\/\/doi.org\/10.1109\/TrustCom\/BigDataSE.2019.00027","DOI":"10.1109\/TrustCom\/BigDataSE.2019.00027"},{"issue":"3","key":"1822_CR14","doi-asserted-by":"publisher","first-page":"502","DOI":"10.1016\/j.comcom.2010.04.007","volume":"34","author":"W Lu","year":"2011","unstructured":"Lu W, Rammidi G, Ghorbani AA (2011) Clustering botnet communication traffic based on n-gram feature selection. Comput Commun 34(3):502\u2013514. https:\/\/doi.org\/10.1016\/j.comcom.2010.04.007","journal-title":"Comput Commun"},{"issue":"5","key":"1822_CR15","doi-asserted-by":"publisher","first-page":"2045","DOI":"10.1016\/j.jksuci.2022.03.001","volume":"34","author":"AM Manasrah","year":"2022","unstructured":"Manasrah AM, Khdour T, Freehat R (2022) DGA-based botnets detection using DNS traffic mining. J King Saud Univ - Comput Inf Sci 34(5):2045\u20132061. https:\/\/doi.org\/10.1016\/j.jksuci.2022.03.001","journal-title":"J King Saud Univ - Comput Inf Sci"},{"key":"1822_CR16","doi-asserted-by":"publisher","unstructured":"Morbidoni C, Spalazzi L, Teti A, Cucchiarelli A (2022) Leveraging n-gram neural embeddings to improve deep learning DGA detection. In: Proceedings of the 37th ACM\/SIGAPP Symposium on Applied Computing. pp 995\u20131004. https:\/\/doi.org\/10.1145\/3477314.3507269","DOI":"10.1145\/3477314.3507269"},{"key":"1822_CR17","doi-asserted-by":"publisher","unstructured":"Ren F, Jiang Z, Liu J (2019) Integrating an attention mechanism and deep neural network for detection of DGA domain names. In: 2019 IEEE 31st International Conference on Tools with Artificial Intelligence (ICTAI). IEEE, pp 848\u2013855. https:\/\/doi.org\/10.1109\/ICTAI.2019.00121","DOI":"10.1109\/ICTAI.2019.00121"},{"key":"1822_CR18","doi-asserted-by":"publisher","unstructured":"Ren F, Jiang Z, Wang X, Liu J (2020) A DGA domain names detection modeling method based on integrating an attention mechanism and deep neural network. Cybersecurity 3(1). https:\/\/doi.org\/10.1186\/s42400-020-00046-6","DOI":"10.1186\/s42400-020-00046-6"},{"key":"1822_CR19","doi-asserted-by":"publisher","first-page":"161580","DOI":"10.1109\/ACCESS.2020.3020964","volume":"8","author":"L Sidi","year":"2020","unstructured":"Sidi L, Nadler A, Shabtai A (2020) MaskDGA: an evasion attack against DGA classifiers and adversarial defenses. IEEE Access 8:161580\u2013161592. https:\/\/doi.org\/10.1109\/ACCESS.2020.3020964","journal-title":"IEEE Access"},{"key":"1822_CR20","doi-asserted-by":"publisher","unstructured":"Soleymani A, Arabgol F (2021) A novel approach for detecting DGA-based botnets in DNS queries using machine learning techniques. J Comput Netw Commun. https:\/\/doi.org\/10.1155\/2021\/4767388","DOI":"10.1155\/2021\/4767388"},{"key":"1822_CR21","doi-asserted-by":"publisher","unstructured":"Srinarayani K, Padmavathi B, Kavitha D (2023) Detection of botnet traffic using deep learning approach. In: 2023 International Conference on Sustainable Computing and Data Communication Systems (ICSCDS). IEEE, pp 201\u2013206. https:\/\/doi.org\/10.1109\/ICSCDS56580.2023.10104633","DOI":"10.1109\/ICSCDS56580.2023.10104633"},{"key":"1822_CR22","doi-asserted-by":"publisher","first-page":"34613","DOI":"10.1109\/ACCESS.2022.3162588","volume":"10","author":"H Suryotrisongko","year":"2022","unstructured":"Suryotrisongko H, Musashi Y, Tsuneda A, Sugitani K (2022) Robust botnet DGA detection: blending XAI and OSINT for cyber threat intelligence sharing. IEEE Access 10:34613\u201334624. https:\/\/doi.org\/10.1109\/ACCESS.2022.3162588","journal-title":"IEEE Access"},{"key":"1822_CR23","doi-asserted-by":"publisher","unstructured":"Tong V, Nguyen G (2016) A method for detecting DGA botnet based on semantic and cluster analysis. ACM International Conference Proceeding Series, 08\u201309-December2016, 272\u2013277. https:\/\/doi.org\/10.1145\/3011077.3011112","DOI":"10.1145\/3011077.3011112"},{"key":"1822_CR24","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.cose.2016.10.001","volume":"64","author":"TS Wang","year":"2017","unstructured":"Wang TS, Lin HT, Cheng WT, Chen CY (2017) DBod: clustering and detecting DGA-based botnets using DNS traffic analysis. Comput Secur 64:1\u201315. https:\/\/doi.org\/10.1016\/j.cose.2016.10.001","journal-title":"Comput Secur"},{"key":"1822_CR25","doi-asserted-by":"publisher","first-page":"82876","DOI":"10.1109\/ACCESS.2020.2988877","volume":"8","author":"L Yang","year":"2020","unstructured":"Yang L, Liu G, Dai Y, Wang J, Zhai J (2020) Detecting stealthy domain generation algorithms using heterogeneous deep neural network framework. IEEE Access 8:82876\u201382889. https:\/\/doi.org\/10.1109\/ACCESS.2020.2988877","journal-title":"IEEE Access"},{"key":"1822_CR26","doi-asserted-by":"publisher","unstructured":"Zhao H, Chang Z, Bao G, Zeng X, Chaeikar SS (2019) Malicious domain names detection algorithm based on N-Gram. J Comput Netw Commun. https:\/\/doi.org\/10.1155\/2019\/4612474.","DOI":"10.1155\/2019\/4612474"},{"key":"1822_CR27","first-page":"116","volume":"3","author":"Y-L Zhou","year":"2013","unstructured":"Zhou Y-L, Li Q-S, Miao Q, Yim K (2013) DGA-based botnet detection using DNS. Traffic 3:116\u2013123","journal-title":"Traffic"},{"key":"1822_CR28","doi-asserted-by":"publisher","first-page":"2410","DOI":"10.1109\/ojcoms.2023.3313352","volume":"4","author":"H Moudoud","year":"2023","unstructured":"Moudoud H, Cherkaoui S (2023) Empowering security and trust in 5G and beyond: a deep reinforcement learning approach. IEEE Open J Commun Soc 4:2410\u20132420. https:\/\/doi.org\/10.1109\/ojcoms.2023.3313352","journal-title":"IEEE Open J Commun Soc"},{"key":"1822_CR29","doi-asserted-by":"publisher","unstructured":"Moudoud H, Khoukhi L, Cherkaoui S (2020) Prediction and detection of FDIA and DDoS attacks in 5G enabled IoT. IEEE Netw 1\u20138. https:\/\/doi.org\/10.1109\/mnet.011.2000449","DOI":"10.1109\/mnet.011.2000449"},{"issue":"5","key":"1822_CR30","doi-asserted-by":"publisher","first-page":"2978","DOI":"10.1109\/tnse.2022.3161479","volume":"9","author":"H Moudoud","year":"2022","unstructured":"Moudoud H, Mlika Z, Khoukhi L, Cherkaoui S (2022) Detection and prediction of FDI attacks in IoT systems via hidden markov model. IEEE Trans Netw Sci Eng 9(5):2978\u20132990. https:\/\/doi.org\/10.1109\/tnse.2022.3161479","journal-title":"IEEE Trans Netw Sci Eng"},{"key":"1822_CR31","doi-asserted-by":"publisher","unstructured":"Zakaria HM, Brik B (2024) Federated deep reinforcement learning for efficient jamming attack mitigation in O-RAN. IEEE Trans Veh Technol 1\u201310. https:\/\/doi.org\/10.1109\/tvt.2024.3359998","DOI":"10.1109\/tvt.2024.3359998"},{"issue":"16","key":"1822_CR32","doi-asserted-by":"publisher","first-page":"19610","DOI":"10.1007\/s10489-02304452-4","volume":"53","author":"S Garc\u00eda-M\u00e9ndez","year":"2023","unstructured":"Garc\u00eda-M\u00e9ndez S, de Arriba-P\u00e9rez F, Barros-Vila A, Gonz\u00e1lez-Casta\u00f1o FJ, Costa Montenegro E (2023) Automatic detection of relevant information, predictions and forecasts in financial news through topic modelling with Latent Dirichlet Allocation. Appl Intell 53(16):19610\u201319628. https:\/\/doi.org\/10.1007\/s10489-02304452-4","journal-title":"Appl Intell"}],"container-title":["Peer-to-Peer Networking and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-024-01822-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12083-024-01822-8","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-024-01822-8.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T11:15:51Z","timestamp":1771586151000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12083-024-01822-8"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,21]]},"references-count":32,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2025,1]]}},"alternative-id":["1822"],"URL":"https:\/\/doi.org\/10.1007\/s12083-024-01822-8","relation":{"has-preprint":[{"id-type":"doi","id":"10.21203\/rs.3.rs-3981569\/v1","asserted-by":"object"}]},"ISSN":["1936-6442","1936-6450"],"issn-type":[{"value":"1936-6442","type":"print"},{"value":"1936-6450","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,21]]},"assertion":[{"value":"23 February 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"28 October 2024","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"21 December 2024","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"All authors have reviewed and approved the final manuscript for publication. No individual person's data is included in the study.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to publish"}},{"value":"The authors declare no competing interests.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing Interests"}}],"article-number":"55"}}