{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,11,19]],"date-time":"2024-11-19T19:02:52Z","timestamp":1732042972758},"reference-count":86,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2023,8,30]],"date-time":"2023-08-30T00:00:00Z","timestamp":1693353600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2023,8,30]],"date-time":"2023-08-30T00:00:00Z","timestamp":1693353600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Int. J. Inf. Secur."],"published-print":{"date-parts":[[2024,2]]},"DOI":"10.1007\/s10207-023-00742-7","type":"journal-article","created":{"date-parts":[[2023,8,30]],"date-time":"2023-08-30T18:02:27Z","timestamp":1693418547000},"page":"119-140","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["A review on graph-based approaches for network security monitoring and botnet detection"],"prefix":"10.1007","volume":"23","author":[{"given":"Sofiane","family":"Lagraa","sequence":"first","affiliation":[]},{"given":"Martin","family":"Hus\u00e1k","sequence":"additional","affiliation":[]},{"given":"Hamida","family":"Seba","sequence":"additional","affiliation":[]},{"given":"Satyanarayana","family":"Vuppala","sequence":"additional","affiliation":[]},{"given":"Radu","family":"State","sequence":"additional","affiliation":[]},{"given":"Moussa","family":"Ouedraogo","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2023,8,30]]},"reference":[{"issue":"3","key":"742_CR1","doi-asserted-by":"publisher","first-page":"626","DOI":"10.1007\/s10618-014-0365-y","volume":"29","author":"L Akoglu","year":"2014","unstructured":"Akoglu, L., Tong, H., Koutra, D.: Graph based anomaly detection and description: a survey. Data Min. Knowl. Disc. 29(3), 626\u2013688 (2014)","journal-title":"Data Min. Knowl. Disc."},{"key":"742_CR2","doi-asserted-by":"crossref","unstructured":"Amini, P., Araghizadeh, M.A., Azmi, R.: A survey on botnet: classification, detection and defense. In: International Electronics Symposium (IES), pp. 233\u2013238 (2015)","DOI":"10.1109\/ELECSYM.2015.7380847"},{"key":"742_CR3","unstructured":"Amrouche, F., Lagraa, S., Kaiafas, G., State, R.: Graph-based malicious login events investigation. In: IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 63\u201366 (2019)"},{"key":"742_CR4","doi-asserted-by":"crossref","unstructured":"Apache Software Foundation: Apache Spark. https:\/\/spark.apache.org\/. Accessed 1 Nov 2021","DOI":"10.1007\/978-1-4842-7383-8_1"},{"key":"742_CR5","unstructured":"Apache Software Foundation: Apache TinkerPop. https:\/\/tinkerpop.apache.org\/. Accessed 1 Nov 2021"},{"key":"742_CR6","unstructured":"Apache Software Foundation: GraphX. https:\/\/spark.apache.org\/graphx\/. Accessed 1 Nov 2021"},{"issue":"2","key":"742_CR7","doi-asserted-by":"publisher","first-page":"404","DOI":"10.1109\/TETC.2017.2764885","volume":"8","author":"G Apruzzese","year":"2020","unstructured":"Apruzzese, G., Pierazzi, F., Colajanni, M., Marchetti, M.: Detection and threat prioritization of pivoting attacks in large networks. IEEE Trans. Emerg. Top. Comput. 8(2), 404\u2013415 (2020)","journal-title":"IEEE Trans. Emerg. Top. Comput."},{"key":"742_CR8","unstructured":"ArrangoDB. https:\/\/www.arangodb.com. Accessed 1 Nov 2021"},{"key":"742_CR9","doi-asserted-by":"publisher","first-page":"1043,794:1","DOI":"10.1155\/2019\/1043794","volume":"2019","author":"J Bai","year":"2019","unstructured":"Bai, J., Shi, Q., Mu, S.: A malware and variant detection method using function call graph isomorphism. Secur. Commun. Netw. 2019, 1043,794:1-1043,794:12 (2019)","journal-title":"Secur. Commun. Netw."},{"key":"742_CR10","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.comnet.2016.02.009","volume":"100","author":"A Berger","year":"2016","unstructured":"Berger, A., D\u2019Alconzo, A., Gansterer, W.N., Pescap\u00e9, A.: Mining agile DNS traffic using graph analysis for cybercrime detection. Comput. Netw. 100, 28\u201344 (2016)","journal-title":"Comput. Netw."},{"issue":"1","key":"742_CR11","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1186\/s42400-018-0017-4","volume":"1","author":"F B\u00f6hm","year":"2018","unstructured":"B\u00f6hm, F., Menges, F., Pernul, G.: Graph-based visual analytics for cyber threat intelligence. Cybersecurity 1(1), 16 (2018)","journal-title":"Cybersecurity"},{"issue":"1","key":"742_CR12","doi-asserted-by":"publisher","first-page":"18","DOI":"10.1109\/MNET.2016.1500116NM","volume":"31","author":"E Bou-Harb","year":"2017","unstructured":"Bou-Harb, E., Debbabi, M., Assi, C.: Big data behavioral analytics meet graph theory: on effective botnet takedowns. IEEE Netw. 31(1), 18\u201326 (2017)","journal-title":"IEEE Netw."},{"key":"742_CR13","unstructured":"Bowman, B., Laprade, C., Ji, Y., Huang, H.H.: Detecting lateral movement in enterprise computer networks with unsupervised graph AI. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020), pp. 257\u2013268 (2020)"},{"issue":"1","key":"742_CR14","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1145\/3469379.3469386","volume":"55","author":"B Bowman","year":"2021","unstructured":"Bowman, B., Huang, H.H.: Towards next-generation cybersecurity with graph AI. SIGOPS Oper. Syst. Rev. 55(1), 61\u201367 (2021)","journal-title":"SIGOPS Oper. Syst. Rev."},{"issue":"4","key":"742_CR15","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1016\/0167-8655(83)90033-8","volume":"1","author":"H Bunke","year":"1983","unstructured":"Bunke, H., Allerman, G.: Inexact graph matching for structural pattern recognition. Pattern Recognit. Lett. 1(4), 245\u2013253 (1983)","journal-title":"Pattern Recognit. Lett."},{"key":"742_CR16","volume-title":"Snort 2.0 Intrusion Detection","author":"B Caswell","year":"2003","unstructured":"Caswell, B., Foster, J.C., Russell, R., Beale, J., Posluns, J.: Snort 2.0 Intrusion Detection. Syngress Publishing, Oxford (2003)"},{"key":"742_CR17","unstructured":"Cayley. https:\/\/cayley.io. Accessed 1 Nov 2021"},{"key":"742_CR18","doi-asserted-by":"crossref","unstructured":"\u010cerm\u00e1k, M., \u0160r\u00e1mkov\u00e1, D.: GRANEF: utilization of a graph database for network forensics. In: Proceedings of the 18th International Conference on Security and Cryptography, pp. 785\u2013790. SCITEPRESS (2021)","DOI":"10.5220\/0010581807850790"},{"key":"742_CR19","unstructured":"CESNET and Masaryk University: SABU. https:\/\/sabu.cesnet.cz\/en\/start. Accessed 1 Nov 2021"},{"issue":"1","key":"742_CR20","doi-asserted-by":"publisher","first-page":"14","DOI":"10.1186\/s40537-017-0074-7","volume":"4","author":"S Chowdhury","year":"2017","unstructured":"Chowdhury, S., Khanzadeh, M., Akula, R., Zhang, F., Zhang, S., Medal, H., Marufuzzaman, M., Bian, L.: Botnet detection using graph-based feature clustering. J. Big Data 4(1), 14 (2017)","journal-title":"J. Big Data"},{"key":"742_CR21","unstructured":"CISCO: global\u20142021 forecast highlights. https:\/\/www.cisco.com\/c\/dam\/m\/en_us\/solutions\/service-provider\/vni-forecast-highlights\/pdf\/Global_2021_Forecast_Highlights.pdf (2021)"},{"key":"742_CR22","unstructured":"Data Collection, C., Sharing. https:\/\/www.caida.org\/data\/. Accessed 1 Nov 2021"},{"key":"742_CR23","unstructured":"Daya, A.A., Salahuddin, M.A., Limam, N., Boutaba, R.: A graph-based machine learning approach for bot detection. In: IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 144\u2013152 (2019)"},{"issue":"1","key":"742_CR24","doi-asserted-by":"publisher","first-page":"15","DOI":"10.1109\/TNSM.2020.2972405","volume":"17","author":"AA Daya","year":"2020","unstructured":"Daya, A.A., Salahuddin, M.A., Limam, N., Boutaba, R.: BotChase: graph-based bot detection using machine learning. IEEE Trans. Netw. Serv. Manag. 17(1), 15\u201329 (2020)","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"742_CR25","unstructured":"DGraph. https:\/\/dgraph.io. Accessed 1 Nov 2021"},{"key":"742_CR26","doi-asserted-by":"publisher","first-page":"104,753","DOI":"10.1016\/j.envsoft.2020.104753","volume":"134","author":"BT Essawy","year":"2020","unstructured":"Essawy, B.T., Goodall, J.L., Voce, D., Morsy, M.M., Sadler, J.M., Choi, Y.D., Tarboton, D.G., Malik, T.: A taxonomy for reproducible and replicable research in environmental modelling. Environ. Model. Softw. 134, 104,753 (2020)","journal-title":"Environ. Model. Softw."},{"key":"742_CR27","unstructured":"Evrard, L., Fran\u00e7ois, J., Colin, J.: Attacker behavior-based metric for security monitoring applied to darknet analysis. In: IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 89\u201397 (2019)"},{"issue":"2","key":"742_CR28","doi-asserted-by":"publisher","first-page":"169","DOI":"10.1016\/0167-4048(93)90100-J","volume":"12","author":"JA Fitch III","year":"1993","unstructured":"Fitch, J.A., III., Hoffman, L.J.: A shortest path network security model. Comput. Secur. 12(2), 169\u2013189 (1993). https:\/\/doi.org\/10.1016\/0167-4048(93)90100-J","journal-title":"Comput. Secur."},{"issue":"15","key":"742_CR29","doi-asserted-by":"publisher","first-page":"2477","DOI":"10.1002\/sec.1190","volume":"8","author":"OB Fredj","year":"2015","unstructured":"Fredj, O.B.: A realistic graph-based alert correlation system. SEC Commun. Netw. 8(15), 2477\u20132493 (2015)","journal-title":"SEC Commun. Netw."},{"key":"742_CR30","doi-asserted-by":"crossref","unstructured":"Gamachchi, A., Boztas, S.: Insider threat detection through attributed graph clustering. In: IEEE Trustcom\/BigDataSE\/ICESS, pp. 112\u2013119 (2017)","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.227"},{"key":"742_CR31","doi-asserted-by":"crossref","unstructured":"Gamachchi, A., Sun, L., Boztas, S.: Graph based framework for malicious insider threat detection. In: 50th Hawaii International Conference on System Sciences, HICSS, pp. 1\u201310 (2017)","DOI":"10.24251\/HICSS.2017.319"},{"key":"742_CR32","doi-asserted-by":"publisher","first-page":"100","DOI":"10.1016\/j.cose.2014.05.011","volume":"45","author":"S Garc\u00eda","year":"2014","unstructured":"Garc\u00eda, S., Grill, M., Stiborek, J., Zunino, A.: An empirical comparison of botnet detection methods. Comput. Secur. 45, 100\u2013123 (2014)","journal-title":"Comput. Secur."},{"issue":"5","key":"742_CR33","doi-asserted-by":"publisher","first-page":"878","DOI":"10.1002\/sec.800","volume":"7","author":"S Garc\u00eda","year":"2014","unstructured":"Garc\u00eda, S., Zunino, A., Campo, M.: Survey on network-based botnet detection methods. Secur. Commun. Netw. 7(5), 878\u2013903 (2014)","journal-title":"Secur. Commun. Netw."},{"issue":"3","key":"742_CR34","doi-asserted-by":"publisher","first-page":"320","DOI":"10.1109\/TSE.1984.5010241","volume":"SE\u201310","author":"VD Gligor","year":"1984","unstructured":"Gligor, V.D.: A note on denial-of-service in operating systems. IEEE Trans. Softw. Eng. SE\u201310(3), 320\u2013324 (1984). https:\/\/doi.org\/10.1109\/TSE.1984.5010241","journal-title":"IEEE Trans. Softw. Eng."},{"key":"742_CR35","doi-asserted-by":"crossref","unstructured":"Grover, A., Leskovec, J.: node2vec: scalable feature learning for networks. In: Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, San Francisco, CA, USA, pp. 855\u2013864 (2016)","DOI":"10.1145\/2939672.2939754"},{"key":"742_CR36","doi-asserted-by":"crossref","unstructured":"Haas, S., Fischer, M.: GAC: graph-based alert correlation for the detection of distributed multi-step attacks. In: Proceedings of the 33rd Annual ACM Symposium on Applied Computing, SAC \u201918, pp. 979\u2013988. Association for Computing Machinery (2018)","DOI":"10.1145\/3167132.3167239"},{"key":"742_CR37","doi-asserted-by":"publisher","unstructured":"Haas, S., Wilkens, F., Fischer, M.: Efficient attack correlation and identification of attack scenarios based on network-motifs. In: 2019 IEEE 38th International Performance Computing and Communications Conference (IPCCC) (2019). https:\/\/doi.org\/10.1109\/IPCCC47392.2019.8958734","DOI":"10.1109\/IPCCC47392.2019.8958734"},{"issue":"1","key":"742_CR38","doi-asserted-by":"publisher","first-page":"5","DOI":"10.1145\/3325061.3325062","volume":"19","author":"S Haas","year":"2019","unstructured":"Haas, S., Fischer, M.: On the alert correlation process for the detection of multi-step attacks and a graph-based realization. SIGAPP Appl. Comput. Rev. 19(1), 5\u201319 (2019)","journal-title":"SIGAPP Appl. Comput. Rev."},{"issue":"8","key":"742_CR39","doi-asserted-by":"publisher","first-page":"1735","DOI":"10.1162\/neco.1997.9.8.1735","volume":"9","author":"S Hochreiter","year":"1997","unstructured":"Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735\u20131780 (1997)","journal-title":"Neural Comput."},{"key":"742_CR40","doi-asserted-by":"crossref","unstructured":"Hus\u00e1k, M., \u010cerm\u00e1k, M.: A graph-based representation of relations in network security alert sharing platforms. In: 2017 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM), pp. 891\u2013892 (2017)","DOI":"10.23919\/INM.2017.7987399"},{"issue":"1","key":"742_CR41","doi-asserted-by":"publisher","first-page":"640","DOI":"10.1109\/COMST.2018.2871866","volume":"21","author":"M Hus\u00e1k","year":"2019","unstructured":"Hus\u00e1k, M., Kom\u00e1rkov\u00e1, J., Bou-Harb, E., Celeda, P.: Survey of attack projection, prediction, and forecasting in cyber security. IEEE Commun. Surv. Tutor. 21(1), 640\u2013660 (2019)","journal-title":"IEEE Commun. Surv. Tutor."},{"issue":"16","key":"742_CR42","doi-asserted-by":"publisher","first-page":"2605","DOI":"10.1002\/sec.500","volume":"8","author":"P Jaikumar","year":"2015","unstructured":"Jaikumar, P., Kak, A.C.: A graph-theoretic framework for isolating botnets in a network. Secur. Commun. Netw. 8(16), 2605\u20132623 (2015)","journal-title":"Secur. Commun. Netw."},{"key":"742_CR43","unstructured":"JanusGraph. http:\/\/janusgraph.org. Accessed 1 Nov 2021"},{"key":"742_CR44","doi-asserted-by":"crossref","unstructured":"Kaiafas, G., Varisteas, G., Lagraa, S., State, R., Nguyen, C.D., Ries, T., Ourdane, M.: Detecting malicious authentication events trustfully. In: 2018 IEEE\/IFIP Network Operations and Management Symposium (NOMS) (2018)","DOI":"10.1109\/NOMS.2018.8406295"},{"key":"742_CR45","volume-title":"Encyclopedia of Algorithms","author":"MY Kao","year":"2007","unstructured":"Kao, M.Y.: Encyclopedia of Algorithms. Springer, New York (2007)"},{"key":"742_CR46","first-page":"27","volume":"29","author":"K Kaynar","year":"2016","unstructured":"Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27\u201356 (2016)","journal-title":"J. Inf. Secur. Appl."},{"key":"742_CR47","doi-asserted-by":"publisher","unstructured":"Kent, A.D.: Comprehensive, Multi-Source Cyber-Security Events. Los Alamos National Laboratory (2015). https:\/\/doi.org\/10.17021\/1179829","DOI":"10.17021\/1179829"},{"key":"742_CR48","doi-asserted-by":"publisher","first-page":"107,746","DOI":"10.1016\/j.patcog.2020.107746","volume":"112","author":"AE Kiouche","year":"2021","unstructured":"Kiouche, A.E., Lagraa, S., Amrouche, K., Seba, H.: A simple graph embedding for anomaly detection in a stream of heterogeneous labeled graphs. Pattern Recognit. 112, 107,746 (2021)","journal-title":"Pattern Recognit."},{"key":"742_CR49","doi-asserted-by":"crossref","unstructured":"Lagraa, S., Fran\u00e7ois, J., Lahmadi, A., Minier, M., Hammerschmidt, C.A., State, R.: BotGM: unsupervised graph mining to detect botnets in traffic flows. In: Cyber Security in Networking Conference, CSNet (2017)","DOI":"10.1109\/CSNET.2017.8241990"},{"key":"742_CR50","doi-asserted-by":"crossref","unstructured":"Lagraa, S., Fran\u00e7ois, J.: Knowledge discovery of port scans from darknet. In: 2017 IFIP\/IEEE Symposium on Integrated Network and Service Management (IM), pp. 935\u2013940 (2017)","DOI":"10.23919\/INM.2017.7987415"},{"key":"742_CR51","unstructured":"Lagraa, S., State, R.: What database do you choose for heterogeneous security log events analysis? In: 2021 IFIP\/IEEE International Symposium on Integrated Network Management (IM), pp. 812\u2013817. IEEE (2021)"},{"issue":"3","key":"742_CR52","doi-asserted-by":"publisher","DOI":"10.1002\/nem.2065","volume":"29","author":"S Lagraa","year":"2019","unstructured":"Lagraa, S., Chen, Y., Fran\u00e7ois, J.: Deep mining port scans from darknet. Int. J. Netw. Manag. 29(3), e2065 (2019)","journal-title":"Int. J. Netw. Manag."},{"key":"742_CR53","volume-title":"Neo4J Graph Data Modeling","author":"M Lal","year":"2015","unstructured":"Lal, M.: Neo4J Graph Data Modeling. Packt Publishing, Birmingham (2015)"},{"key":"742_CR54","doi-asserted-by":"publisher","first-page":"100,219","DOI":"10.1016\/j.cosrev.2019.100219","volume":"35","author":"HS Lallie","year":"2020","unstructured":"Lallie, H.S., Debattista, K., Bal, J.: A review of attack graph and attack tree visual syntax in cyber security. Comput. Sci. Rev. 35, 100,219 (2020)","journal-title":"Comput. Sci. Rev."},{"key":"742_CR55","doi-asserted-by":"crossref","unstructured":"Leichtnam, L., Totel, E., Prigent, N., M\u00e9, L.: Sec2graph: network attack detection based on novelty detection on graph structured data. In: Detection of Intrusions and Malware, and Vulnerability Assessment, pp. 238\u2013258. Springer (2020)","DOI":"10.1007\/978-3-030-52683-2_12"},{"key":"742_CR56","doi-asserted-by":"publisher","first-page":"102,282","DOI":"10.1016\/j.cose.2021.102282","volume":"106","author":"Z Li","year":"2021","unstructured":"Li, Z., Chen, Q.A., Yang, R., Chen, Y., Ruan, W.: Threat detection and investigation with system-level provenance graphs: a survey. Comput. Secur. 106, 102,282 (2021)","journal-title":"Comput. Secur."},{"issue":"3","key":"742_CR57","doi-asserted-by":"publisher","first-page":"4182","DOI":"10.1007\/s11227-021-04020-y","volume":"78","author":"S Li","year":"2022","unstructured":"Li, S., Zhou, Q., Zhou, R., Lv, Q.: Intelligent malware detection based on graph convolutional network. J. Supercomput. 78(3), 4182\u20134198 (2022)","journal-title":"J. Supercomput."},{"issue":"2","key":"742_CR58","doi-asserted-by":"publisher","first-page":"1397","DOI":"10.1109\/COMST.2018.2800740","volume":"20","author":"L Liu","year":"2018","unstructured":"Liu, L., De Vel, O., Han, Q., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tutor. 20(2), 1397\u20131417 (2018)","journal-title":"IEEE Commun. Surv. Tutor."},{"key":"742_CR59","unstructured":"Neo4j. https:\/\/neo4j.com\/. Accessed 1 Nov 2021"},{"key":"742_CR60","unstructured":"Neo4j: cypher query language. https:\/\/neo4j.com\/developer\/cypher\/. Accessed 1 Nov 2021"},{"key":"742_CR61","doi-asserted-by":"publisher","first-page":"8577","DOI":"10.1073\/pnas.0601602103","volume":"103","author":"ME Newman","year":"2006","unstructured":"Newman, M.E.: Modularity and community structure in networks. Proc. Natl. Acad. Sci. USA 103, 8577\u20138582 (2006)","journal-title":"Proc. Natl. Acad. Sci. USA"},{"key":"742_CR62","unstructured":"Noel, S., Harley, E., Tam, K.H., Gyor, G.: Big-Data Architecture for Cyber Attack Graphs Representing Security Relationships in NoSQL Graph Databases (2015)"},{"key":"742_CR63","doi-asserted-by":"crossref","unstructured":"Noel, S., Harley, E., Tam, K.H., Limiero, M., Share, M.: CyGraph: graph-based analytics and visualization for cybersecurity. In: Handbook of Statistics, vol.\u00a035, pp. 117\u2013167. Elsevier (2016)","DOI":"10.1016\/bs.host.2016.07.001"},{"key":"742_CR64","first-page":"300","volume-title":"A Review of Graph Approaches to Network Security Analytics","author":"S Noel","year":"2018","unstructured":"Noel, S.: A Review of Graph Approaches to Network Security Analytics, pp. 300\u2013323. Springer, New York (2018)"},{"key":"742_CR65","unstructured":"OrientDB. https:\/\/orientdb.org. Accessed 1 Nov 2021"},{"issue":"23\u201324","key":"742_CR66","doi-asserted-by":"publisher","first-page":"2435","DOI":"10.1016\/S1389-1286(99)00112-7","volume":"31","author":"V Paxson","year":"1999","unstructured":"Paxson, V.: Bro: a system for detecting network intruders in real-time. Comput. Netw. 31(23\u201324), 2435\u20132463 (1999)","journal-title":"Comput. Netw."},{"key":"742_CR67","doi-asserted-by":"crossref","unstructured":"Perozzi, B., Al-Rfou, R., Skiena, S.: DeepWalk: Online Learning of Social Representations, pp. 701\u2013710. ACM (2014)","DOI":"10.1145\/2623330.2623732"},{"issue":"10","key":"742_CR68","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1145\/3561818","volume":"55","author":"A Qui\u00f1a Mera","year":"2023","unstructured":"Qui\u00f1a Mera, A., Fernandez, P., Garc\u00eda, J.M., Ruiz-Cort\u00e9s, A.: GraphQL: a systematic mapping study. ACM Comput. Surv. 55(10), 25 (2023). https:\/\/doi.org\/10.1145\/3561818","journal-title":"ACM Comput. Surv."},{"key":"742_CR69","unstructured":"Roussinov, D.G., Chen, H.: A scalable self-organizing map algorithm for textual classification: a neural network approach to thesaurus generation (1998)"},{"issue":"1","key":"742_CR70","first-page":"137","volume":"4","author":"H Sadreazami","year":"2018","unstructured":"Sadreazami, H., Mohammadi, A., Asif, A., Plataniotis, K.N.: Distributed-graph-based statistical approach for intrusion detection in cyber-physical systems. IEEE Trans. Signal Inf. Process. Netw. 4(1), 137\u2013147 (2018)","journal-title":"IEEE Trans. Signal Inf. Process. Netw."},{"issue":"3","key":"742_CR71","doi-asserted-by":"publisher","first-page":"353","DOI":"10.1109\/TSMC.1983.6313167","volume":"13","author":"A Sanfeliu","year":"1983","unstructured":"Sanfeliu, A., Fu, K.: A distance measure between attributed relational graphs for pattern recognition. IEEE Trans. Syst. Man Cybern. B 13(3), 353\u2013363 (1983)","journal-title":"IEEE Trans. Syst. Man Cybern. B"},{"key":"742_CR72","unstructured":"SANS Internet Storm Center: DShield. https:\/\/secure.dshield.org\/. Accessed 1 Nov 2021"},{"key":"742_CR73","doi-asserted-by":"crossref","unstructured":"Shang, Y., Yang, S., Wang, W.: Botnet detection with hybrid analysis on flow based and graph based features of network traffic. In: Cloud Computing and Security, pp. 612\u2013621. Springer (2018)","DOI":"10.1007\/978-3-030-00009-7_55"},{"key":"742_CR74","doi-asserted-by":"crossref","unstructured":"Sharafaldin, I., Lashkari, A.H., Ghorbani, A.A.: Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP 2018), pp. 108\u2013116 (2018)","DOI":"10.5220\/0006639801080116"},{"key":"742_CR75","doi-asserted-by":"publisher","first-page":"25","DOI":"10.28925\/2663-4023.2021.13.133144","volume":"1","author":"S Shevchenko","year":"2021","unstructured":"Shevchenko, S., Zhdanova, Y., Skladannyi, P., Spasiteleva, S.: Mathematical methods in cybersecurity: graphs and their application in information and cybersecurity. Cybersecur. Educ. Sci. Tech. 1, 25 (2021). https:\/\/doi.org\/10.28925\/2663-4023.2021.13.133144","journal-title":"Cybersecur. Educ. Sci. Tech."},{"key":"742_CR76","doi-asserted-by":"publisher","unstructured":"Sinha, K., Viswanathan, A., Bunn, J.: Tracking temporal evolution of network activity for botnet detection (2019). https:\/\/doi.org\/10.48550\/ARXIV.1908.03443. arXiv:1908.03443","DOI":"10.48550\/ARXIV.1908.03443"},{"key":"742_CR77","unstructured":"Stratosphere Lab: The CTU-13 Dataset. A Labeled Dataset with Botnet, Normal and Background traffic. https:\/\/www.stratosphereips.org\/datasets-ctu13. Accessed 1 Nov 2021"},{"key":"742_CR78","doi-asserted-by":"crossref","unstructured":"Tiddi, I., Schlobach, S.: Knowledge graphs as tools for explainable machine learning: a survey. Artif. Intell. 103627 (2021)","DOI":"10.1016\/j.artint.2021.103627"},{"key":"742_CR79","doi-asserted-by":"publisher","first-page":"238","DOI":"10.1016\/j.cose.2017.05.009","volume":"70","author":"MF Umer","year":"2017","unstructured":"Umer, M.F., Sher, M., Bi, Y.: Flow-based intrusion detection: techniques and challenges. Comput. Secur. 70, 238\u2013254 (2017)","journal-title":"Comput. Secur."},{"issue":"4","key":"742_CR80","doi-asserted-by":"publisher","first-page":"247","DOI":"10.1007\/s11416-015-0250-2","volume":"11","author":"B Venkatesh","year":"2015","unstructured":"Venkatesh, B., Choudhury, S.H., Nagaraja, S., Balakrishnan, N.: BotSpot: fast graph based identification of structured P2P bots. J. Comput. Virol. Hack. Tech. 11(4), 247\u2013261 (2015)","journal-title":"J. Comput. Virol. Hack. Tech."},{"key":"742_CR81","doi-asserted-by":"crossref","unstructured":"Wang, J., Paschalidis, I.C.: Botnet detection using social graph analysis. In: 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton), pp. 393\u2013400 (2014)","DOI":"10.1109\/ALLERTON.2014.7028482"},{"issue":"2","key":"742_CR82","doi-asserted-by":"publisher","first-page":"392","DOI":"10.1109\/TCNS.2016.2532804","volume":"4","author":"J Wang","year":"2017","unstructured":"Wang, J., Paschalidis, I.C.: Botnet detection based on anomaly and community detection. IEEE Trans. Control Netw. Syst. 4(2), 392\u2013404 (2017)","journal-title":"IEEE Trans. Control Netw. Syst."},{"key":"742_CR83","doi-asserted-by":"publisher","first-page":"284","DOI":"10.1016\/j.ins.2019.09.024","volume":"511","author":"W Wang","year":"2020","unstructured":"Wang, W., Shang, Y., He, Y., Li, Y., Liu, J.: BotMark: automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors. Inf. Sci. 511, 284\u2013296 (2020)","journal-title":"Inf. Sci."},{"key":"742_CR84","doi-asserted-by":"crossref","unstructured":"W\u00fcchner, T., Ochoa, M., Pretschner, A.: Malware detection with quantitative data flow graphs. In: 9th ACM Symposium on Information, Computer and Communications Security, pp. 271\u2013282. ACM (2014)","DOI":"10.1145\/2590296.2590319"},{"key":"742_CR85","doi-asserted-by":"crossref","unstructured":"Yang, R.: Adjusting assortativity in complex networks. In: Proceedings of the 2014 ACM Southeast Regional Conference, Kennesaw, GA, USA, pp. 2:1\u20132:5 (2014)","DOI":"10.1145\/2638404.2638455"},{"key":"742_CR86","unstructured":"Zeek: Zeek Network Security Monitor tool. https:\/\/zeek.org\/. Accessed 1 Nov 2021"}],"container-title":["International Journal of Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-023-00742-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s10207-023-00742-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s10207-023-00742-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,23]],"date-time":"2024-01-23T01:09:31Z","timestamp":1705972171000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s10207-023-00742-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,30]]},"references-count":86,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2024,2]]}},"alternative-id":["742"],"URL":"https:\/\/doi.org\/10.1007\/s10207-023-00742-7","relation":{},"ISSN":["1615-5262","1615-5270"],"issn-type":[{"value":"1615-5262","type":"print"},{"value":"1615-5270","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,30]]},"assertion":[{"value":"30 August 2023","order":1,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"All authors certify that they have no affiliations with or involvement in any organization or entity with any financial interest or non-financial interest in the subject matter or materials discussed in this manuscript.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of interest"}},{"value":"All authors declare that they adhere to the ethical principles of the journal.","order":3,"name":"Ethics","group":{"name":"EthicsHeading","label":"Ethical approval"}}]}}  <script>parent.window.postMessage('ixistenz.url:https://api.crossref.org/works/10.1007%2FS10207-023-00742-7', '*'); </script> <div id='browserdiffcontainer' style='position: fixed; right: 10px; top: 10vh; min-width: 60px;  border: 1px solid white; background: rgb(251, 189, 0);; opacity: 0.9; font-family: helvetica, arial, sans serif;  font-size: 12px; z-index: 20001; padding-bottom: 20px;'><div onclick="toggle('browserdiffcontainerlist'); return false;" style='background: rgb(151, 89, 0);; color: white; '><strong>&nbsp; <span class='glyphicon glyphicon-minus'></span> NODES</strong></div><div id='browserdiffcontainerlist' style='padding-left: 10px; padding-right: 5px; max-height: 50vh; overflow: auto; '><div><a href='#diffid883' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:883', '*');; return false;" style='text-decoration: none; '>Association </a> <a style='color: white;' href='#diffid883'><sup>1</sup></a></div><div><a href='#diffid116' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:116', '*');; return false;" style='text-decoration: none; '>COMMUNITY </a> <a style='color: white;' href='#diffid116'><sup>2</sup></a></div><div><a href='#diffid123' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:123', '*');; return false;" style='text-decoration: none; '>INTERN </a> <a style='color: white;' href='#diffid123'><sup>13</sup></a></div><div><a href='#diffid878' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:878', '*');; return false;" style='text-decoration: none; '>Note </a> <a style='color: white;' href='#diffid878'><sup>1</sup></a></div><div><a href='#diffid115' style='color: white;' onClick="parent.window.postMessage('ixistenz.opendiff:115', '*');; return false;" style='text-decoration: none; '>Project </a> <a style='color: white;' href='#diffid115'><sup>1</sup></a></div></div></div>
<script>
function toggle( divname ) {
  var x = document.getElementById( divname );
  if (x.style.display === 'none') {
    x.style.display = 'block';
  } else {
    x.style.display = 'none';
  }
} </script>