{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T20:39:48Z","timestamp":1769114388090,"version":"3.49.0"},"reference-count":90,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2017,5,12]],"date-time":"2017-05-12T00:00:00Z","timestamp":1494547200000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"funder":[{"DOI":"10.13039\/100011661","name":"Pacific Northwest National Laboratory","doi-asserted-by":"crossref","award":["DE-AC05-76RL01830"],"award-info":[{"award-number":["DE-AC05-76RL01830"]}],"id":[{"id":"10.13039\/100011661","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Big Data"],"published-print":{"date-parts":[[2017,12]]},"DOI":"10.1186\/s40537-017-0074-7","type":"journal-article","created":{"date-parts":[[2017,5,12]],"date-time":"2017-05-12T01:43:51Z","timestamp":1494553431000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":133,"title":["Botnet detection using graph-based feature clustering"],"prefix":"10.1186","volume":"4","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5250-2641","authenticated-orcid":false,"given":"Sudipta","family":"Chowdhury","sequence":"first","affiliation":[]},{"given":"Mojtaba","family":"Khanzadeh","sequence":"additional","affiliation":[]},{"given":"Ravi","family":"Akula","sequence":"additional","affiliation":[]},{"given":"Fangyan","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Song","family":"Zhang","sequence":"additional","affiliation":[]},{"given":"Hugh","family":"Medal","sequence":"additional","affiliation":[]},{"given":"Mohammad","family":"Marufuzzaman","sequence":"additional","affiliation":[]},{"given":"Linkan","family":"Bian","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,5,12]]},"reference":[{"key":"74_CR1","unstructured":"Welivesecurity. Botnet malware: what it is and how to fight it; 2014. http:\/\/www.welivesecurity.com\/2014\/10\/22\/botnet-malware-fight\/ . Accessed 21 Dec 15."},{"key":"74_CR2","unstructured":"Barford P, Yegneswaran V. An inside look at botnets. Special workshop on malware detection: advances in information security; 2006."},{"key":"74_CR3","unstructured":"F-scure. Articles: botnets; 2016. https:\/\/www.f-secure.com\/en\/web\/labs_global\/botnets . Accessed 21 Feb 16."},{"key":"74_CR4","doi-asserted-by":"crossref","unstructured":"Zeidanloo HR, Shooshtari MJZ, Amoli PV, Safari M, Zamani M. A taxonomy of botnet detection techniques. In: 2010 3rd IEEE international conference on computer science and information technology (ICCSIT), vol 2. New York: IEEE;. 2010. p. 158\u201362.","DOI":"10.1109\/ICCSIT.2010.5563555"},{"key":"74_CR5","unstructured":"Ianelli N, Hackworth A. Botnets as a vehicle for online crime; 2005. https:\/\/resources.sei.cmu.edu\/asset_files\/WhitePaper\/2005_019_001_51249.pdf . Accessed 24 Apr 2016."},{"key":"74_CR6","unstructured":"Bacher P, Holz T, Kotter M, Wicherski G. Know your enemy: tracking botnets; 2008. https:\/\/www.honeynet.org\/papers\/bots\/ . Accessed 24 Apr 2016."},{"key":"74_CR7","doi-asserted-by":"crossref","unstructured":"Kaspersky. What is botnet attack? 2016. https:\/\/usa.kaspersky.com\/internet-security-center\/threats\/botnet-attacks#.V1du3TUrIdV . Accessed 21 Feb 16.","DOI":"10.1016\/S1353-4858(16)30109-X"},{"key":"74_CR8","first-page":"107","volume":"1","author":"SR Sonawane","year":"2016","unstructured":"Sonawane SR. A review on botnet and botnet detection methods. Int J Comput Sci Innov. 2016;1:107\u201316.","journal-title":"Int J Comput Sci Innov"},{"issue":"4","key":"74_CR9","doi-asserted-by":"crossref","first-page":"1234","DOI":"10.1109\/TNET.2009.2039492","volume":"18","author":"ZM Fadlullah","year":"2010","unstructured":"Fadlullah ZM, Taleb T, Vasilakos AV, Guizani M, Kato N. DTRAB: combating against attacks on encrypted protocols through traffic-feature analysis. IEEE\/ACM Trans Netw (TON). 2010;18(4):1234\u201347.","journal-title":"IEEE\/ACM Trans Netw (TON)"},{"issue":"1","key":"74_CR10","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/TIFS.2012.2223675","volume":"8","author":"J Zhang","year":"2013","unstructured":"Zhang J, Chen C, Xiang Y, Zhou W, Xiang Y. Internet traffic classification by aggregating correlated naive bayes predictions. IEEE Trans Inf Forens Secur. 2013;8(1):5\u201315.","journal-title":"IEEE Trans Inf Forens Secur"},{"issue":"1","key":"74_CR11","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1109\/TPDS.2012.98","volume":"24","author":"J Zhang","year":"2013","unstructured":"Zhang J, Xiang Y, Wang Y, Zhou W, Xiang Y, Guan Y. Network traffic classification using correlation information. IEEE Trans Parallel Distrib Syst. 2013;24(1):104\u201317.","journal-title":"IEEE Trans Parallel Distrib Syst"},{"issue":"2","key":"74_CR12","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1109\/TNSM.2013.022713.120250","volume":"10","author":"J Zhang","year":"2013","unstructured":"Zhang J, Chen C, Xiang Y, Zhou W, Vasilakos AV. An effective network traffic classification method with unknown flow detection. IEEE Trans Netw Serv Manag. 2013;10(2):133\u201347.","journal-title":"IEEE Trans Netw Serv Manag"},{"key":"74_CR13","unstructured":"Yan Z, Zhang P, Vasilakos AV. A security and trust framework for virtualized networks and software-defined networking. Security and communication networks; 2015. https:\/\/www.researchgate.net\/profile\/Zheng_Yan4\/publication\/274322323_A_Security_and_Trust_Framework_for_Virtualized_Networks_and_Software-Defined_Networking\/links\/551ec3a40cf29dcabb08303a.pdf . Accessed 9 Dec 2016."},{"issue":"5","key":"74_CR14","doi-asserted-by":"crossref","first-page":"764","DOI":"10.1007\/s11036-016-0676-x","volume":"21","author":"Z Shu","year":"2016","unstructured":"Shu Z, Wan J, Li D, Lin J, Vasilakos AV, Imran M. Security in software-defined networking: threats and countermeasures. Mob Netw Appl. 2016;21(5):764\u201376.","journal-title":"Mob Netw Appl"},{"key":"74_CR15","doi-asserted-by":"crossref","unstructured":"Zhang J, Perdisci R, Lee W, Sarfraz U, Luo X. Detecting stealthy P2P botnets using statistical traffic fingerprints. In: 2011 IEEE\/IFIP 41st international conference on dependable systems & networks (DSN). New York: IEEE; 2011. p. 121\u201332.","DOI":"10.1109\/DSN.2011.5958212"},{"issue":"1","key":"74_CR16","doi-asserted-by":"crossref","first-page":"20","DOI":"10.1016\/j.comnet.2011.07.018","volume":"56","author":"H Choi","year":"2012","unstructured":"Choi H, Lee H. Identifying botnets by capturing group activities in DNS traffic. Comput Netw. 2012;56(1):20\u201333.","journal-title":"Comput Netw"},{"key":"74_CR17","doi-asserted-by":"crossref","unstructured":"Livadas C, Walsh R, Lapsley D, Strayer WT. Usilng machine learning technliques to identify botnet traffic. In: 2006 31st IEEE conference on local computer networks, Proceedings. New York: IEEE; 2006. p. 967\u201374.","DOI":"10.1109\/LCN.2006.322210"},{"key":"74_CR18","doi-asserted-by":"crossref","unstructured":"Strayer WT, Lapsely D, Walsh R, Livadas C. Botnet detection based on network behavior. In: Botnet Detection. Berlin: Springer; 2008. p. 1\u201324.","DOI":"10.1007\/978-0-387-68768-1_1"},{"key":"74_CR19","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1016\/j.cose.2013.04.007","volume":"39","author":"D Zhao","year":"2013","unstructured":"Zhao D, Traore I, Sayed B, Lu W, Saad S, Ghorbani A, Garant D. Botnet detection based on traffic behavior analysis and flow intervals. Comput Secur. 2013;39:2\u201316.","journal-title":"Comput Secur"},{"key":"74_CR20","doi-asserted-by":"crossref","unstructured":"Strayer WT, Walsh R, Livadas C, Lapsley D. Detecting botnets with tight command and control. In: 2006 31st IEEE conference on local computer networks, Proceedings. New York: IEEE; 2006. p. 195\u2013202.","DOI":"10.1109\/LCN.2006.322100"},{"key":"74_CR21","doi-asserted-by":"crossref","unstructured":"Zeidanloo HR, Manaf AB, Vahdani P, Tabatabaei F, Zamani M. Botnet detection based on traffic monitoring. In: 2010 international conference on networking and information technology (ICNIT). New York: IEEE; 2010. p. 97\u2013101.","DOI":"10.1109\/ICNIT.2010.5508552"},{"key":"74_CR22","unstructured":"Argus (audit record generation and utilization system); 2016. http:\/\/www.qosient.com\/argus . Accessed 21 Feb 2016."},{"key":"74_CR23","unstructured":"Karasaridis A, Rexroad B, Hoeflin DA. Wide-scale botnet detection and characterization. HotBots. 2007;7:7."},{"key":"74_CR24","unstructured":"Gu G, Perdisci R, Zhang J, Lee W. BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: USENIX security symposium, vol. 5, no.2. Berkeley, CA, USA: USENIX Association; 2008. p. 139\u201354."},{"key":"74_CR25","doi-asserted-by":"crossref","unstructured":"Arshad S, Abbaspour M, Kharrazi M, Sanatkar H. An anomaly-based botnet detection approach for identifying stealthy botnets. In: 2011 IEEE international conference on computer applications and industrial electronics (ICCAIE). New York: IEEE; 2011. p. 564\u20139.","DOI":"10.1109\/ICCAIE.2011.6162198"},{"issue":"2","key":"74_CR26","first-page":"139","volume":"3","author":"P Amini","year":"2014","unstructured":"Amini P, Azmi R, Araghizadeh M. Botnet detection using NetFlow and clustering. Adv Comput Sci Int J. 2014;3(2):139\u201349.","journal-title":"Adv Comput Sci Int J"},{"issue":"3","key":"74_CR27","doi-asserted-by":"crossref","first-page":"502","DOI":"10.1016\/j.comcom.2010.04.007","volume":"34","author":"W Lu","year":"2011","unstructured":"Lu W, Rammidi G, Ghorbani AA. Clustering botnet communication traffic based on n-gram feature selection. Comput Commun. 2011;34(3):502\u201314.","journal-title":"Comput Commun"},{"key":"74_CR28","unstructured":"Goebel J, Holz T. Rishi: identify bot contaminated hosts by IRC nickname evaluation. In: USENIX workshop on hot topics in understanding botnets (HotBots\u201907); 2007."},{"key":"74_CR29","first-page":"7","volume":"6","author":"JR Binkley","year":"2006","unstructured":"Binkley JR, Singh S. An algorithm for anomaly-based botnet detection. SRUTI. 2006;6:7\u20137.","journal-title":"SRUTI"},{"key":"74_CR30","unstructured":"Gu G, Zhang J, Lee W. BotSniffer: detecting botnet command and control channels in network traffic; 2008."},{"key":"74_CR31","doi-asserted-by":"crossref","unstructured":"Al-Duwairi B, Al-Ebbini L. BotDigger: a fuzzy inference system for botnet detection. In: 2010 fifth international conference on internet monitoring and protection (ICIMP). New York: IEEE; 2010. p. 16\u201321.","DOI":"10.1109\/ICIMP.2010.11"},{"key":"74_CR32","doi-asserted-by":"crossref","unstructured":"AsSadhan B, Moura JM, Lapsley D, Jones C, Strayer WT. Detecting botnets using command and control traffic. In: 2009 NCA 2009. eighth IEEE international symposium on network computing and applications. New York: IEEE; 2009. p. 156\u201362.","DOI":"10.1109\/NCA.2009.56"},{"issue":"4","key":"74_CR33","doi-asserted-by":"crossref","first-page":"247","DOI":"10.1007\/s11416-015-0250-2","volume":"11","author":"B Venkatesh","year":"2015","unstructured":"Venkatesh B, Choudhury SH, Nagaraja S, Balakrishnan N. BotSpot: fast graph based identification of structured P2P bots. J Comput Virol Hacking Tech. 2015;11(4):247\u201361.","journal-title":"J Comput Virol Hacking Tech"},{"key":"74_CR34","doi-asserted-by":"crossref","unstructured":"Ding Q, Katenka N, Barford P, Kolaczyk E, Crovella M. Intrusion as (anti) social communication: characterization and detection. In: Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining. New York: ACM; 2012. p. 886\u201394.","DOI":"10.1145\/2339530.2339670"},{"key":"74_CR35","doi-asserted-by":"crossref","unstructured":"Henderson K, Gallagher B, Eliassi-Rad T, Tong H, Basu S, Akoglu L, Li L. Rolx: structural role extraction and mining in large graphs. In: Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining. New York: ACM; 2012. p. 1231\u20139.","DOI":"10.1145\/2339530.2339723"},{"key":"74_CR36","doi-asserted-by":"crossref","unstructured":"Henderson K, Gallagher B, Li L, Akoglu L, Eliassi-Rad T, Tong H, Faloutsos C. It\u2019s who you know: graph mining using recursive structural features. In: Proceedings of the 17th ACM SIGKDD international conference on Knowledge discovery and data mining. New York: ACM; 2011. p. 663\u201371.","DOI":"10.1145\/2020408.2020512"},{"key":"74_CR37","doi-asserted-by":"crossref","unstructured":"Kang U, McGlohon M, Akoglu L, Faloutsos C. Patterns on the connected components of terabyte-scale graphs. In: 2010 IEEE 10th international conference ondata mining (ICDM). New York: IEEE; 2010. p. 875\u201380.","DOI":"10.1109\/ICDM.2010.121"},{"issue":"2","key":"74_CR38","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1145\/2481244.2481252","volume":"14","author":"CC Aggarwal","year":"2013","unstructured":"Aggarwal CC. Outlier ensembles: position paper. ACM SIGKDD Explor Newsl. 2013;14(2):49\u201358.","journal-title":"ACM SIGKDD Explor Newsl"},{"issue":"1","key":"74_CR39","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1145\/2594473.2594476","volume":"15","author":"A Zimek","year":"2014","unstructured":"Zimek A, Campello RJ, Sander J. Ensembles for unsupervised outlier detection: challenges and research questions a position paper. ACM SIGKDD Explor Newsl. 2014;15(1):11\u201322.","journal-title":"ACM SIGKDD Explor Newsl"},{"key":"74_CR40","doi-asserted-by":"crossref","unstructured":"Chen HH, Giles CL. ASCOS: an asymmetric network structure context similarity measure. In: 2013 IEEE\/ACM international conference on advances in social networks analysis and mining (ASONAM). New York: IEEE; 2013. p. 442\u201349.","DOI":"10.1145\/2492517.2492539"},{"key":"74_CR41","doi-asserted-by":"crossref","unstructured":"Sun H, Huang J, Han J, Deng H, Zhao P, Feng B. Gskeletonclu: density-based network clustering via structure-connected tree division or agglomeration. In: 2010 IEEE 10th international conference on data mining (ICDM). New York: IEEE; 2010. p. 481\u201390.","DOI":"10.1109\/ICDM.2010.69"},{"key":"74_CR42","doi-asserted-by":"crossref","unstructured":"Tong H, Lin CY. Non-negative residual matrix factorization with application to graph anomaly detection. In: Proceedings of the 2011 SIAM international conference on data mining. Society for industrial and applied mathematics. 2011. p. 143\u201353.","DOI":"10.1137\/1.9781611972818.13"},{"issue":"10","key":"74_CR43","doi-asserted-by":"crossref","first-page":"1870","DOI":"10.1587\/transinf.E94.D.1870","volume":"94","author":"M Ambai","year":"2011","unstructured":"Ambai M, Utama NP, Yoshida Y. Dimensionality reduction for histogram features based on supervised non-negative matrix factorization. IEICE Trans Inf Syst. 2011;94(10):1870\u20139.","journal-title":"IEICE Trans Inf Syst"},{"key":"74_CR44","unstructured":"Nikulin V, Huang TH. Unsupervised dimensionality reduction via gradient-based matrix factorization with two adaptive learning rates. In: ICML unsupervised and transfer learning. 2012. p. 181\u201394."},{"key":"74_CR45","doi-asserted-by":"crossref","unstructured":"Davis M, Liu W, Miller P, Redpath G. Detecting anomalies in graphs with numeric labels. In: Proceedings of the 20th ACM international conference on Information and knowledge management. New York: ACM; 2011. p. 1197\u2013202.","DOI":"10.1145\/2063576.2063749"},{"key":"74_CR46","doi-asserted-by":"crossref","unstructured":"Eberle W, Holder L. Discovering structural anomalies in graph-based data. In:seventh IEEE international conference on data mining workshops, 2007. ICDM workshops 2007. New York: IEEE; 2007. p. 393\u20138.","DOI":"10.1109\/ICDMW.2007.91"},{"key":"74_CR47","first-page":"2","volume":"1000","author":"P Kontkanen","year":"2007","unstructured":"Kontkanen P, Myllym\u00e4ki P. MDL Histogram Density Estim Rn. 2007;1000:2.","journal-title":"MDL Histogram Density Estim Rn"},{"key":"74_CR48","doi-asserted-by":"crossref","unstructured":"Gao J, Liang F, Fan W, Wang C, Sun Y, Han J. On community outliers and their efficient detection in information networks. In: Proceedings of the 16th ACM SIGKDD international conference on Knowledge discovery and data mining. New York: ACM; 2010. p. 813\u201322.","DOI":"10.1145\/1835804.1835907"},{"key":"74_CR49","doi-asserted-by":"crossref","unstructured":"Muller E, S\u00e1nchez PI, Mulle Y, Bohm K. Ranking outlier nodes in subspaces of attributed graphs. In: 2013 IEEE 29th international conference ondata engineering workshops (ICDEW). New York: IEEE; 2013. p. 216\u201322.","DOI":"10.1109\/ICDEW.2013.6547453"},{"key":"74_CR50","doi-asserted-by":"crossref","unstructured":"Perozzi B, Akoglu L, Iglesias S\u00e1nchez P, M\u00fcller E. Focused clustering and outlier detection in large attributed graphs. In: Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining. New York: ACM; 2014. p. 1346\u201355.","DOI":"10.1145\/2623330.2623682"},{"key":"74_CR51","doi-asserted-by":"crossref","unstructured":"Kang U, Papadimitriou S, Sun J, Tong H. Centralities in large networks: algorithms and observations. In: Proceedings of the 11th SIAM international conference on data mining (SDM), Mesa,AZ, 2011b. p 119\u201330.","DOI":"10.1137\/1.9781611972818.11"},{"issue":"1","key":"74_CR52","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1007\/s10044-008-0141-y","volume":"13","author":"X Gao","year":"2010","unstructured":"Gao X, Xiao B, Tao D, Li X. A survey of graph edit distance. Pattern Anal Appl. 2010;13(1):113\u201329.","journal-title":"Pattern Anal Appl"},{"key":"74_CR53","volume-title":"A graph-theoretic approach to enterprise network dynamics, Vol. 24","author":"H Bunke","year":"2007","unstructured":"Bunke H, Dickinson PJ, Kraetzl M, Wallis WD. A graph-theoretic approach to enterprise network dynamics, Vol. 24. Berlin: Springer Science & Business Media; 2007."},{"key":"74_CR54","unstructured":"Akoglu L, Faloutsos C. Event detection in time series of mobile communication graphs. In: army science conference. 2010. p. 77\u20139."},{"key":"74_CR55","doi-asserted-by":"crossref","unstructured":"Rossi RA, Gallagher B, Neville J, Henderson K. Modeling dynamic behavior in large evolving graphs. In: Proceedings of the sixth ACM international conference on web search and data mining. New York: ACM; 2013. p. 667\u201376.","DOI":"10.1145\/2433396.2433479"},{"key":"74_CR56","unstructured":"Ishibashi K, Kondoh T, Harada S, Mori T, Kawahara R, Asano S. Detecting anomalous traffic using communication graphs. In: telecommunications: the infrastructure for the 21st century (WTC), 2010. VDE; 2010. p. 1\u20136."},{"key":"74_CR57","doi-asserted-by":"crossref","unstructured":"Papalexakis EE, Faloutsos C, Sidiropoulos ND. Parcube: sparse parallelizable tensor decompositions. In: joint european conference on machine learning and knowledge discovery in databases. Berlin: Springer; 2012. p. 521\u201336.","DOI":"10.1007\/978-3-642-33460-3_39"},{"key":"74_CR58","doi-asserted-by":"crossref","unstructured":"Leskovec J, Lang KJ, Mahoney M. Empirical comparison of algorithms for network community detection. In: Proceedings of the 19th international conference on World wide web. New York: ACM; 2010. p. 631\u201340.","DOI":"10.1145\/1772690.1772755"},{"key":"74_CR59","unstructured":"Peel L, Clauset A. Detecting change points in the large-scale structure of evolving networks. arXiv:1403.0989 ."},{"key":"74_CR60","doi-asserted-by":"crossref","unstructured":"Li L, Mathur S, Coskun B. Gangs of the internet: towards automatic discovery of peer-to-peer communities. In: 2013 IEEE conference on communications and network security (CNS). New York: IEEE; 2013. p. 64\u201372.","DOI":"10.1109\/CNS.2013.6682693"},{"key":"74_CR61","unstructured":"Malware capture facility project. The CTU-13 dataset: a labeled dataset with botnet, normal and background traffic 2016. http:\/\/mcfp.weebly.com\/the-ctu-13-dataset-a-labeled-dataset-with-botnet-normal-and-background-traffic.html . Accessed 26 Jan 2016."},{"key":"74_CR62","doi-asserted-by":"crossref","unstructured":"Collins MP, Reiter MK. Hit-list worm detection and bot identification in large networks using protocol graphs. In: international workshop on recent advances in intrusion detection. Berlin: Springer; 2007. p. 276\u201395.","DOI":"10.1007\/978-3-540-74320-0_15"},{"key":"74_CR63","doi-asserted-by":"crossref","unstructured":"Wang J, Paschalidis IC. Botnet detection using social graph analysis. In: 2014 52nd annual allerton conference on communication, control, and computing (Allerton). New York: IEEE; 2014. p. 393\u2013400.","DOI":"10.1109\/ALLERTON.2014.7028482"},{"issue":"8","key":"74_CR64","doi-asserted-by":"crossref","first-page":"1909","DOI":"10.1016\/j.comnet.2011.01.020","volume":"55","author":"M Iliofotou","year":"2011","unstructured":"Iliofotou M, Kim HC, Faloutsos M, Mitzenmacher M, Pappu P, Varghese G. Graption: a graph-based P2P traffic classification framework for the internet backbone. Comput Netw. 2011;55(8):1909\u201320.","journal-title":"Comput Netw"},{"key":"74_CR65","unstructured":"Zhao Y, Xie Y, Yu F, Ke Q, Yu Y, Chen Y, Gillum E. BotGraph: large scale spamming botnet detection. In: Nsdi ,vol. 9. p. 321\u201334."},{"issue":"16","key":"74_CR66","doi-asserted-by":"crossref","first-page":"2605","DOI":"10.1002\/sec.500","volume":"8","author":"P Jaikumar","year":"2015","unstructured":"Jaikumar P, Kak AC. A graph theoretic framework for isolating botnets in a network. Secur Commun Netw. 2015;8(16):2605\u201323.","journal-title":"Secur Commun Netw"},{"key":"74_CR67","unstructured":"Nagaraja S, Mittal P, Hong CY, Caesar M, Borisov N. BotGrep: finding P2P bots with structured graph analysis. In: USENIX security symposium. 2010. p. 95\u2013110."},{"key":"74_CR68","doi-asserted-by":"crossref","unstructured":"Fran\u00e7ois J, Wang S, Engel T. BotTrack: tracking botnets using NetFlow and PageRank. In: international conference on research in networking. Berlin: Springer. 2011. p. 1\u201314.","DOI":"10.1007\/978-3-642-20757-0_1"},{"key":"74_CR69","doi-asserted-by":"crossref","unstructured":"Francois J, Wang S, Bronzi W, State R, Engel T. BotCloud: detecting botnets using mapreduce. In: 2011 IEEE international workshop on information forensics and security (WIFS). New York: IEEE; 2011. p. 1\u20136.","DOI":"10.1109\/WIFS.2011.6123125"},{"key":"74_CR70","unstructured":"Hang H, Wei X, Faloutsos M, Eliassi-Rad T. Entelecheia: detecting p2p botnets in their waiting stage. In: IFIP networking conference, 2013. New York: IEEE; 2013. p. 1\u20139."},{"issue":"1","key":"74_CR71","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1186\/s40537-015-0030-3","volume":"2","author":"CW Tsai","year":"2015","unstructured":"Tsai CW, Lai CF, Chao HC, Vasilakos AV. Big data analytics: a survey. J Big Data. 2015;2(1):21.","journal-title":"J Big Data"},{"issue":"1","key":"74_CR72","doi-asserted-by":"crossref","first-page":"33","DOI":"10.1109\/TSC.2015.2439695","volume":"9","author":"S Fong","year":"2016","unstructured":"Fong S, Wong R, Vasilakos AV. Accelerated PSO swarm search feature selection for data stream mining big data. IEEE Trans Serv Comput. 2016;9(1):33\u201345.","journal-title":"IEEE Trans Serv Comput"},{"key":"74_CR73","doi-asserted-by":"crossref","first-page":"100","DOI":"10.1016\/j.cose.2014.05.011","volume":"45","author":"S Garcia","year":"2014","unstructured":"Garcia S, Grill M, Stiborek J, Zunino A. An empirical comparison of botnet detection methods. Comput Secur. 2014;45:100\u201323.","journal-title":"Comput Secur"},{"issue":"1","key":"74_CR74","doi-asserted-by":"crossref","first-page":"43","DOI":"10.1016\/j.jcss.2016.03.007","volume":"83","author":"M Grill","year":"2017","unstructured":"Grill M, Pevn\u00fd T, Rehak M. Reducing false positives of network anomaly detection by local adaptive multivariate smoothing. J Comput Syst Sci. 2017;83(1):43\u201357.","journal-title":"J Comput Syst Sci"},{"key":"74_CR75","unstructured":"Chanthakoummane Y, Saiyod S, Benjamas, N Khamphakdee N. Evaluation Snort-IDS rules for botnets detection; 2016. http:\/\/www.it.kmitl.ac.th\/~natapon\/ncit2015\/papers\/p87-chanthakoummane.pdf . Accessed 11 Apr 2016."},{"key":"74_CR76","unstructured":"Ma\u0142owidzki M, Berezinski P, Mazur M. Network intrusion detection: half a kingdom for a good dataset. In\u00a0Proceedings of NATO STO SAS-139 Workshop, Portugal; 2015."},{"key":"74_CR77","unstructured":"Graph-tool. https:\/\/graph-tool.skewed.de\/ ."},{"key":"74_CR78","unstructured":"Technopedia.data packet. 2016. https:\/\/www.techopedia.com\/definition\/6751\/data-packet . Accessed 05 May 2016."},{"key":"74_CR79","doi-asserted-by":"crossref","unstructured":"Rafiei D. Effectively visualizing large networks through sampling. In: visualization, 2005. VIS 05. IEEE. New York: IEEE; 2005. p. 375\u201382.","DOI":"10.1109\/VISUAL.2005.1532819"},{"issue":"2","key":"74_CR80","doi-asserted-by":"crossref","first-page":"163","DOI":"10.1080\/0022250X.2001.9990249","volume":"25","author":"U Brandes","year":"2001","unstructured":"Brandes U. A faster algorithm for betweenness centrality. J Math Sociol. 2001;25(2):163\u201377.","journal-title":"J Math Sociol"},{"key":"74_CR81","unstructured":"Rocchini C. Hue scale representing node betweenness on a graph; 2007. https:\/\/commons.wikimedia.org\/w\/index.php?curid=1988980 . Accessed 05 Apr 2015."},{"issue":"6684","key":"74_CR82","doi-asserted-by":"crossref","first-page":"440","DOI":"10.1038\/30918","volume":"393","author":"DJ Watts","year":"1998","unstructured":"Watts DJ, Strogatz SH. Collective dynamics of \u2018small-world\u2019networks. Nature. 1998;393(6684):440\u20132.","journal-title":"Nature"},{"issue":"1","key":"74_CR83","doi-asserted-by":"crossref","first-page":"135","DOI":"10.1137\/S0036144503424786","volume":"47","author":"AN Langville","year":"2005","unstructured":"Langville AN, Meyer CD. A survey of eigenvector methods for web information retrieval. SIAM rev. 2005;47(1):135\u201361.","journal-title":"SIAM rev"},{"issue":"4","key":"74_CR84","doi-asserted-by":"crossref","first-page":"677","DOI":"10.1007\/BF02621888","volume":"222","author":"Y Kifer","year":"1996","unstructured":"Kifer Y. Perron-Frobenius theorem, large deviations, and random perturbations in random environments. Math Z. 1996;222(4):677\u201398.","journal-title":"Math Z"},{"key":"74_CR85","volume-title":"The new palgrave dictionary of economics","author":"MEJ Newman","year":"2008","unstructured":"Newman MEJ. The mathematics of networks. In: Durlauf SN, Blume LE, editors. The new palgrave dictionary of economics. 2nd ed. Basingstoke: Imprint Palgrave Macmillan; 2008.","edition":"2"},{"key":"74_CR86","unstructured":"Bullinaria JA. Self-organizing maps: fundamentals; 2004. http:\/\/www.cs.bham.ac.uk\/~jxb\/NN\/l16.pdf . Accessed 13 Jun 2016."},{"key":"74_CR87","unstructured":"Guthikonda SM, Kohonen. Self-organizing maps.\u00a02005. http:\/\/www.shy.am\/wp-content\/uploads\/2009\/01\/kohonen-self-organizing-maps-shyam-guthikonda.pdf . Accessed 20 Jan 1016."},{"issue":"3","key":"74_CR88","first-page":"273","volume":"20","author":"C Cortes","year":"1995","unstructured":"Cortes C, Vapnik V. Support-vector networks. Mach Learn. 1995;20(3):273\u201397.","journal-title":"Mach Learn"},{"issue":"2","key":"74_CR89","doi-asserted-by":"crossref","first-page":"241","DOI":"10.3745\/JIPS.2012.8.2.241","volume":"8","author":"R Malhotra","year":"2012","unstructured":"Malhotra R, Jain A. Fault prediction using statistical and machine learning methods for improving software quality. J Inf Process Syst. 2012;8(2):241\u201362.","journal-title":"J Inf Process Syst"},{"issue":"1","key":"74_CR90","first-page":"1","volume":"12","author":"KS Durgesh","year":"2010","unstructured":"Durgesh KS, Lekha B. Data classification using support vector machine. J Theor Appl Inf Technol. 2010;12(1):1\u20137.","journal-title":"J Theor Appl Inf Technol"}],"container-title":["Journal of Big Data"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-017-0074-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1186\/s40537-017-0074-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1186\/s40537-017-0074-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:18:55Z","timestamp":1750252735000},"score":1,"resource":{"primary":{"URL":"http:\/\/journalofbigdata.springeropen.com\/articles\/10.1186\/s40537-017-0074-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5,12]]},"references-count":90,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2017,12]]}},"alternative-id":["74"],"URL":"https:\/\/doi.org\/10.1186\/s40537-017-0074-7","relation":{},"ISSN":["2196-1115"],"issn-type":[{"value":"2196-1115","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,5,12]]},"article-number":"14"}}