{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,17]],"date-time":"2026-06-17T04:56:06Z","timestamp":1781672166191,"version":"3.54.5"},"reference-count":55,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-nd\/4.0\/"}],"funder":[{"name":"IBM Cyber Security Center of Excellence at Gav-Yam Negev"},{"DOI":"10.13039\/501100014833","name":"Israeli National Cyber Bureau via the Cyber Security Research Center at Ben-Gurion University of the Negev","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100014833","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Access"],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/access.2021.3066957","type":"journal-article","created":{"date-parts":[[2021,3,18]],"date-time":"2021-03-18T19:41:48Z","timestamp":1616096508000},"page":"45242-45258","source":"Crossref","is-referenced-by-count":20,"title":["IMDoC: Identification of Malicious Domain Campaigns via DNS and Communicating Files"],"prefix":"10.1109","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-7816-457X","authenticated-orcid":false,"given":"David","family":"Lazar","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0532-009X","authenticated-orcid":false,"given":"Kobi","family":"Cohen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9768-7018","authenticated-orcid":false,"given":"Alon","family":"Freund","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0454-4043","authenticated-orcid":false,"given":"Avishay","family":"Bartik","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5936-973X","authenticated-orcid":false,"given":"Aviv","family":"Ron","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","year":"2020","journal-title":"MalwareDomainList"},{"key":"ref38","year":"2020","journal-title":"McAfee SiteAdvisor"},{"key":"ref33","year":"2020","journal-title":"DNSBL Info—Spam Database Lookup"},{"key":"ref32","year":"2020","journal-title":"Cloudflare 1 1 1 1 DNS"},{"key":"ref31","year":"2020","journal-title":"Cisco OpenDNS"},{"key":"ref30","year":"2020","journal-title":"Quad9 DNS"},{"key":"ref37","year":"2020","journal-title":"VirusTotal"},{"key":"ref36","year":"2020","journal-title":"IBM X-Force Threat Intelligence Quarterly"},{"key":"ref35","year":"2020","journal-title":"OpenPhish"},{"key":"ref34","year":"2020","journal-title":"PhishTank"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2014.2358637"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/TSP.2019.2918981"},{"key":"ref29","year":"2020","journal-title":"Google Public DNS"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.03.050"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(14)70068-6"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/3203422.3203423"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1080\/17517575.2019.1644673"},{"key":"ref21","first-page":"35","article-title":"Signature based intrusion detection system using SNORT","volume":"1","author":"kumar","year":"2012","journal-title":"Int J Comput Appl Inf Technol"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/ccnc08.2007.112"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/HICSS.2014.600"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2018.2866257"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/TIT.2014.2387857"},{"key":"ref50","author":"sebasti\u00e1n","year":"0","journal-title":"AVClass Malware Labeling Tool’s Github Repository"},{"key":"ref51","year":"2020","journal-title":"Scikit-learn Machine Learning in Python"},{"key":"ref55","first-page":"1","article-title":"End to end analysis of a domain generating algorithm malware family","author":"geffner","year":"2013","journal-title":"Proc BlackHat USA"},{"key":"ref54","year":"2020","journal-title":"Kaspersky Threats—Bayrob"},{"key":"ref53","first-page":"358","article-title":"Spearman rank correlation coefficient","author":"daniel","year":"1990","journal-title":"Applied Nonparametric Statistics"},{"key":"ref52","year":"2020","journal-title":"CWE-350 Reliance on Reverse DNS Resolution for a Security-Critical Action"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2944203"},{"key":"ref11","first-page":"273","article-title":"Building a dynamic reputation system for DNS","author":"antonakakis","year":"2010","journal-title":"Proc Usenix Secur Symp"},{"key":"ref40","year":"2020","journal-title":"malc0de com"},{"key":"ref12","first-page":"1","article-title":"Detecting malware domains at the upper DNS hierarchy","volume":"11","author":"antonakakis","year":"2011","journal-title":"Proc Usenix Secur Symp"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2014.04.013"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897877"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.3014619"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1145\/3191329"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666659"},{"key":"ref18","first-page":"1","article-title":"Killing two birds with one stone: Malicious domain detection with high accuracy and coverage","volume":"abs 1711","author":"khalil","year":"2017","journal-title":"CoRR"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0331-3"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.032213.00009"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.04.006"},{"key":"ref6","first-page":"21","article-title":"DNS pharming through PHP injection: Attack scenario and investigation","volume":"7","author":"sahu","year":"2015","journal-title":"Int J Comput Netw Inf Secur"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/ICSESS.2010.5552339"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2927355"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2924633"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"ref9","first-page":"1093","article-title":"Understanding the Mirai botnet","author":"antonakakis","year":"2017","journal-title":"Proc Usenix Secur Symp"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2940554"},{"key":"ref45","year":"2020","journal-title":"DGArchive"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2019.2911522"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2015.2458581"},{"key":"ref42","year":"2020","journal-title":"OSINT Feeds"},{"key":"ref41","year":"2020","journal-title":"DNS-BH—Malware Domain Blocklist"},{"key":"ref44","year":"2020","journal-title":"Alienvault—Open Threat Exchange"},{"key":"ref43","year":"2020","journal-title":"Netlab OpenData Project"}],"container-title":["IEEE Access"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/6287639\/9312710\/09381197.pdf?arnumber=9381197","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,12,17]],"date-time":"2021-12-17T19:57:29Z","timestamp":1639771049000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9381197\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":55,"URL":"https:\/\/doi.org\/10.1109\/access.2021.3066957","relation":{},"ISSN":["2169-3536"],"issn-type":[{"value":"2169-3536","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}