{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,20]],"date-time":"2026-05-20T16:38:09Z","timestamp":1779295089018,"version":"3.51.4"},"reference-count":41,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2020,2,1]],"date-time":"2020-02-01T00:00:00Z","timestamp":1580515200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2020,2,1]],"date-time":"2020-02-01T00:00:00Z","timestamp":1580515200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Information Sciences"],"published-print":{"date-parts":[[2020,2]]},"DOI":"10.1016\/j.ins.2019.09.024","type":"journal-article","created":{"date-parts":[[2019,9,20]],"date-time":"2019-09-20T01:57:30Z","timestamp":1568944650000},"page":"284-296","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":202,"special_numbering":"C","title":["BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors"],"prefix":"10.1016","volume":"511","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5974-1589","authenticated-orcid":false,"given":"Wei","family":"Wang","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yaoyao","family":"Shang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yongzhong","family":"He","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yidong","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3874-9853","authenticated-orcid":false,"given":"Jiqiang","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.ins.2019.09.024_bib0001","series-title":"Advances in Knowledge Discovery and Data Mining, 14th Pacific-Asia Conference, PAKDD 2010, Hyderabad, India, June 21\u201324, 2010. Proceedings. Part II","first-page":"410","article-title":"OddBall: spotting anomalies in weighted graphs","author":"Akoglu","year":"2010"},{"issue":"3","key":"10.1016\/j.ins.2019.09.024_bib0002","doi-asserted-by":"crossref","first-page":"626","DOI":"10.1007\/s10618-014-0365-y","article-title":"Graph based anomaly detection and description: a survey","volume":"29","author":"Akoglu","year":"2015","journal-title":"Data Min. Knowl. Discov."},{"key":"10.1016\/j.ins.2019.09.024_bib0003","series-title":"2017 International Conference on Electronics, Communications and Computers, CONIELECOMP 2017, Cholula, Mexico, February 22\u201324, 2017","first-page":"1","article-title":"Feature selection to detect botnets using machine learning algorithms","author":"Alejandre","year":"2017"},{"issue":"10","key":"10.1016\/j.ins.2019.09.024_bib0004","doi-asserted-by":"crossref","first-page":"P10008","DOI":"10.1088\/1742-5468\/2008\/10\/P10008","article-title":"Fast unfolding of communities in large networks","volume":"2008","author":"Blondel","year":"2008","journal-title":"J. Stat. Mech"},{"key":"10.1016\/j.ins.2019.09.024_bib0005","series-title":"Seventh International Conference on Computer and Information Technology (CIT 2007), October 16\u201319, 2007, University of Aizu, Fukushima, Japan","first-page":"715","article-title":"Botnet detection by monitoring group activities in DNS traffic","author":"Choi","year":"2007"},{"key":"10.1016\/j.ins.2019.09.024_bib0006","doi-asserted-by":"crossref","first-page":"14","DOI":"10.1186\/s40537-017-0074-7","article-title":"Botnet detection using graph-based feature clustering","volume":"4","author":"Chowdhury","year":"2017","journal-title":"J. Big Data"},{"key":"10.1016\/j.ins.2019.09.024_bib0007","series-title":"International Conference on Research in Networking","first-page":"1","article-title":"Bottrack: tracking botnets using netflow and pagerank","author":"Fran\u00e7ois","year":"2011"},{"key":"10.1016\/j.ins.2019.09.024_bib0008","series-title":"Proceedings of the 17th USENIX Security Symposium, July 28-August 1, 2008, San Jose, CA, USA","first-page":"139","article-title":"BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection","author":"Gu","year":"2008"},{"key":"10.1016\/j.ins.2019.09.024_bib0009","series-title":"Web Information Systems Engineering - WISE 2012 - 13th International Conference, Paphos, Cyprus, November 28\u201330, 2012. Proceedings","first-page":"624","article-title":"Analyzing the effectiveness of graph metrics for anomaly detection in online social networks","author":"Hassanzadeh","year":"2012"},{"issue":"8","key":"10.1016\/j.ins.2019.09.024_bib0010","doi-asserted-by":"crossref","first-page":"1909","DOI":"10.1016\/j.comnet.2011.01.020","article-title":"Graption: a graph-based P2P traffic classification framework for the internet backbone","volume":"55","author":"Iliofotou","year":"2011","journal-title":"Comput. Netw."},{"key":"10.1016\/j.ins.2019.09.024_bib0011","series-title":"Cryptology and Network Security - 12th International Conference, CANS 2013, Paraty, Brazil, November 20\u201322. 2013. Proceedings","first-page":"162","article-title":"BotSuer: suing stealthy P2P bots in network traffic through netflow analysis","author":"Kheir","year":"2013"},{"key":"10.1016\/j.ins.2019.09.024_bib0012","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1016\/j.compeleceng.2016.01.012","article-title":"Botnet detection via mining of traffic flow characteristics","volume":"50","author":"Kirubavathi","year":"2016","journal-title":"Comput. Electr. Eng."},{"key":"10.1016\/j.ins.2019.09.024_bib0013","series-title":"1st Cyber Security in Networking Conference, CSNet 2017, Rio de Janeiro, Brazil, October 18\u201320, 2017","first-page":"1","article-title":"Botgm: unsupervised graph mining to detect botnets in traffic flows","author":"Lagraa","year":"2017"},{"issue":"7","key":"10.1016\/j.ins.2019.09.024_bib0014","doi-asserted-by":"crossref","first-page":"2204","DOI":"10.1109\/TITS.2017.2777990","article-title":"CreditCoin: a privacy-preserving blockchain-based incentive announcement network for communications of smart vehicles","volume":"19","author":"Li","year":"2018","journal-title":"IEEE Trans. Intell. Transp. Syst."},{"key":"10.1016\/j.ins.2019.09.024_bib0015","series-title":"2010 International Conference on Internet Technology and Applications","first-page":"1","article-title":"Peer to peer botnet detection using data mining scheme","author":"Liao","year":"2010"},{"key":"10.1016\/j.ins.2019.09.024_bib0016","article-title":"Privacy risk analysis and mitigation of analytics libraries in the android ecosystem","author":"Liu","year":"2019","journal-title":"IEEE Trans. Mob. Comput."},{"key":"10.1016\/j.ins.2019.09.024_bib0017","series-title":"Proceedings. 2006 31st IEEE Conference on Local Computer Networks","first-page":"967","article-title":"Usilng machine learning technliques to identify botnet traffic","author":"Livadas","year":"2006"},{"key":"10.1016\/j.ins.2019.09.024_bib0018","series-title":"19th USENIX Security Symposium, Washington, DC, USA, August 11\u201313, 2010, Proceedings","first-page":"95","article-title":"BotGrep: finding P2P bots with structured graph analysis","author":"Nagaraja","year":"2010"},{"issue":"3","key":"10.1016\/j.ins.2019.09.024_bib0019","first-page":"547","article-title":"Survey of peer-to-peer botnets and detection frameworks","volume":"20","author":"Rawat","year":"2018","journal-title":"I. J. Netw. Secur."},{"key":"10.1016\/j.ins.2019.09.024_bib0020","series-title":"Ninth Annual Conference on Privacy, Security and Trust, PST 2011, 19\u201321 July, 2011, Montreal, Qu\u00e9bec, Canada","first-page":"174","article-title":"Detecting P2P botnets through network behavior analysis and machine learning","author":"Saad","year":"2011"},{"key":"10.1016\/j.ins.2019.09.024_bib0021","series-title":"IEEE Conference on Communications and Network Security, CNS 2014, San Francisco, CA, USA, October 29\u201331, 2014","first-page":"247","article-title":"Towards effective feature selection in machine learning-based botnet detection approaches","author":"Samani","year":"2014"},{"key":"10.1016\/j.ins.2019.09.024_bib0022","series-title":"Cloud Computing and Security. Lecture Notes in Computer Science, vol 11064. Springer, Cham.","first-page":"612","article-title":"Botnet detection with hybrid analysis on flow based and graph based features of network traffic","author":"Shang","year":"2018"},{"key":"10.1016\/j.ins.2019.09.024_bib0023","doi-asserted-by":"crossref","first-page":"488","DOI":"10.1016\/j.ins.2014.03.066","article-title":"Big data analytics framework for peer-to-peer botnet detection using random forests","volume":"278","author":"Singh","year":"2014","journal-title":"Inf. Sci."},{"key":"10.1016\/j.ins.2019.09.024_bib0024","series-title":"Conference on emerging Networking Experiments and Technologies, CoNEXT \u201912, Nice, France - December 10, \u2013 13, 2012","first-page":"349","article-title":"Botfinder: finding bots in network traffic without deep packet inspection","author":"Tegeler","year":"2012"},{"key":"10.1016\/j.ins.2019.09.024_bib0025","series-title":"52nd Annual Allerton Conference on Communication, Control, and Computing, Allerton 2014, Allerton Park & Retreat Center, Monticello, IL, September 30, \u2013 October 3, 2014","first-page":"393","article-title":"Botnet detection using social graph analysis","author":"Wang","year":"2014"},{"key":"10.1016\/j.ins.2019.09.024_bib0026","series-title":"2009 International Conference on Networks Security, Wireless Communications and Trusted Computing","first-page":"408","article-title":"A novel approach to detect IRC-based botnets","volume":"vol. 1","author":"Wang","year":"2009"},{"issue":"1","key":"10.1016\/j.ins.2019.09.024_bib0027","doi-asserted-by":"crossref","first-page":"58","DOI":"10.1016\/j.comcom.2007.10.010","article-title":"Processing of massive audit data streams for real-time anomaly intrusion detection","volume":"31","author":"Wang","year":"2008","journal-title":"Comput. Commun."},{"issue":"7","key":"10.1016\/j.ins.2019.09.024_bib0028","doi-asserted-by":"crossref","first-page":"539","DOI":"10.1016\/j.cose.2006.05.005","article-title":"Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data","volume":"25","author":"Wang","year":"2006","journal-title":"Comput. Secur."},{"key":"10.1016\/j.ins.2019.09.024_bib0029","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/j.knosys.2014.06.018","article-title":"Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks","volume":"70","author":"Wang","year":"2014","journal-title":"Knowl.-Based Syst."},{"issue":"6","key":"10.1016\/j.ins.2019.09.024_bib0030","doi-asserted-by":"crossref","first-page":"374","DOI":"10.1049\/iet-ifs.2014.0353","article-title":"Constructing important features from massive network traffic for lightweight intrusion detection","volume":"9","author":"Wang","year":"2015","journal-title":"IET Inf. Secur."},{"key":"10.1016\/j.ins.2019.09.024_bib0031","doi-asserted-by":"crossref","first-page":"987","DOI":"10.1016\/j.future.2017.01.019","article-title":"Detecting android malicious apps and categorizing benign apps with ensemble of classifiers","volume":"78","author":"Wang","year":"2018","journal-title":"Future Gener. Comp. Syst."},{"key":"10.1016\/j.ins.2019.09.024_bib0032","doi-asserted-by":"crossref","first-page":"417","DOI":"10.1016\/j.ins.2016.10.023","article-title":"Abstracting massive data for lightweight intrusion detection in computer networks","volume":"433\u2013434","author":"Wang","year":"2018","journal-title":"Inf. Sci."},{"issue":"11","key":"10.1016\/j.ins.2019.09.024_bib0033","doi-asserted-by":"crossref","first-page":"1869","DOI":"10.1109\/TIFS.2014.2353996","article-title":"Exploring permission-induced risk in android applications for malicious application detection","volume":"9","author":"Wang","year":"2014","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"issue":"5","key":"10.1016\/j.ins.2019.09.024_bib0034","first-page":"pp.1050","article-title":"BotCapturer: detecting botnets based on two-layered analysis with graph anomaly detection and network traffic clustering","volume":"14","author":"Wang","year":"2018","journal-title":"Int. J. Performabil.Eng."},{"issue":"12","key":"10.1016\/j.ins.2019.09.024_bib0035","doi-asserted-by":"crossref","first-page":"1974","DOI":"10.1016\/j.jss.2009.06.040","article-title":"Constructing attribute weights from computer audit data for effective intrusion detection","volume":"82","author":"Wang","year":"2009","journal-title":"J. Syst. Softw."},{"key":"10.1016\/j.ins.2019.09.024_bib0036","doi-asserted-by":"crossref","first-page":"67602","DOI":"10.1109\/ACCESS.2019.2918139","article-title":"Constructing features for detecting android malicious applications: issues, taxonomy and directions","volume":"7","author":"Wang","year":"2019","journal-title":"IEEE Access"},{"issue":"8","key":"10.1016\/j.ins.2019.09.024_bib0037","doi-asserted-by":"crossref","first-page":"3035","DOI":"10.1007\/s12652-018-0803-6","article-title":"Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network","volume":"10","author":"Wang","year":"2019","journal-title":"J. Ambient Intell. Hum. Comput."},{"key":"10.1016\/j.ins.2019.09.024_bib0038","doi-asserted-by":"crossref","DOI":"10.1016\/j.future.2017.04.041","article-title":"Characterizing Android apps behavior for effective detection of malapps at large scale","volume":"75","author":"Wang","year":"2017","journal-title":"Future Gener. Comput. Syst."},{"key":"10.1016\/j.ins.2019.09.024_bib0039","series-title":"Proceedings of the 13th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Jose, California, USA, August 12\u201315, 2007","first-page":"824","article-title":"SCAN: a structural clustering algorithm for networks","author":"Xu","year":"2007"},{"key":"10.1016\/j.ins.2019.09.024_bib0040","series-title":"2010 Third International Joint Conference on Computational Science and Optimization","first-page":"456","article-title":"Data-adaptive clustering analysis for online botnet detection","volume":"vol. 1","author":"Yu","year":"2010"},{"key":"10.1016\/j.ins.2019.09.024_bib0041","doi-asserted-by":"crossref","first-page":"2","DOI":"10.1016\/j.cose.2013.04.007","article-title":"Botnet detection based on traffic behavior analysis and flow intervals","volume":"39","author":"Zhao","year":"2013","journal-title":"Comput. Secur."}],"container-title":["Information Sciences"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0020025519308758?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0020025519308758?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2025,9,17]],"date-time":"2025-09-17T04:55:35Z","timestamp":1758084935000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0020025519308758"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,2]]},"references-count":41,"alternative-id":["S0020025519308758"],"URL":"https:\/\/doi.org\/10.1016\/j.ins.2019.09.024","relation":{},"ISSN":["0020-0255"],"issn-type":[{"value":"0020-0255","type":"print"}],"subject":[],"published":{"date-parts":[[2020,2]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"BotMark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors","name":"articletitle","label":"Article Title"},{"value":"Information Sciences","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.ins.2019.09.024","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2019 Elsevier Inc. All rights reserved.","name":"copyright","label":"Copyright"}]}}