{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,6]],"date-time":"2026-04-06T14:52:41Z","timestamp":1775487161688,"version":"3.50.1"},"reference-count":43,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,10,29]],"date-time":"2020-10-29T00:00:00Z","timestamp":1603929600000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Security and Communication Networks"],"published-print":{"date-parts":[[2020,10,29]]},"abstract":"<jats:p>Despite the efforts of information security experts, cybercrimes are still emerging at an alarming rate. Among the tools used by cybercriminals, malicious domains are indispensable and harm from the Internet has become a global problem. Malicious domains play an important role from SPAM and Cross-Site Scripting (XSS) threats to Botnet and Advanced Persistent Threat (APT) attacks at large scales. To ensure there is not a single point of failure or to prevent their detection and blocking, malware authors have employed domain generation algorithms (DGAs) and domain-flux techniques to generate a large number of domain names for malicious servers. As a result, malicious servers are difficult to detect and remove. Furthermore, the clues of cybercrime are stored in network traffic logs, but analyzing long-term big network traffic data is a challenge. To adapt the technology of cybercrimes and automatically detect unknown malicious threats, we previously proposed a system called MD-Miner. To improve its efficiency and accuracy, we propose the MD-MinerP here, which generates more features with identification capabilities in the feature extraction stage. Moreover, MD-MinerP adapts interaction profiling bipartite graphs instead of annotated bipartite graphs. The experimental results show that MD-MinerP has better area under curve (AUC) results and found new malicious domains that could not be recognized by other threat intelligence systems. The MD-MinerP exhibits both scalability and applicability, which has been experimentally validated on actual enterprise network traffic.<\/jats:p>","DOI":"10.1155\/2020\/8841544","type":"journal-article","created":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T01:35:06Z","timestamp":1604021706000},"page":"1-20","source":"Crossref","is-referenced-by-count":5,"title":["MD-MinerP: Interaction Profiling Bipartite Graph Mining for Malware-Control Domain Detection"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8212-5151","authenticated-orcid":true,"given":"Tzung-Han","family":"Jeng","sequence":"first","affiliation":[{"name":"Chunghwa Telecommunication Laboratories, Taoyuan, Taiwan"},{"name":"National Central University, Taoyuan, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2981-6700","authenticated-orcid":true,"given":"Yi-Ming","family":"Chen","sequence":"additional","affiliation":[{"name":"National Central University, Taoyuan, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0019-1164","authenticated-orcid":true,"given":"Chien-Chih","family":"Chen","sequence":"additional","affiliation":[{"name":"Chunghwa Telecommunication Laboratories, Taoyuan, Taiwan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1429-3679","authenticated-orcid":true,"given":"Chuan-Chiang","family":"Huang","sequence":"additional","affiliation":[{"name":"Chunghwa Telecommunication Laboratories, Taoyuan, Taiwan"}]}],"member":"311","reference":[{"key":"1","article-title":"Impeding malware analysis using conditional code obfuscation","author":"M. Sharif"},{"key":"2","first-page":"91","article-title":"CloudAV: N-version antivirus in the network cloud","author":"J. Oberheide"},{"key":"3","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.07.007"},{"key":"4","article-title":"Detecting botnet command and control channels in network traffic","author":"G. Gu"},{"key":"5","first-page":"139","article-title":"BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection","author":"G. Gu"},{"key":"6","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04444-1_15"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593240"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.1109\/WIFS.2011.6123125"},{"key":"9","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2006.322100"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533062"},{"key":"11","first-page":"145","volume-title":"Business Data Networks and Security","author":"R. R. Panko","year":"2015"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1109\/BigDataService.2017.16"},{"key":"13","article-title":"Cloud computing for malicious encrypted traffic analysis and collaboration","author":"T.-H. Jeng"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.35"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1145\/3163058.3163061"},{"key":"16","article-title":"MAUL: machine agent user learning","author":"R. Holley","year":"2010"},{"key":"17","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35890-6_14"},{"key":"18","first-page":"291","article-title":"Studying spamming botnets using botlab","author":"J. P. John"},{"key":"19","first-page":"323","article-title":"Interaction profiling bipartite graph mining for malicious network activity detection","author":"T. H. Jeng"},{"key":"20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-35416-8_16"},{"key":"21"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(11)70086-1"},{"key":"23","article-title":"Revealed: operation shady RAT","author":"D. Alperovitch","year":"2011"},{"key":"24","doi-asserted-by":"publisher","DOI":"10.1109\/bigdatacongress.2015.86"},{"key":"25","first-page":"293","article-title":"Scalable command and control detection in log data through UF-ICF analysis","author":"K. F. Hong"},{"key":"26","first-page":"391","article-title":"Behavioral clustering of http-based malware and signature generation using malicious network traces","author":"R. Perdisci"},{"key":"27","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1109\/TNSM.2014.2377295"},{"key":"29","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2014.6890946"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom.2015.444"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1145\/1314389.1314391"},{"key":"32","doi-asserted-by":"publisher","DOI":"10.1145\/1159913.1159947"},{"key":"33","first-page":"101","article-title":"Detecting spammers with SNARE: spatio-temporal network-level automatic reputation engine","author":"S. Hao"},{"key":"34","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298319"},{"key":"35","first-page":"18","article-title":"Building a dynamic reputation system for DNS","author":"M. Antonakakis"},{"key":"36","article-title":"Exposure: finding malicious domains using passive dns analysis","author":"L. Bilge"},{"key":"37","doi-asserted-by":"publisher","DOI":"10.1109\/EBISS.2009.5138008"},{"key":"38","article-title":"Malicious url detection using machine learning: a survey","author":"D. Sahoo","year":"2017"},{"key":"39","first-page":"92","article-title":"SVMs for the blogosphere: blog identification and splog detection","author":"P. Kolari"},{"key":"40","first-page":"39","article-title":"The zombie roundup: understanding, detecting, and disrupting botnets","author":"E. Cooke"},{"key":"41","article-title":"On the computational complexity of mapreduce","author":"B. Fish"},{"key":"42","article-title":"A cloud service integration platform for malicious traffic analysis and collaboration","author":"T.-H. Jeng"},{"key":"43","doi-asserted-by":"crossref","first-page":"316","DOI":"10.1007\/978-0-387-84858-7","volume-title":"The Elements of Statistical Learning: Data Mining, Inference, and Prediction","author":"T. Hastie","year":"2009"}],"container-title":["Security and Communication Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/8841544.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/8841544.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/scn\/2020\/8841544.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,10,30]],"date-time":"2020-10-30T01:35:09Z","timestamp":1604021709000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/scn\/2020\/8841544\/"}},"subtitle":[],"editor":[{"given":"Hammad","family":"Afzal","sequence":"additional","affiliation":[]}],"short-title":[],"issued":{"date-parts":[[2020,10,29]]},"references-count":43,"alternative-id":["8841544","8841544"],"URL":"https:\/\/doi.org\/10.1155\/2020\/8841544","relation":{},"ISSN":["1939-0122","1939-0114"],"issn-type":[{"value":"1939-0122","type":"electronic"},{"value":"1939-0114","type":"print"}],"subject":[],"published":{"date-parts":[[2020,10,29]]}}}