{"id":"https://openalex.org/W3162308571","doi":"https://doi.org/10.1109/tifs.2021.3080082","title":"An Exploit Kits Detection Approach Based on HTTP Message Graph","display_name":"An Exploit Kits Detection Approach Based on HTTP Message Graph","publication_year":2021,"publication_date":"2021-01-01","ids":{"openalex":"https://openalex.org/W3162308571","doi":"https://doi.org/10.1109/tifs.2021.3080082","mag":"3162308571"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2021.3080082","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3080082","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5102767013","display_name":"Yan Qin","orcid":"https://orcid.org/0000-0002-9166-1482"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Yan Qin","raw_affiliation_strings":["School of Computer Science and Engineering, Central South University, Changsha, China"],"raw_orcid":"https://orcid.org/0000-0002-9166-1482","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Central South University, Changsha, China","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100442307","display_name":"Weiping Wang","orcid":"https://orcid.org/0000-0001-5255-5639"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Weiping Wang","raw_affiliation_strings":["School of Computer Science and Engineering, Central South University, Changsha, China"],"raw_orcid":"https://orcid.org/0000-0001-5255-5639","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Central South University, Changsha, China","institution_ids":["https://openalex.org/I139660479"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5005250767","display_name":"Shigeng Zhang","orcid":"https://orcid.org/0000-0001-5351-7239"},"institutions":[{"id":"https://openalex.org/I139660479","display_name":"Central South University","ror":"https://ror.org/00f1zfq44","country_code":"CN","type":"education","lineage":["https://openalex.org/I139660479"]},{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Shigeng Zhang","raw_affiliation_strings":["School of Computer Science and Engineering, Central South University, Changsha, China","State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0001-5351-7239","affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Central South University, Changsha, China","institution_ids":["https://openalex.org/I139660479"]},{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5100437976","display_name":"Kai Chen","orcid":"https://orcid.org/0000-0002-5624-2987"},"institutions":[{"id":"https://openalex.org/I19820366","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35","country_code":"CN","type":"government","lineage":["https://openalex.org/I19820366"]},{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kai Chen","raw_affiliation_strings":["State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-5624-2987","affiliations":[{"raw_affiliation_string":"State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China","institution_ids":["https://openalex.org/I4210156404","https://openalex.org/I19820366"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5102767013"],"corresponding_institution_ids":["https://openalex.org/I139660479"],"apc_list":null,"apc_paid":null,"fwci":2.5627,"has_fulltext":false,"cited_by_count":13,"citation_normalized_percentile":{"value":0.90992496,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":"16","issue":null,"first_page":"3387","last_page":"3400"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11644","display_name":"Spam and Phishing Detection","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998000264167786,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9990000128746033,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.9093050956726074},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7716984748840332},{"id":"https://openalex.org/keywords/graph","display_name":"Graph","score":0.576529860496521},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.5535323619842529},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.49433040618896484},{"id":"https://openalex.org/keywords/power-graph-analysis","display_name":"Power graph analysis","score":0.47199347615242004},{"id":"https://openalex.org/keywords/traffic-analysis","display_name":"Traffic analysis","score":0.4461801052093506},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.44313183426856995},{"id":"https://openalex.org/keywords/information-retrieval","display_name":"Information retrieval","score":0.32464656233787537},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.2008947730064392},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.19517996907234192},{"id":"https://openalex.org/keywords/theoretical-computer-science","display_name":"Theoretical computer science","score":0.10272291302680969}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.9093050956726074},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7716984748840332},{"id":"https://openalex.org/C132525143","wikidata":"https://www.wikidata.org/wiki/Q141488","display_name":"Graph","level":2,"score":0.576529860496521},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.5535323619842529},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.49433040618896484},{"id":"https://openalex.org/C106937863","wikidata":"https://www.wikidata.org/wiki/Q7236518","display_name":"Power graph analysis","level":3,"score":0.47199347615242004},{"id":"https://openalex.org/C2781317605","wikidata":"https://www.wikidata.org/wiki/Q7832483","display_name":"Traffic analysis","level":2,"score":0.4461801052093506},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.44313183426856995},{"id":"https://openalex.org/C23123220","wikidata":"https://www.wikidata.org/wiki/Q816826","display_name":"Information retrieval","level":1,"score":0.32464656233787537},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.2008947730064392},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.19517996907234192},{"id":"https://openalex.org/C80444323","wikidata":"https://www.wikidata.org/wiki/Q2878974","display_name":"Theoretical computer science","level":1,"score":0.10272291302680969},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2021.3080082","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2021.3080082","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1992562646","display_name":null,"funder_award_id":"U1836211","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G5868658864","display_name":null,"funder_award_id":"61672543","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8208979408","display_name":null,"funder_award_id":"61772559","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8753374989","display_name":null,"funder_award_id":"JQ18011","funder_id":"https://openalex.org/F4320322919","funder_display_name":"Natural Science Foundation of Beijing Municipality"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320321133","display_name":"Chinese Academy of Sciences","ror":"https://ror.org/034t30j35"},{"id":"https://openalex.org/F4320322919","display_name":"Natural Science Foundation of Beijing Municipality","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":56,"referenced_works":["https://openalex.org/W58852127","https://openalex.org/W1593047306","https://openalex.org/W1970867218","https://openalex.org/W1975909792","https://openalex.org/W1993370323","https://openalex.org/W2037109870","https://openalex.org/W2040424958","https://openalex.org/W2045002320","https://openalex.org/W2061221009","https://openalex.org/W2062533261","https://openalex.org/W2076472201","https://openalex.org/W2083391339","https://openalex.org/W2100644924","https://openalex.org/W2102475112","https://openalex.org/W2117202485","https://openalex.org/W2124929753","https://openalex.org/W2146729596","https://openalex.org/W2160289821","https://openalex.org/W2182421051","https://openalex.org/W2228075399","https://openalex.org/W2302325356","https://openalex.org/W2323768424","https://openalex.org/W2492259055","https://openalex.org/W2528185830","https://openalex.org/W2572772209","https://openalex.org/W2575270149","https://openalex.org/W2624744510","https://openalex.org/W2686942304","https://openalex.org/W2741807421","https://openalex.org/W2752123121","https://openalex.org/W2753863426","https://openalex.org/W2756261530","https://openalex.org/W2793337260","https://openalex.org/W2796013264","https://openalex.org/W2889386665","https://openalex.org/W2889547652","https://openalex.org/W2902314211","https://openalex.org/W2907290714","https://openalex.org/W2926136271","https://openalex.org/W2946898425","https://openalex.org/W2963197901","https://openalex.org/W2966943003","https://openalex.org/W2968390691","https://openalex.org/W2974849064","https://openalex.org/W2999697944","https://openalex.org/W3000914570","https://openalex.org/W3024103409","https://openalex.org/W3047608117","https://openalex.org/W3096264229","https://openalex.org/W3128286744","https://openalex.org/W4285719527","https://openalex.org/W6602413418","https://openalex.org/W6685992501","https://openalex.org/W6739586881","https://openalex.org/W6754323700","https://openalex.org/W6761475628"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W1590307681","https://openalex.org/W1966145327","https://openalex.org/W4242181317","https://openalex.org/W2359215675","https://openalex.org/W235289924","https://openalex.org/W91435914","https://openalex.org/W1970747620"],"abstract_inverted_index":{"The":[0,109,138],"exploit":[1],"kits":[2],"(EKs)":[3],"are":[4],"used":[5],"by":[6,69,88],"attackers":[7],"to":[8,16,21,58,105],"distribute":[9],"malware":[10],"automatically":[11],"and":[12,40,99,151],"silently.":[13],"Existing":[14],"approaches":[15,48],"EKs":[17,50,82,107,131],"detection":[18,44],"usually":[19,56],"need":[20],"perform":[22,106],"dynamic":[23],"analysis":[24],"on":[25,52,84],"the":[26,30,37,60,66,70,103,117,148,152,161,171],"content":[27],"contained":[28],"in":[29,126,146,165],"network":[31,38],"traffic,":[32],"which":[33,130,167],"requires":[34],"dumping":[35],"all":[36],"traffic":[39],"thus":[41],"causes":[42],"high":[43,136],"overhead.":[45],"Although":[46],"some":[47],"detect":[49,81],"based":[51,83],"static":[53,89],"analysis,":[54],"they":[55],"fail":[57],"restore":[59],"complete":[61],"attack":[62],"path":[63],"because":[64],"of":[65,116,173],"obstruction":[67],"set":[68],"attackers.":[71],"In":[72],"this":[73],"paper,":[74],"we":[75],"propose":[76],"an":[77],"approach":[78],"that":[79,122,141],"can":[80,132,158,168],"only":[85],"information":[86],"extracted":[87],"analysis.":[90,174],"Our":[91,156],"method":[92,143,157],"builds":[93],"a":[94],"graph":[95,104,111],"for":[96],"web":[97],"sessions":[98],"extracts":[100],"features":[101],"from":[102],"detection.":[108],"built":[110],"catches":[112],"important":[113],"structural":[114],"characteristics":[115],"interaction":[118],"during":[119],"EK":[120],"attacks":[121],"were":[123],"not":[124],"revealed":[125],"existing":[127],"methods,":[128],"with":[129,135],"be":[133],"detected":[134],"accuracy.":[137],"experiments":[139],"show":[140],"our":[142],"works":[144],"well":[145],"both":[147],"ground-truth":[149],"datasets":[150],"latest":[153],"practical":[154],"cases.":[155],"also":[159],"identify":[160],"malicious":[162],"websites":[163],"concealed":[164],"EKs,":[166],"further":[169],"improve":[170],"efficiency":[172]},"counts_by_year":[{"year":2026,"cited_by_count":2},{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":3},{"year":2023,"cited_by_count":1},{"year":2022,"cited_by_count":3},{"year":2021,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}