{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T05:15:51Z","timestamp":1769318151435,"version":"3.49.0"},"reference-count":12,"publisher":"Wiley","license":[{"start":{"date-parts":[[2020,1,22]],"date-time":"2020-01-22T00:00:00Z","timestamp":1579651200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Journal of Computer Networks and Communications"],"published-print":{"date-parts":[[2020,1,22]]},"abstract":"<jats:p>Botnet is one of the most dangerous cyber-security issues. The botnet infects unprotected machines and keeps track of the communication with the command and control server to send and receive malicious commands. The attacker uses botnet to initiate dangerous attacks such as DDoS, fishing, data stealing, and spamming. The size of the botnet is usually very large, and millions of infected hosts may belong to it. In this paper, we addressed the problem of botnet detection based on network\u2019s flows records and activities in the host. Thus, we propose a general technique capable of detecting new botnets in early phase. Our technique is implemented in both sides: host side and network side. The botnet communication traffic we are interested in includes HTTP, P2P, IRC, and DNS using IP fluxing. HANABot algorithm is proposed to preprocess and extract features to distinguish the botnet behavior from the legitimate behavior. We evaluate our solution using a collection of real datasets (malicious and legitimate). Our experiment shows a high level of accuracy and a low false positive rate. Furthermore, a comparison between some existing approaches was given, focusing on specific features and performance. The proposed technique outperforms some of the presented approaches in terms of accurately detecting botnet flow records within Netflow traces.<\/jats:p>","DOI":"10.1155\/2020\/9024726","type":"journal-article","created":{"date-parts":[[2020,1,22]],"date-time":"2020-01-22T18:33:03Z","timestamp":1579717983000},"page":"1-16","source":"Crossref","is-referenced-by-count":39,"title":["Hybrid Botnet Detection Based on Host and Network Analysis"],"prefix":"10.1155","volume":"2020","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-0275-3685","authenticated-orcid":true,"given":"Suzan","family":"Almutairi","sequence":"first","affiliation":[{"name":"Technical and Vocational Corporation, Riyadh, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1904-9803","authenticated-orcid":true,"given":"Saoucene","family":"Mahfoudh","sequence":"additional","affiliation":[{"name":"Engineering, Computing and Informatics, Dar Al\u2010Hekma University, Jeddah, Saudi Arabia"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8784-9984","authenticated-orcid":true,"given":"Sultan","family":"Almutairi","sequence":"additional","affiliation":[{"name":"Technology Control Company, Riyadh, Saudi Arabia"}]},{"given":"Jalal S.","family":"Alowibdi","sequence":"additional","affiliation":[{"name":"Faculty of Computing and Information Technology, University of Jeddah, Jeddah, Saudi Arabia"}]}],"member":"311","reference":[{"key":"5","doi-asserted-by":"publisher","DOI":"10.1016\/j.compeleceng.2016.01.012"},{"key":"8","doi-asserted-by":"publisher","DOI":"10.15394\/jdfsl.2015.1195"},{"key":"10","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.07.018"},{"key":"13","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.007"},{"key":"15","doi-asserted-by":"publisher","DOI":"10.1007\/s00521-016-2564-5"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1109\/access.2015.2458581"},{"issue":"1","key":"19","first-page":"75","volume":"118","year":"2014","journal-title":"European Journal Scientific Research"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-17040-4_21"},{"key":"25","year":"2010"},{"key":"28","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4419-5906-5_845"},{"key":"30","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2012.10.003"},{"key":"31","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.07.021"}],"container-title":["Journal of Computer Networks and Communications"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/downloads.hindawi.com\/journals\/jcnc\/2020\/9024726.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/jcnc\/2020\/9024726.xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/downloads.hindawi.com\/journals\/jcnc\/2020\/9024726.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,1,22]],"date-time":"2020-01-22T18:33:05Z","timestamp":1579717985000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.hindawi.com\/journals\/jcnc\/2020\/9024726\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,1,22]]},"references-count":12,"alternative-id":["9024726","9024726"],"URL":"https:\/\/doi.org\/10.1155\/2020\/9024726","relation":{},"ISSN":["2090-7141","2090-715X"],"issn-type":[{"value":"2090-7141","type":"print"},{"value":"2090-715X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2020,1,22]]}}}