{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,8]],"date-time":"2026-02-08T11:07:09Z","timestamp":1770548829166,"version":"3.49.0"},"reference-count":15,"publisher":"Wiley","license":[{"start":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T00:00:00Z","timestamp":1572998400000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key Research and Development Project","award":["2016QY04W0800"],"award-info":[{"award-number":["2016QY04W0800"]}]},{"name":"National Key Research and Development Project","award":["JG2019055"],"award-info":[{"award-number":["JG2019055"]}]},{"name":"National Key Research and Development Project","award":["61902262"],"award-info":[{"award-number":["61902262"]}]},{"name":"National Key Research and Development Project","award":["61572115"],"award-info":[{"award-number":["61572115"]}]},{"name":"National Defense Innovation Special Zone Program of Science and Technology","award":["2016QY04W0800"],"award-info":[{"award-number":["2016QY04W0800"]}]},{"name":"National Defense Innovation Special Zone Program of Science and Technology","award":["JG2019055"],"award-info":[{"award-number":["JG2019055"]}]},{"name":"National Defense Innovation Special Zone Program of Science and Technology","award":["61902262"],"award-info":[{"award-number":["61902262"]}]},{"name":"National Defense Innovation Special Zone Program of Science and Technology","award":["61572115"],"award-info":[{"award-number":["61572115"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2016QY04W0800"],"award-info":[{"award-number":["2016QY04W0800"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["JG2019055"],"award-info":[{"award-number":["JG2019055"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61902262"],"award-info":[{"award-number":["61902262"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61572115"],"award-info":[{"award-number":["61572115"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["2016QY04W0800"],"award-info":[{"award-number":["2016QY04W0800"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["JG2019055"],"award-info":[{"award-number":["JG2019055"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61902262"],"award-info":[{"award-number":["61902262"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61572115"],"award-info":[{"award-number":["61572115"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2019,11,6]]},"abstract":"<jats:p>In recent years, the number of malware and infected hosts has increased exponentially, which causes great losses to governments, enterprises, and individuals. However, traditional technologies are difficult to timely detect malware that has been deformed, confused, or modified since they usually detect hosts before being infected by malware. Host detection during malware infection can make up for their deficiency. Moreover, the infected host usually sends a connection request to the command and control (C&amp;C) server using the HTTP protocol, which generates malicious external traffic. Thus, if the host is found to have malicious external traffic, the host may be a host infected by malware. Based on the background, this paper uses HTTP traffic combined with eXtreme Gradient Boosting (XGBoost) algorithm to detect infected hosts in order to improve detection efficiency and accuracy. The proposed approach uses a template automatic generation algorithm to generate feature templates for HTTP headers and uses XGBoost algorithm to distinguish between malicious traffic and normal traffic. We conduct a performance analysis to demonstrate that our approach is efficient using dataset, which includes malware traffic from MALWARE-TRAFFIC-ANALYSIS.NET and normal traffic from UNSW-NB 15. Experimental results show that the detection speed is about 1859 HTTP traffic per second, and the detection accuracy reaches 98.72%, and the false positive rate is less than 1%.<\/jats:p>","DOI":"10.1155\/2019\/2182615","type":"journal-article","created":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T18:30:35Z","timestamp":1573065035000},"page":"1-11","source":"Crossref","is-referenced-by-count":5,"title":["Using XGBoost to Discover Infected Hosts Based on HTTP Traffic"],"prefix":"10.1155","volume":"2019","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-3235-3463","authenticated-orcid":true,"given":"Weina","family":"Niu","sequence":"first","affiliation":[{"name":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, China"}]},{"given":"Ting","family":"Li","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9886-1412","authenticated-orcid":true,"given":"Xiaosong","family":"Zhang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, China"},{"name":"Cyberspace Security Research Center, Peng Cheng Laboratory, Shenzhen, Guangdong 518040, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8624-0210","authenticated-orcid":true,"given":"Teng","family":"Hu","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, China"},{"name":"Institute of Computer Application, China Academy of Engineering Physics, Mianyang, Sichuan 621900, China"}]},{"given":"Tianyu","family":"Jiang","sequence":"additional","affiliation":[{"name":"School of Computer Science and Engineering, Institute for Cyber Security, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, China"}]},{"given":"Heng","family":"Wu","sequence":"additional","affiliation":[{"name":"Glasgow College, University of Electronic Science and Technology of China, Chengdu, Sichuan 611731, China"}]}],"member":"311","reference":[{"key":"1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.007"},{"key":"2","doi-asserted-by":"publisher","DOI":"10.1109\/tdsc.2016.2536605"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1155\/2017\/4184196"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1109\/access.2015.2458581"},{"key":"5","doi-asserted-by":"publisher","DOI":"10.1186\/s13673-018-0125-x"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1145\/3308897.3308961"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/jiot.2018.2871719"},{"issue":"1","key":"19","first-page":"1929","volume":"15","year":"2014","journal-title":"The Journal of Machine Learning Research"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1002\/nem.1900"},{"key":"26","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2017.10.012"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1016\/j.patcog.2016.03.008"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1007\/s40012-016-0095-y"},{"key":"31","first-page":"2825","volume":"12","year":"2011","journal-title":"Journal of Machine Learning Research"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1016\/s1361-3723(19)30010-7"},{"key":"33","doi-asserted-by":"publisher","DOI":"10.3991\/ijet.v13i04.8466"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/2182615.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/2182615.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2019\/2182615.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,6]],"date-time":"2019-11-06T18:30:39Z","timestamp":1573065039000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2019\/2182615\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,11,6]]},"references-count":15,"alternative-id":["2182615","2182615"],"URL":"https:\/\/doi.org\/10.1155\/2019\/2182615","relation":{},"ISSN":["1939-0114","1939-0122"],"issn-type":[{"value":"1939-0114","type":"print"},{"value":"1939-0122","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,11,6]]}}}