{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T15:40:14Z","timestamp":1758987614303,"version":"3.44.0"},"reference-count":53,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T00:00:00Z","timestamp":1749859200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T00:00:00Z","timestamp":1749859200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"funder":[{"DOI":"10.13039\/501100020771","name":"Natural Science Foundation for Young Scientists of Shanxi Province","doi-asserted-by":"publisher","award":["6230232262302322"],"award-info":[{"award-number":["6230232262302322"]}],"id":[{"id":"10.13039\/501100020771","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Peer-to-Peer Netw. Appl."],"published-print":{"date-parts":[[2025,7]]},"DOI":"10.1007\/s12083-025-02036-2","type":"journal-article","created":{"date-parts":[[2025,6,14]],"date-time":"2025-06-14T03:45:34Z","timestamp":1749872734000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Combating evolving threats: A robust malicious domain detection framework for distributed networks"],"prefix":"10.1007","volume":"18","author":[{"given":"Yinuo","family":"Jin","sequence":"first","affiliation":[]},{"given":"Fei","family":"He","sequence":"additional","affiliation":[]},{"given":"Yi","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Hao","family":"Ren","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2025,6,14]]},"reference":[{"issue":"18","key":"2036_CR1","first-page":"17265","volume":"9","author":"D Chen","year":"2022","unstructured":"Chen D, Wang H, Zhang N, Nie X, Dai H-N, Zhang K, Choo K-KR (2022) Privacy-preserving encrypted traffic inspection with symmetric cryptographic techniques in iot. IEEE Int Things J 9(18):17265\u201317279","journal-title":"IEEE Int Things J"},{"issue":"2","key":"2036_CR2","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3380613","volume":"53","author":"B Zolfaghari","year":"2020","unstructured":"Zolfaghari B, Srivastava G, Roy S, Nemati HR, Afghah F, Koshiba T, Razi A, Bibak K, Mitra P, Rai BK (2020) Content delivery networks: State of the art, trends, and future roadmap. ACM Comput Surv (CSUR) 53(2):1\u201334","journal-title":"ACM Comput Surv (CSUR)"},{"key":"2036_CR3","doi-asserted-by":"crossref","unstructured":"Babaoglu O, Marzolla M, Tamburini M (2012) Design and implementation of a p2p cloud system. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp 412\u2013417","DOI":"10.1145\/2245276.2245357"},{"issue":"3","key":"2036_CR4","doi-asserted-by":"publisher","first-page":"1514","DOI":"10.1007\/s12083-024-01665-3","volume":"17","author":"Y Li","year":"2024","unstructured":"Li Y, Chen X, Tang W, Chen B (2024) A green computing method for encrypted iot traffic recognition based on traffic fingerprint graphs. Peer-to-Peer Netw Appl 17(3):1514\u20131526","journal-title":"Peer-to-Peer Netw Appl"},{"issue":"5","key":"2036_CR5","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1109\/MNET.2017.1600248","volume":"31","author":"N Zhang","year":"2017","unstructured":"Zhang N, Yang P, Zhang S, Chen D, Zhuang W, Liang B, Shen XS (2017) Software defined networking enabled wireless network virtualization: Challenges and solutions. IEEE Netw 31(5):42\u201349","journal-title":"IEEE Netw"},{"issue":"12","key":"2036_CR6","doi-asserted-by":"publisher","first-page":"5713","DOI":"10.3390\/app11125713","volume":"11","author":"M Wazzan","year":"2021","unstructured":"Wazzan M, Algazzawi D, Bamasaq O, Albeshri A, Cheng L (2021) Internet of things botnet detection approaches: Analysis and recommendations for future research. Appl Sci 11(12):5713","journal-title":"Appl Sci"},{"key":"2036_CR7","doi-asserted-by":"crossref","unstructured":"Zhang M, Li G, Wang S, Liu C, Chen A, Hu H, Gu G, Li Q, Xu M, Wu J (2020) Poseidon: Mitigating volumetric ddos attacks with programmable switches. In: the 27th Network and Distributed System Security Symposium (NDSS 2020)","DOI":"10.14722\/ndss.2020.24007"},{"key":"2036_CR8","unstructured":"Liu Z, Namkung H, Nikolaidis G, Lee J, Kim C, Jin X, Braverman V, Yu M, Sekar V (2021) Jaqen: A $$\\{$$High-Performance$$\\}$$$$\\{$$Switch-Native$$\\}$$ approach for detecting and mitigating volumetric $$\\{$$DDoS$$\\}$$ attacks with programmable switches. In: 30th USENIX Security Symposium (USENIX Security 21), pp 3829\u20133846"},{"key":"2036_CR9","doi-asserted-by":"crossref","unstructured":"Stone-Gross B, Cova M, Cavallaro L, Gilbert B, Szydlowski M, Kemmerer R, Kruegel C, Vigna G (2009) Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, pp 635\u2013647","DOI":"10.1145\/1653662.1653738"},{"issue":"1","key":"2036_CR10","doi-asserted-by":"publisher","first-page":"100230","DOI":"10.1016\/j.hcc.2024.100230","volume":"5","author":"D Alqattan","year":"2025","unstructured":"Alqattan D, Ojha V, Habib F, Noor A, Morgan G, Ranjan R (2025) Modular neural network for edge-based detection of early-stage iot botnet. High-Conf Comput 5(1):100230","journal-title":"High-Conf Comput"},{"key":"2036_CR11","unstructured":"Antonakakis M, April T, Bailey M, Bernhard M, Bursztein E, Cochran J, Durumeric Z, Halderman JA, Invernizzi L, Kallitsis M et al (2017) Understanding the mirai botnet. In: 26th USENIX Security Symposium (USENIX Security 17), pp 1093\u20131110"},{"key":"2036_CR12","doi-asserted-by":"crossref","unstructured":"Ramachandran A, Feamster N, Dagon D (2008) Detecting botnet membership with dnsbl counterintelligence. Botnet Detection: Countering the Largest Security Threat, 131\u2013142","DOI":"10.1007\/978-0-387-68768-1_7"},{"key":"2036_CR13","doi-asserted-by":"crossref","unstructured":"Sinha S, Bailey M, Jahanian F (2008) Shades of grey: On the effectiveness of reputation-based \u201cblacklists\u201d. In: 2008 3rd International Conference on Malicious and Unwanted Software (MALWARE), pp 57\u201364. IEEE","DOI":"10.1109\/MALWARE.2008.4690858"},{"key":"2036_CR14","unstructured":"Antonakakis M, Perdisci R, Nadji Y, Vasiloglou N, Abu-Nimeh S, Lee W, Dagon D (2012) From $$\\{$$Throw-Away$$\\}$$ traffic to bots: Detecting the rise of $$\\{$$DGA-Based$$\\}$$ malware. In: 21st USENIX Security Symposium (USENIX Security 12), pp 491\u2013506"},{"key":"2036_CR15","doi-asserted-by":"crossref","unstructured":"Schiavoni S, Maggi F, Cavallaro L, Zanero S (2014) Phoenix: Dga-based botnet tracking and intelligence. In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment, pp 192\u2013211. Springer","DOI":"10.1007\/978-3-319-08509-8_11"},{"key":"2036_CR16","doi-asserted-by":"crossref","unstructured":"Chin T, Xiong K, Hu C, Li Y (2018) A machine learning framework for studying domain generation algorithm (dga)-based malware. In: Security and Privacy in Communication Networks: 14th International Conference, SecureComm 2018, Singapore, Singapore, August 8-10, 2018, Proceedings, Part I, pp 433\u2013448. Springer","DOI":"10.1007\/978-3-030-01701-9_24"},{"issue":"4","key":"2036_CR17","first-page":"1061","volume":"21","author":"D-T Truong","year":"2020","unstructured":"Truong D-T, Tran D-T, Huynh B (2020) Detecting malicious fast-flux domains using feature-based classification techniques j. J Int Technol 21(4):1061\u20131072","journal-title":"J Int Technol"},{"key":"2036_CR18","doi-asserted-by":"publisher","first-page":"128990","DOI":"10.1109\/ACCESS.2019.2940554","volume":"7","author":"H Zhao","year":"2019","unstructured":"Zhao H, Chang Z, Wang W, Zeng X (2019) Malicious domain names detection algorithm based on lexical analysis and feature quantification. IEEE Access. 7:128990\u2013128999","journal-title":"IEEE Access."},{"key":"2036_CR19","unstructured":"Sch\u00fcppen S, Teubert D, Herrmann P, Meyer U (2018) $$\\{$$FANCI$$\\}$$: Feature-based automated $$\\{$$NXDomain$$\\}$$ classification and intelligence. In: 27th USENIX Security Symposium (USENIX Security 18), pp 1165\u20131181"},{"key":"2036_CR20","unstructured":"Zhang Y, Gonzalez F, Solorio T (2024) Interpreting themes from educational stories. In: 2024 Joint International Conference on Computational Linguistics, Language Resources and Evaluation (LREC-COLING 2024)"},{"key":"2036_CR21","doi-asserted-by":"crossref","unstructured":"Yu B, Gray DL, Pan J, De\u00a0Cock M, Nascimento AC (2017) Inline dga detection with deep networks. In: 2017 IEEE International Conference on Data Mining Workshops (ICDMW), pp 683\u2013692. IEEE","DOI":"10.1109\/ICDMW.2017.96"},{"key":"2036_CR22","unstructured":"Saxe J, Berlin K (2017) expose: A character-level convolutional neural network with embeddings for detecting malicious urls, file paths and registry keys. arXiv preprint arXiv:1702.08568"},{"key":"2036_CR23","doi-asserted-by":"publisher","first-page":"108912","DOI":"10.1016\/j.engappai.2024.108912","volume":"136","author":"H Hou","year":"2024","unstructured":"Hou H, Yan X, Zhang Y (2024) Bagformer: Better cross-modal retrieval via bag-wise interaction. Eng Appl Artif Intell 136:108912","journal-title":"Eng Appl Artif Intell"},{"key":"2036_CR24","unstructured":"Baharlouei E, Shafaei M, Zhang Y, Escalante HJ, Solorio T (2024) Labeling comic mischief content in online videos with a multimodal hierarchical-cross-attention model. In: 2024 Joint International Conference on Computational Linguistics, Language Resources and Evaluation (LREC-COLING 2024)"},{"key":"2036_CR25","unstructured":"Mahdaouy AE, Lamsiyah S, Idrissi MJ, Alami H, Yartaoui Z, Berrada I (2024) Domurls_bert: Pre-trained bert-based model for malicious domains and urls detection and classification. arXiv preprint arXiv:2409.09143"},{"key":"2036_CR26","doi-asserted-by":"crossref","unstructured":"Luo C, Tang W, Wang Q, Zheng D (2024) Few-shot website fingerprinting with distribution calibration. IEEE Trans Dependable Secure Comput","DOI":"10.1109\/TDSC.2024.3411014"},{"key":"2036_CR27","doi-asserted-by":"crossref","unstructured":"Wang Z, Yang W (2022) Deep learning-based algorithm for detecting counterfeit domain names. In: 2022 7th International Conference on Multimedia Communication Technologies (ICMCT), pp 60\u201365. IEEE","DOI":"10.1109\/ICMCT57031.2022.00020"},{"issue":"6","key":"2036_CR28","doi-asserted-by":"publisher","first-page":"1457","DOI":"10.1007\/s10115-022-01672-x","volume":"64","author":"C Catal","year":"2022","unstructured":"Catal C, Giray G, Tekinerdogan B, Kumar S, Shukla S (2022) Applications of deep learning for phishing detection: a systematic literature review. Knowl Inf Syst 64(6):1457\u20131500","journal-title":"Knowl Inf Syst"},{"key":"2036_CR29","doi-asserted-by":"crossref","unstructured":"Tian Y, Li Z (2024) Dom-bert: Detecting malicious domains with pre-training model. In: International Conference on Passive and Active Network Measurement, pp 133\u2013158. Springer","DOI":"10.1007\/978-3-031-56249-5_6"},{"issue":"2","key":"2036_CR30","first-page":"3","volume":"1","author":"EJ Hu","year":"2022","unstructured":"Hu EJ, Shen Y, Wallis P, Allen-Zhu Z, Li Y, Wang S, Wang L, Chen W et al (2022) Lora: Low-rank adaptation of large language models. ICLR 1(2):3","journal-title":"ICLR"},{"key":"2036_CR31","unstructured":"Shazeer N, Mirhoseini A, Maziarz K, Davis A, Le Q, Hinton G, Dean J (2017) Outrageously large neural networks: The sparsely-gated mixture-of-experts layer. arXiv preprint arXiv:1701.06538"},{"key":"2036_CR32","unstructured":"Lepikhin D, Lee H, Xu Y, Chen D, Firat O, Huang Y, Krikun M, Shazeer N, Chen Z (2020) Gshard: Scaling giant models with conditional computation and automatic sharding. arXiv preprint arXiv:2006.16668"},{"key":"2036_CR33","unstructured":"Ramachandran A, Dagon D, Feamster N (2006) Can dns-based blacklists keep up with bots? In: CEAS. Citeseer"},{"key":"2036_CR34","doi-asserted-by":"crossref","unstructured":"Jung J, Sit E (2004) An empirical study of spam traffic and the use of dns black lists. In: Proceedings of the 4th ACM SIGCOMM Conference on Internet Measurement, pp 370\u2013375","DOI":"10.1145\/1028788.1028838"},{"issue":"1","key":"2036_CR35","first-page":"191","volume":"2018","author":"S Saiyod","year":"2018","unstructured":"Saiyod S, Chanthakoummane Y, Benjamas N, Khamphakdee N, Chaichawananit J (2018) Improving intrusion detection on snort rules for botnet detection. Softw Netw 2018(1):191\u2013212","journal-title":"Softw Netw"},{"issue":"4","key":"2036_CR36","doi-asserted-by":"publisher","first-page":"742","DOI":"10.1109\/TFUZZ.2020.2965872","volume":"29","author":"L Fang","year":"2020","unstructured":"Fang L, Yun X, Yin C, Ding W, Zhou L, Liu Z, Su C (2020) Ancs: Automatic nxdomain classification system based on incremental fuzzy rough sets machine learning. IEEE Trans Fuzzy Syst 29(4):742\u2013756","journal-title":"IEEE Trans Fuzzy Syst"},{"key":"2036_CR37","unstructured":"Woodbridge J, Anderson HS, Ahuja A, Grant D (2016) Predicting domain generation algorithms with long short-term memory networks. arXiv preprint arXiv:1611.00791"},{"issue":"1","key":"2036_CR38","first-page":"4917016","volume":"2021","author":"J Yuan","year":"2021","unstructured":"Yuan J, Liu Y, Yu L (2021) A novel approach for malicious url detection based on the joint model. Sec Commun Netw 2021(1):4917016","journal-title":"Sec Commun Netw"},{"key":"2036_CR39","doi-asserted-by":"crossref","unstructured":"Yu B, Pan J, Hu J, Nascimento A, De\u00a0Cock M (2018) Character level based detection of dga domain names. In: 2018 International Joint Conference on Neural Networks (IJCNN), pp 1\u20138. IEEE","DOI":"10.1109\/IJCNN.2018.8489147"},{"key":"2036_CR40","doi-asserted-by":"crossref","unstructured":"Anderson HS, Woodbridge J, Filar B (2016) Deepdga: Adversarially-tuned domain generation and detection. In: Proceedings of the 2016 ACM Workshop on Artificial Intelligence and Security, pp 13\u201321","DOI":"10.1145\/2996758.2996767"},{"issue":"1","key":"2036_CR41","doi-asserted-by":"publisher","first-page":"249","DOI":"10.1109\/TEM.2021.3059664","volume":"70","author":"V Ravi","year":"2021","unstructured":"Ravi V, Alazab M, Srinivasan S, Arunachalam A, Soman K (2021) Adversarial defense: Dga-based botnets and dns homographs detection through integrated deep learning. IEEE Trans Eng Manag 70(1):249\u2013266","journal-title":"IEEE Trans Eng Manag"},{"issue":"1","key":"2036_CR42","doi-asserted-by":"publisher","first-page":"50","DOI":"10.1504\/IJAHUC.2021.112981","volume":"36","author":"A Almomani","year":"2021","unstructured":"Almomani A, Al-Nawasrah A, Alauthman M, Al-Betar MA, Meziane F (2021) Botnet detection used fast-flux technique, based on adaptive dynamic evolving spiking neural network algorithm. Int J Ad Hoc and Ubiquitous Comput 36(1):50\u201365","journal-title":"Int J Ad Hoc and Ubiquitous Comput"},{"key":"2036_CR43","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1016\/j.cose.2019.04.015","volume":"85","author":"C Xu","year":"2019","unstructured":"Xu C, Shen J, Du X (2019) Detection method of domain names generated by dgas based on semantic representation and deep neural network. Comput Sec 85:77\u201388","journal-title":"Comput Sec"},{"issue":"1","key":"2036_CR44","doi-asserted-by":"publisher","first-page":"233","DOI":"10.26599\/BDMA.2024.9020040","volume":"8","author":"X Wang","year":"2024","unstructured":"Wang X, Ao X, Zhang F, Zhang Z, He Q (2024) Knowledge error detection via textual and structural joint learning. Big Data Min Anal 8(1):233\u2013240","journal-title":"Big Data Min Anal"},{"key":"2036_CR45","unstructured":"Devlin J, Chang M-W, Lee K, Toutanova K (2019) Bert: Pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (long and Short Papers), pp 4171\u20134186"},{"issue":"3","key":"2036_CR46","doi-asserted-by":"publisher","first-page":"1380","DOI":"10.1007\/s12083-023-01478-w","volume":"16","author":"P Victor","year":"2023","unstructured":"Victor P, Lashkari AH, Lu R, Sasi T, Xiong P, Iqbal S (2023) Iot malware: An attribute-based taxonomy, detection mechanisms and challenges. Peer-to-peer Netw Appl 16(3):1380\u20131431","journal-title":"Peer-to-peer Netw Appl"},{"key":"2036_CR47","unstructured":"Han X, Nguyen H, Harris C, Ho N, Saria S (2024) Fusemoe: Mixture-of-experts transformers for fleximodal fusion. arXiv preprint arXiv:2402.03226"},{"key":"2036_CR48","doi-asserted-by":"crossref","unstructured":"Zhou J, Zeng Z, Bhat S (2023) Clcl: Non-compositional expression detection with contrastive learning and curriculum learning. In: Proceedings of the 61st Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers), pp 730\u2013743","DOI":"10.18653\/v1\/2023.acl-long.43"},{"key":"2036_CR49","unstructured":"Gutmann M, Hyv\u00e4rinen A (2010) Noise-contrastive estimation: A new estimation principle for unnormalized statistical models. In: Proceedings of the Thirteenth International Conference on Artificial Intelligence and Statistics, pp 297\u2013304. JMLR Workshop and Conference Proceedings"},{"key":"2036_CR50","unstructured":"Plohmann D, Yakdan K, Klatt M, Bader J, Gerhards-Padilla E (2016) A comprehensive measurement study of domain generating malware. In: 25th USENIX Security Symposium (USENIX Security 16), pp 263\u2013278"},{"key":"2036_CR51","unstructured":"Zhang X, Zhao J, LeCun Y (2015) Character-level convolutional networks for text classification. Adv Neural Inf Process Syst 28"},{"key":"2036_CR52","doi-asserted-by":"crossref","unstructured":"Aghaei E, Niu X, Shadid W, Al-Shaer E (2022) Securebert: A domain-specific language model for cybersecurity. In: International Conference on Security and Privacy in Communication Systems, pp 39\u201356. Springer","DOI":"10.1007\/978-3-031-25538-0_3"},{"issue":"2","key":"2036_CR53","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/3652594","volume":"27","author":"M Bayer","year":"2024","unstructured":"Bayer M, Kuehn P, Shanehsaz R, Reuter C (2024) Cysecbert: A domain-adapted language model for the cybersecurity domain. ACM Trans Privacy Sec 27(2):1\u201320","journal-title":"ACM Trans Privacy Sec"}],"container-title":["Peer-to-Peer Networking and Applications"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-025-02036-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s12083-025-02036-2\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s12083-025-02036-2.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,27]],"date-time":"2025-09-27T15:23:02Z","timestamp":1758986582000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s12083-025-02036-2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,14]]},"references-count":53,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2025,7]]}},"alternative-id":["2036"],"URL":"https:\/\/doi.org\/10.1007\/s12083-025-02036-2","relation":{},"ISSN":["1936-6442","1936-6450"],"issn-type":[{"type":"print","value":"1936-6442"},{"type":"electronic","value":"1936-6450"}],"subject":[],"published":{"date-parts":[[2025,6,14]]},"assertion":[{"value":"11 March 2025","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"5 June 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"14 June 2025","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"Not applicable.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethics approval"}},{"value":"The authors declare no competing interests.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}},{"value":"Not applicable.","order":4,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent to participate"}},{"value":"Yes.","order":5,"name":"Ethics","group":{"name":"EthicsHeading","label":"Consent for publication"}}],"article-number":"214"}}