{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:56:15Z","timestamp":1762005375639,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,10,6]],"date-time":"2021-10-06T00:00:00Z","timestamp":1633478400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["No.61902396"],"award-info":[{"award-number":["No.61902396"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Strategic Priority Research Program of Chinese Academy of Sciences","award":["No. XDC02040100"],"award-info":[{"award-number":["No. XDC02040100"]}]},{"name":"Key Laboratory of Network Assessment Technology at Chinese Academy of Sciences"},{"name":"Youth Innovation Promotion Association CAS","award":["No.2019163"],"award-info":[{"award-number":["No.2019163"]}]},{"name":"Beijing Key Laboratory of Network security and Protection Technology"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2021,10,6]]},"DOI":"10.1145\/3471621.3471841","type":"proceedings-article","created":{"date-parts":[[2021,10,7]],"date-time":"2021-10-07T14:50:46Z","timestamp":1633618246000},"page":"193-204","source":"Crossref","is-referenced-by-count":12,"title":["Crafting Adversarial Example to Bypass Flow-&amp;ML- based Botnet Detector via RL"],"prefix":"10.1145","author":[{"given":"Junnan","family":"Wang","sequence":"first","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China"}]},{"given":"Liu","family":"Qixu","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, Chinese Academy of Sciences, China"}]},{"given":"Wu","family":"Di","sequence":"additional","affiliation":[{"name":"Huawei Technologies, China"}]},{"given":"Ying","family":"Dong","sequence":"additional","affiliation":[{"name":"Beijing Venus Information Security Technology Incorporated Company, China"}]},{"given":"Xiang","family":"Cui","sequence":"additional","affiliation":[{"name":"Guangzhou University, China"}]}],"member":"320","published-online":{"date-parts":[[2021,10,7]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"[ 1 ] 2008. https:\/\/en.wikipedia.org\/wiki\/Conficker [1] 2008. https:\/\/en.wikipedia.org\/wiki\/Conficker"},{"key":"e_1_3_2_1_2_1","unstructured":"[ 2 ] 2008. https:\/\/en.wikipedia.org\/wiki\/Gh0st_RAT [2] 2008. https:\/\/en.wikipedia.org\/wiki\/Gh0st_RAT"},{"key":"e_1_3_2_1_3_1","unstructured":"2011. SplitCap. https:\/\/www.netresec.com\/?page=SplitCap. 2011. SplitCap. https:\/\/www.netresec.com\/?page=SplitCap."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00020"},{"key":"e_1_3_2_1_5_1","volume-title":"Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis , Tim April , Michael Bailey , Matt Bernhard , Elie Bursztein , Jaime Cochran , Zakir Durumeric , J.\u00a0 Alex Halderman , Luca Invernizzi , Michalis Kallitsis , Deepak Kumar , Chaz Lever , Zane Ma , Joshua Mason , Damian Menscher , Chad Seaman , Nick Sullivan , Kurt Thomas , and Yi Zhou . 2017 . Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17) . USENIX Association, Vancouver, BC, 1093\u20131110. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J.\u00a0Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1093\u20131110. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2018.8548327"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"Shumeet Baluja and Ian Fischer. 2018. Learning to Attack: Adversarial Transformation Networks.. In AAAI Vol.\u00a01. 3. Shumeet Baluja and Ian Fischer. 2018. Learning to Attack: Adversarial Transformation Networks.. In AAAI Vol.\u00a01. 3.","DOI":"10.1609\/aaai.v32i1.11672"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"crossref","unstructured":"Yoshua Bengio Pascal Lamblin Dan Popovici and Hugo Larochelle. 2007. Greedy layer-wise training of deep networks. In Advances in neural information processing systems. 153\u2013160. Yoshua Bengio Pascal Lamblin Dan Popovici and Hugo Larochelle. 2007. Greedy layer-wise training of deep networks. In Advances in neural information processing systems. 153\u2013160.","DOI":"10.7551\/mitpress\/7503.003.0024"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40994-3_25"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"e_1_3_2_1_11_1","unstructured":"Wieland Brendel Jonas Rauber and Matthias Bethge. 2017. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248(2017). Wieland Brendel Jonas Rauber and Matthias Bethge. 2017. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models. arXiv preprint arXiv:1712.04248(2017)."},{"key":"e_1_3_2_1_12_1","unstructured":"Greg Brockman Vicki Cheung Ludwig Pettersson Jonas Schneider John Schulman Jie Tang and Wojciech Zaremba. 2016. Openai gym. arXiv preprint arXiv:1606.01540(2016). Greg Brockman Vicki Cheung Ludwig Pettersson Jonas Schneider John Schulman Jie Tang and Wojciech Zaremba. 2016. Openai gym. arXiv preprint arXiv:1606.01540(2016)."},{"volume-title":"Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp)","author":"Carlini Nicholas","key":"e_1_3_2_1_13_1","unstructured":"Nicholas Carlini and David Wagner . 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp) . IEEE , 39\u201357. Nicholas Carlini and David Wagner. 2017. Towards evaluating the robustness of neural networks. In 2017 ieee symposium on security and privacy (sp). IEEE, 39\u201357."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3133978"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.3390\/info9070149"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20757-0_1"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Sebastian Garcia Martin Grill Jan Stiborek and Alejandro Zunino. 2014. An empirical comparison of botnet detection methods. computers & security 45(2014) 100\u2013123. Sebastian Garcia Martin Grill Jan Stiborek and Alejandro Zunino. 2014. An empirical comparison of botnet detection methods. computers & security 45(2014) 100\u2013123.","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_3_2_1_18_1","unstructured":"Ian\u00a0J Goodfellow Jonathon Shlens and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572(2014). Ian\u00a0J Goodfellow Jonathon Shlens and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572(2014)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-66399-9_4"},{"key":"e_1_3_2_1_20_1","volume-title":"Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection.","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Roberto Perdisci , Junjie Zhang , and Wenke Lee . 2008 . Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. (2008). Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. 2008. Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. (2008)."},{"key":"e_1_3_2_1_21_1","unstructured":"Weiwei Hu and Ying Tan. 2017. Generating adversarial malware examples for black-box attacks based on gan. arXiv preprint arXiv:1702.05983(2017). Weiwei Hu and Ying Tan. 2017. Generating adversarial malware examples for black-box attacks based on gan. arXiv preprint arXiv:1702.05983(2017)."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.23919\/EUSIPCO.2018.8553214"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-75651-4_7"},{"key":"e_1_3_2_1_24_1","unstructured":"Alexey Kurakin Ian Goodfellow and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236(2016). Alexey Kurakin Ian Goodfellow and Samy Bengio. 2016. Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236(2016)."},{"key":"e_1_3_2_1_25_1","volume-title":"IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection. arxiv:1809.02077\u00a0[cs.CR]","author":"Lin Zilong","year":"2019","unstructured":"Zilong Lin , Yong Shi , and Zhi Xue . 2019 . IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection. arxiv:1809.02077\u00a0[cs.CR] Zilong Lin, Yong Shi, and Zhi Xue. 2019. IDSGAN: Generative Adversarial Networks for Attack Generation against Intrusion Detection. arxiv:1809.02077\u00a0[cs.CR]"},{"key":"e_1_3_2_1_26_1","volume-title":"Human-level control through deep reinforcement learning. Nature 518, 7540","author":"Mnih Volodymyr","year":"2015","unstructured":"Volodymyr Mnih , Koray Kavukcuoglu , David Silver , Andrei\u00a0 A Rusu , Joel Veness , Marc\u00a0 G Bellemare , Alex Graves , Martin Riedmiller , Andreas\u00a0 K Fidjeland , Georg Ostrovski , 2015. Human-level control through deep reinforcement learning. Nature 518, 7540 ( 2015 ), 529\u2013533. Volodymyr Mnih, Koray Kavukcuoglu, David Silver, Andrei\u00a0A Rusu, Joel Veness, Marc\u00a0G Bellemare, Alex Graves, Martin Riedmiller, Andreas\u00a0K Fidjeland, Georg Ostrovski, 2015. Human-level control through deep reinforcement learning. Nature 518, 7540 (2015), 529\u2013533."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.282"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411508.3421379"},{"key":"e_1_3_2_1_30_1","volume-title":"Covert Botnet Command and Control Using Twitter(ACSAC","author":"Pantic Nick","year":"2015","unstructured":"Nick Pantic and Mohammad\u00a0 I. Husain . 2015. Covert Botnet Command and Control Using Twitter(ACSAC 2015 ). Association for Computing Machinery , New York, NY, USA , 10\u00a0pages. https:\/\/doi.org\/10.1145\/2818000.2818047 Nick Pantic and Mohammad\u00a0I. Husain. 2015. Covert Botnet Command and Control Using Twitter(ACSAC 2015). Association for Computing Machinery, New York, NY, USA, 10\u00a0pages. https:\/\/doi.org\/10.1145\/2818000.2818047"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3052973.3053009"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.36"},{"key":"e_1_3_2_1_33_1","unstructured":"Matthias Plappert. 2016. keras-rl. https:\/\/github.com\/keras-rl\/keras-rl. Matthias Plappert. 2016. keras-rl. https:\/\/github.com\/keras-rl\/keras-rl."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/MCOM.2019.1800819"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/SPW.2018.00019"},{"key":"e_1_3_2_1_36_1","volume-title":"Flow-based Network Traffic Generation using Generative Adversarial Networks. Computers & Security 82 (12","author":"Ring Markus","year":"2018","unstructured":"Markus Ring , Daniel Schl\u00f6r , Dieter Landes , and Andreas Hotho . 2018. Flow-based Network Traffic Generation using Generative Adversarial Networks. Computers & Security 82 (12 2018 ). https:\/\/doi.org\/10.1016\/j.cose.2018.12.012 Markus Ring, Daniel Schl\u00f6r, Dieter Landes, and Andreas Hotho. 2018. Flow-based Network Traffic Generation using Generative Adversarial Networks. Computers & Security 82 (12 2018). https:\/\/doi.org\/10.1016\/j.cose.2018.12.012"},{"volume-title":"Detecting P2P botnets through network behavior analysis and machine learning. In 2011 Ninth annual international conference on privacy, security and trust","author":"Saad Sherif","key":"e_1_3_2_1_37_1","unstructured":"Sherif Saad , Issa Traore , Ali Ghorbani , Bassam Sayed , David Zhao , Wei Lu , John Felix , and Payman Hakimian . 2011. Detecting P2P botnets through network behavior analysis and machine learning. In 2011 Ninth annual international conference on privacy, security and trust . IEEE , 174\u2013180. Sherif Saad, Issa Traore, Ali Ghorbani, Bassam Sayed, David Zhao, Wei Lu, John Felix, and Payman Hakimian. 2011. Detecting P2P botnets through network behavior analysis and machine learning. In 2011 Ninth annual international conference on privacy, security and trust. IEEE, 174\u2013180."},{"key":"e_1_3_2_1_38_1","unstructured":"Elizabeth Stinson and John\u00a0C Mitchell. 2008. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods.WOOT 8(2008) 1\u20139. Elizabeth Stinson and John\u00a0C Mitchell. 2008. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods.WOOT 8(2008) 1\u20139."},{"volume-title":"Reinforcement learning: An introduction","author":"Sutton S","key":"e_1_3_2_1_39_1","unstructured":"Richard\u00a0 S Sutton and Andrew\u00a0 G Barto . 2018. Reinforcement learning: An introduction . MIT press . Richard\u00a0S Sutton and Andrew\u00a0G Barto. 2018. Reinforcement learning: An introduction. MIT press."},{"key":"e_1_3_2_1_40_1","unstructured":"Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199(2013). Christian Szegedy Wojciech Zaremba Ilya Sutskever Joan Bruna Dumitru Erhan Ian Goodfellow and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199(2013)."},{"volume-title":"An analysis of recurrent neural networks for botnet detection behavior. In 2016 IEEE biennial congress of Argentina (ARGENCON)","author":"Torres Pablo","key":"e_1_3_2_1_41_1","unstructured":"Pablo Torres , Carlos Catania , Sebastian Garcia , and Carlos\u00a0Garcia Garino . 2016. An analysis of recurrent neural networks for botnet detection behavior. In 2016 IEEE biennial congress of Argentina (ARGENCON) . IEEE , 1\u20136. Pablo Torres, Carlos Catania, Sebastian Garcia, and Carlos\u00a0Garcia Garino. 2016. An analysis of recurrent neural networks for botnet detection behavior. In 2016 IEEE biennial congress of Argentina (ARGENCON). IEEE, 1\u20136."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICOIN.2017.7899588"},{"key":"e_1_3_2_1_43_1","first-page":"18","article-title":"BotCatcher:Botnet detection system based on deep learning","volume":"39","author":"Wu Di","year":"2018","unstructured":"Di Wu , Binxing Fang , Xiang Cui , and Qixu Liu . 2018 . BotCatcher:Botnet detection system based on deep learning . Infocomm-journal 39 , 8 (2018), 18 \u2013 28 . Di Wu, Binxing Fang, Xiang Cui, and Qixu Liu. 2018. BotCatcher:Botnet detection system based on deep learning. Infocomm-journal 39, 8 (2018), 18\u201328.","journal-title":"Infocomm-journal"},{"key":"e_1_3_2_1_44_1","volume-title":"2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). 420\u2013429","author":"Luo Xiapu","year":"2008","unstructured":"Xiapu Luo , E.\u00a0W.\u00a0 W. Chan , and R.\u00a0K.\u00a0 C. Chang . 2008 . TCP covert timing channels: Design and detection . In 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). 420\u2013429 . https:\/\/doi.org\/10.1109\/DSN.2008.4630112 Xiapu Luo, E.\u00a0W.\u00a0W. Chan, and R.\u00a0K.\u00a0C. Chang. 2008. TCP covert timing channels: Design and detection. In 2008 IEEE International Conference on Dependable Systems and Networks With FTCS and DCC (DSN). 420\u2013429. https:\/\/doi.org\/10.1109\/DSN.2008.4630112"}],"event":{"name":"RAID '21: 24th International Symposium on Research in Attacks, Intrusions and Defenses","acronym":"RAID '21","location":"San Sebastian Spain"},"container-title":["24th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471841","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3471621.3471841","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:48Z","timestamp":1750195488000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3471621.3471841"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,10,6]]},"references-count":44,"alternative-id":["10.1145\/3471621.3471841","10.1145\/3471621"],"URL":"https:\/\/doi.org\/10.1145\/3471621.3471841","relation":{},"subject":[],"published":{"date-parts":[[2021,10,6]]}}}