HSTF-Model: An HTTP-based Trojan detection model via the Hierarchical Spatio-temporal Features of Traffics

HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods usually are with poor generalization ability due to outdated datasets and reliance on manual feature extraction, which makes these methods a...

Full description

Saved in:
Bibliographic Details
Published inComputers & security Vol. 96; p. 101923
Main Authors Xie, Jiang, Li, Shuhao, Yun, Xiaochun, Zhang, Yongzheng, Chang, Peng
Format Journal Article
LanguageEnglish
Published Amsterdam Elsevier Ltd 01.09.2020
Elsevier Sequoia S.A
Subjects
Artificial neural networks
Datasets
Deep learning
Feature extraction
HTTP-based Trojan detection
Machine learning
Malware
Model accuracy
Spatial data
Spatio-temporal features
Deep learning
Spatio-temporal features
HTTP-based Trojan detection
Online AccessGet full text
ISSN0167-4048
1872-6208
DOI10.1016/j.cose.2020.101923

Cover

Abstract HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods usually are with poor generalization ability due to outdated datasets and reliance on manual feature extraction, which makes these methods always perform well under their private dataset, but poorly or even fail to work in real network environment. In this paper, we propose an HTTP-based Trojan detection model via the Hierarchical Spatio-Temporal Features of traffics (HSTF-Model) based on the formalized description of traffic spatio-temporal behavior from both packet level and flow level. In this model, we employ Convolutional Neural Network (CNN) to extract spatial information and Long Short-Term Memory (LSTM) to extract temporal information. In addition, we present a dataset consisting of Benign and Trojan HTTP Traffic (BTHT-2018). Experimental results show that our model can guarantee high accuracy (the F1 of 98.62% ~ 99.81% and the FPR of 0.34% ~ 0.02% in BTHT-2018). More importantly, our model has a huge advantage over other related methods in generalization ability. HSTF-Model trained with BTHT-2018 can reach the F1 of 93.51% on the public dataset ISCX-2012, which is 20+% better than the best of related machine learning methods.
AbstractList HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods usually are with poor generalization ability due to outdated datasets and reliance on manual feature extraction, which makes these methods always perform well under their private dataset, but poorly or even fail to work in real network environment. In this paper, we propose an HTTP-based Trojan detection model via the Hierarchical Spatio-Temporal Features of traffics (HSTF-Model) based on the formalized description of traffic spatio-temporal behavior from both packet level and flow level. In this model, we employ Convolutional Neural Network (CNN) to extract spatial information and Long Short-Term Memory (LSTM) to extract temporal information. In addition, we present a dataset consisting of Benign and Trojan HTTP Traffic (BTHT-2018). Experimental results show that our model can guarantee high accuracy (the F1 of 98.62% ~ 99.81% and the FPR of 0.34% ~ 0.02% in BTHT-2018). More importantly, our model has a huge advantage over other related methods in generalization ability. HSTF-Model trained with BTHT-2018 can reach the F1 of 93.51% on the public dataset ISCX-2012, which is 20+% better than the best of related machine learning methods.
HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods usually are with poor generalization ability due to outdated datasets and reliance on manual feature extraction, which makes these methods always perform well under their private dataset, but poorly or even fail to work in real network environment. In this paper, we propose an HTTP-based Trojan detection model via the Hierarchical Spatio-Temporal Features of traffics (HSTF-Model) based on the formalized description of traffic spatio-temporal behavior from both packet level and flow level. In this model, we employ Convolutional Neural Network (CNN) to extract spatial information and Long Short-Term Memory (LSTM) to extract temporal information. In addition, we present a dataset consisting of Benign and Trojan HTTP Traffic (BTHT-2018). Experimental results show that our model can guarantee high accuracy (the F1 of 98.62% ~ 99.81% and the FPR of 0.34% ~ 0.02% in BTHT-2018). More importantly, our model has a huge advantage over other related methods in generalization ability. HSTF-Model trained with BTHT-2018 can reach the F1 of 93.51% on the public dataset ISCX-2012, which is 20+% better than the best of related machine learning methods.
ArticleNumber 101923
Author Chang, Peng
Xie, Jiang
Li, Shuhao
Zhang, Yongzheng
Yun, Xiaochun
Author_xml – sequence: 1
  givenname: Jiang
  orcidid: 0000-0003-3219-3102
  surname: Xie
  fullname: Xie, Jiang
  email: xiejiang@iie.ac.cn
  organization: Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
– sequence: 2
  givenname: Shuhao
  surname: Li
  fullname: Li, Shuhao
  email: lishuhao@iie.ac.cn
  organization: Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
– sequence: 3
  givenname: Xiaochun
  surname: Yun
  fullname: Yun, Xiaochun
  email: yunxiaochun@cert.org.cn
  organization: Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
– sequence: 4
  givenname: Yongzheng
  surname: Zhang
  fullname: Zhang, Yongzheng
  email: zhangyongzheng@iie.ac.cn
  organization: Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
– sequence: 5
  givenname: Peng
  surname: Chang
  fullname: Chang, Peng
  email: changpeng@iie.ac.cn
  organization: Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China
BookMark eNp9kEFLwzAYQINMcJv-AU8Bz51JuraZeBnDOWGisHoOafKFpWzNTLKB_97UefLgKSS894XvjdCgcx0gdEvJhBJa3rcT5QJMGGE_DzOWX6Ah5RXLSkb4AA0TVGVTMuVXaBRCSwitSs6HqF1t6mX26jTsHvC8w6u6fs8aGUDj2rtWdlhDBBWt6_C-p_DJShy3gFcWvPRqa5Xc4c1BJiSLsD84n-5LkPHoIWBn0hxpjFXhGl0auQtw83uO0cfyqV6ssvXb88tivs5UznjMCt3MmqlmjWENoU1FNJCSF1TnZcEUm3JpclCsobOGlVIrqlVhjCo5AzKjJs_H6O489-Dd5xFCFK07-i59KVhBiooVFekpdqaUdyF4MOLg7V76L0GJ6JuKVvRNRd9UnJsmif-RlI395l300u7-Vx_PKqTVT6mdCMpCp0Bbn_oK7ex_-jes-ZPz
CitedBy_id crossref_primary_10_1007_s10489_022_04076_0
crossref_primary_10_1016_j_compeleceng_2022_107883
crossref_primary_10_3390_electronics9111894
crossref_primary_10_1016_j_cose_2023_103628
crossref_primary_10_1016_j_jpdc_2022_06_004
crossref_primary_10_1186_s40537_025_01087_9
crossref_primary_10_1016_j_cose_2022_102663
crossref_primary_10_1016_j_cose_2022_102861
crossref_primary_10_3390_s24206507
crossref_primary_10_3934_era_2023259
crossref_primary_10_1016_j_cose_2023_103257
crossref_primary_10_3390_electronics12102313
Cites_doi 10.1016/j.comcom.2014.04.012
10.1016/j.eswa.2016.09.041
10.1109/COMST.2018.2847722
10.1109/TETCI.2017.2772792
10.1016/j.eswa.2005.05.002
10.1007/s13198-015-0376-0
10.1109/COMST.2015.2494502
10.1016/j.cose.2019.03.013
10.1016/j.jnca.2012.09.004
10.1007/s12652-018-0803-6
10.1037/h0042519
10.17487/rfc1998
10.1016/j.cose.2019.06.005
10.1109/SURV.2013.052213.00046
10.1109/ACCESS.2017.2762418
10.1016/j.ins.2019.09.024
10.1145/846183.846204
10.1007/BF00994018
10.1016/j.cose.2011.12.012
10.1016/j.patcog.2016.03.028
10.1145/997150.997156
10.1016/j.cose.2018.04.010
10.1016/j.jocs.2017.03.006
10.1109/MC.2002.1012428
10.1016/j.cose.2019.01.006
10.1016/j.ins.2017.04.044
10.1016/j.cose.2019.05.022
ContentType Journal Article
Copyright 2020 Elsevier Ltd
Copyright Elsevier Sequoia S.A. Sep 2020
Copyright_xml – notice: 2020 Elsevier Ltd
– notice: Copyright Elsevier Sequoia S.A. Sep 2020
DBID AAYXX
CITATION
7SC
8FD
JQ2
K7.
L7M
L~C
L~D
DOI 10.1016/j.cose.2020.101923
DatabaseName CrossRef
Computer and Information Systems Abstracts
Technology Research Database
ProQuest Computer Science Collection
ProQuest Criminal Justice (Alumni)
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DatabaseTitle CrossRef
ProQuest Criminal Justice (Alumni)
Technology Research Database
Computer and Information Systems Abstracts – Academic
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts Professional
DatabaseTitleList
ProQuest Criminal Justice (Alumni)
DeliveryMethod fulltext_linktorsrc
Discipline Computer Science
EISSN 1872-6208
ExternalDocumentID 10_1016_j_cose_2020_101923
S016740482030198X
GroupedDBID --K
--M
-~X
.DC
.~1
0R~
1B1
1RT
1~.
1~5
29F
4.4
457
4G.
5GY
5VS
7-5
71M
8P~
9JN
AACTN
AAEDT
AAEDW
AAIAV
AAIKJ
AAKOC
AALRI
AAOAW
AAQFI
AAQXK
AAXUO
AAYFN
ABBOA
ABFSI
ABMAC
ABXDB
ABYKQ
ACDAQ
ACGFO
ACGFS
ACNNM
ACRLP
ACZNC
ADBBV
ADEZE
ADHUB
ADJOM
ADMUD
AEBSH
AEKER
AENEX
AFFNX
AFKWA
AFTJW
AGHFR
AGUBO
AGYEJ
AHHHB
AHZHX
AIALX
AIEXJ
AIKHN
AITUG
AJBFU
AJOXV
ALMA_UNASSIGNED_HOLDINGS
AMFUW
AMRAJ
AOUOD
ASPBG
AVWKF
AXJTR
AZFZN
BKOJK
BKOMP
BLXMC
CS3
DU5
E.L
EBS
EFJIC
EFLBG
EJD
EO8
EO9
EP2
EP3
FDB
FEDTE
FGOYB
FIRID
FNPLU
FYGXN
G-2
G-Q
GBLVA
GBOLZ
HLX
HLZ
HVGLF
HZ~
IHE
J1W
KOM
LG8
LG9
M41
MO0
MS~
N9A
O-L
O9-
OAUVE
OZT
P-8
P-9
P2P
PC.
PQQKQ
Q38
R2-
RIG
RNS
ROL
RPZ
RXW
SBC
SBM
SDF
SDG
SDP
SES
SEW
SPC
SPCBC
SSV
SSZ
T5K
TAE
TN5
TWZ
WH7
WUQ
XJE
XPP
XSW
YK3
ZMT
~G-
AATTM
AAXKI
AAYWO
AAYXX
ABJNI
ABWVN
ACRPL
ACVFH
ADCNI
ADNMO
AEIPS
AEUPX
AFJKZ
AFPUW
AFXIZ
AGCQF
AGQPQ
AGRNS
AIGII
AIIUN
AKBMS
AKRWK
AKYEP
ANKPU
APXCP
BNPGV
CITATION
SSH
7SC
8FD
EFKBS
JQ2
K7.
L7M
L~C
L~D
ID FETCH-LOGICAL-c328t-5db9b4d2bf2b01b70de06851d3652c248af3ec2b19b26adc1dc5ffc682e091f33
IEDL.DBID AIKHN
ISSN 0167-4048
IngestDate Fri Jul 25 08:11:28 EDT 2025
Tue Jul 01 03:48:18 EDT 2025
Thu Apr 24 22:58:51 EDT 2025
Fri Feb 23 02:48:29 EST 2024
IsPeerReviewed true
IsScholarly true
Keywords Deep learning
Spatio-temporal features
HTTP-based Trojan detection
Language English
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c328t-5db9b4d2bf2b01b70de06851d3652c248af3ec2b19b26adc1dc5ffc682e091f33
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0003-3219-3102
PQID 2505725703
PQPubID 46289
ParticipantIDs proquest_journals_2505725703
crossref_primary_10_1016_j_cose_2020_101923
crossref_citationtrail_10_1016_j_cose_2020_101923
elsevier_sciencedirect_doi_10_1016_j_cose_2020_101923
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate September 2020
2020-09-00
20200901
PublicationDateYYYYMMDD 2020-09-01
PublicationDate_xml – month: 09
  year: 2020
  text: September 2020
PublicationDecade 2020
PublicationPlace Amsterdam
PublicationPlace_xml – name: Amsterdam
PublicationTitle Computers & security
PublicationYear 2020
Publisher Elsevier Ltd
Elsevier Sequoia S.A
Publisher_xml – name: Elsevier Ltd
– name: Elsevier Sequoia S.A
References Gezer, Warner, Wilson, Shrestha (bib0015) 2019; 84
Erfani, Rajasegarar, Karunasekera, Leckie (bib0014) 2016; 58
Shone, Ngoc, Phai, Shi (bib0035) 2018; 2
Yang, Kong, Zhi, Chen, Wang (bib0042) 2018; 6
Zhang, Wang (bib0044) 2013
Kemmerer, Vigna (bib0020) 2002; 35
Panda, Patra (bib0029) 2007; 7
Senavirathne, Torra (bib0033) 2019; 83
Zhou, Paffenroth (bib0045) 2017
CNCERT/CC (bib0010) 2019
Bhuyan, Bhattacharyya, Kalita (bib0003) 2013; 16
Li, Qin, Huang, Yang, Ye (bib0023) 2017
Al-Yaseen, Othman, Nazri (bib0001) 2017; 67
Mishra, Varadharajan, Tupakula, Pilli (bib0027) 2018; 21
Buczak, Guven (bib0005) 2015; 18
Rosenblatt (bib0031) 1958; 65
Vijayanand, Devaraj, Kannapiran (bib0039) 2018; 77
Moore, Zuev, Crogan (bib0028) 2013
Rosset, Inger (bib0032) 2000; 1
Wang, Zhao, Wang (bib0041) 2019; 10
Wang, Shang, He, Li, Liu (bib0040) 2020; 511
Bost, Popa, Tu, Goldwasser (bib0004) 2015; 4324
Ring, Wunderlich, Scheuring, Landes, Hotho (bib0030) 2019
Chen, Yan, Han, Wang, Peng, Wang, Yang (bib0009) 2018; 433
Can, Sahingoz (bib0006) 2015
Kim, Shin, Jo, Kim (bib0021) 2017
Liao, Lin, Lin, Tung (bib0024) 2013; 36
Sundermeyer, Schlüter, Ney (bib0036) 2012
Mira, Sandoval (bib0025) 1995; 930
Shiravi, Shiravi, Tavallaee, Ghorbani (bib0034) 2012; 31
Tavallaee, Bagheri, Lu, Ghorbani (bib0037) 2009
Javaid, Niyaz, Sun, Alam (bib0019) 2016
Yin, Zhu, Fei, He (bib0043) 2017; 5
Tian, Yao, Ryder, Tan, Peng (bib0038) 2017
Chen, Guan, Huang, Ou (bib0007) 2016; 12
Cortes, Vapnik (bib0011) 1995; 20
Hubballi, Suryanarayanan (bib0018) 2014; 49
Mirkovic, Reiher (bib0026) 2004; 34
Depren, Topallar, Anarim, Ciliz (bib0012) 2005; 29
Gu, Wang, Wang, Wang (bib0016) 2019; 86
Aljawarneh, Aldwairi, Yassein (bib0002) 2018; 25
Kwon, Kim, Kim, Suh, Kim, Kim (bib0022) 2017
Dong, Wang (bib0013) 2016
Gupta, Gupta (bib0017) 2017; 8
Chen, E., Bates, T., 1996. Rfc1998: An application of the bgp community attribute in multi-home routing.
Chen (10.1016/j.cose.2020.101923_bib0009) 2018; 433
Hubballi (10.1016/j.cose.2020.101923_bib0018) 2014; 49
Senavirathne (10.1016/j.cose.2020.101923_bib0033) 2019; 83
Tian (10.1016/j.cose.2020.101923_bib0038) 2017
Cortes (10.1016/j.cose.2020.101923_bib0011) 1995; 20
Kwon (10.1016/j.cose.2020.101923_bib0022) 2017
Sundermeyer (10.1016/j.cose.2020.101923_bib0036) 2012
Bhuyan (10.1016/j.cose.2020.101923_bib0003) 2013; 16
Buczak (10.1016/j.cose.2020.101923_bib0005) 2015; 18
Chen (10.1016/j.cose.2020.101923_bib0007) 2016; 12
Aljawarneh (10.1016/j.cose.2020.101923_bib0002) 2018; 25
Wang (10.1016/j.cose.2020.101923_bib0041) 2019; 10
Al-Yaseen (10.1016/j.cose.2020.101923_bib0001) 2017; 67
Mishra (10.1016/j.cose.2020.101923_bib0027) 2018; 21
Rosenblatt (10.1016/j.cose.2020.101923_bib0031) 1958; 65
Wang (10.1016/j.cose.2020.101923_bib0040) 2020; 511
Gupta (10.1016/j.cose.2020.101923_bib0017) 2017; 8
Tavallaee (10.1016/j.cose.2020.101923_bib0037) 2009
Can (10.1016/j.cose.2020.101923_bib0006) 2015
Vijayanand (10.1016/j.cose.2020.101923_bib0039) 2018; 77
Li (10.1016/j.cose.2020.101923_bib0023) 2017
Shone (10.1016/j.cose.2020.101923_bib0035) 2018; 2
Depren (10.1016/j.cose.2020.101923_bib0012) 2005; 29
Shiravi (10.1016/j.cose.2020.101923_bib0034) 2012; 31
Kim (10.1016/j.cose.2020.101923_bib0021) 2017
Kemmerer (10.1016/j.cose.2020.101923_bib0020) 2002; 35
Zhang (10.1016/j.cose.2020.101923_bib0044) 2013
Mirkovic (10.1016/j.cose.2020.101923_bib0026) 2004; 34
10.1016/j.cose.2020.101923_bib0008
Mira (10.1016/j.cose.2020.101923_bib0025) 1995; 930
Panda (10.1016/j.cose.2020.101923_bib0029) 2007; 7
Gu (10.1016/j.cose.2020.101923_bib0016) 2019; 86
Javaid (10.1016/j.cose.2020.101923_bib0019) 2016
CNCERT/CC (10.1016/j.cose.2020.101923_bib0010) 2019
Ring (10.1016/j.cose.2020.101923_bib0030) 2019
Yang (10.1016/j.cose.2020.101923_bib0042) 2018; 6
Yin (10.1016/j.cose.2020.101923_bib0043) 2017; 5
Gezer (10.1016/j.cose.2020.101923_bib0015) 2019; 84
Bost (10.1016/j.cose.2020.101923_bib0004) 2015; 4324
Dong (10.1016/j.cose.2020.101923_bib0013) 2016
Erfani (10.1016/j.cose.2020.101923_bib0014) 2016; 58
Rosset (10.1016/j.cose.2020.101923_bib0032) 2000; 1
Zhou (10.1016/j.cose.2020.101923_bib0045) 2017
Moore (10.1016/j.cose.2020.101923_bib0028) 2013
Liao (10.1016/j.cose.2020.101923_bib0024) 2013; 36
References_xml – start-page: 1
  year: 2015
  end-page: 6
  ident: bib0006
  article-title: A survey of intrusion detection systems in wireless sensor networks
  publication-title: 2015 6th International Conference on Modeling, Simulation, and Applied Optimization (ICMSAO)
– volume: 84
  start-page: 179
  year: 2019
  end-page: 192
  ident: bib0015
  article-title: A flow-based approach for trickbot banking trojan detection
  publication-title: Computers & Security
– volume: 2
  start-page: 41
  year: 2018
  end-page: 50
  ident: bib0035
  article-title: A deep learning approach to network intrusion detection
  publication-title: IEEE Transactions on Emerging Topics in Computational Intelligence
– volume: 433
  start-page: 346
  year: 2018
  end-page: 364
  ident: bib0009
  article-title: Machine learning based mobile malware detection using highly imbalanced network traffic
  publication-title: Information Sciences
– start-page: 21
  year: 2016
  end-page: 26
  ident: bib0019
  article-title: A deep learning approach for network intrusion detection system
  publication-title: Proceedings of the 9th EAI International Conference on Bio-inspired Information and Communications Technologies (formerly BIONETICS)
– volume: 83
  start-page: 167
  year: 2019
  end-page: 181
  ident: bib0033
  article-title: Integrally private model selection for decision trees
  publication-title: Computers & Security
– year: 2017
  ident: bib0038
  article-title: Detection of repackaged android malware with code-heterogeneity features
  publication-title: IEEE Transactions on Dependable and Secure Computing
– volume: 1
  start-page: 85
  year: 2000
  end-page: 90
  ident: bib0032
  article-title: Kdd-cup 99: knowledge discovery in a charitable organization’s donor database
  publication-title: SIGKDD Explorations
– start-page: 307
  year: 2013
  end-page: 311
  ident: bib0044
  article-title: An effective feature selection approach for network intrusion detection
  publication-title: 2013 IEEE Eighth International Conference on Networking, Architecture and Storage
– year: 2012
  ident: bib0036
  article-title: Lstm neural networks for language modeling
  publication-title: Thirteenth annual conference of the international speech communication association
– volume: 25
  start-page: 152
  year: 2018
  end-page: 160
  ident: bib0002
  article-title: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model
  publication-title: J. Comput. Sci.
– volume: 21
  start-page: 686
  year: 2018
  end-page: 728
  ident: bib0027
  article-title: A detailed investigation and analysis of using machine learning techniques for intrusion detection
  publication-title: IEEE Communications Surveys & Tutorials
– start-page: 858
  year: 2017
  end-page: 866
  ident: bib0023
  article-title: Intrusion detection using convolutional neural networks for representation learning
  publication-title: International Conference on Neural Information Processing
– start-page: 581
  year: 2016
  end-page: 585
  ident: bib0013
  article-title: Comparison deep learning method to traditional methods using for network intrusion detection
  publication-title: 2016 8th IEEE International Conference on Communication Software and Networks (ICCSN)
– volume: 7
  start-page: 258
  year: 2007
  end-page: 263
  ident: bib0029
  article-title: Network intrusion detection using naive bayes
  publication-title: International journal of computer science and network security
– volume: 31
  start-page: 357
  year: 2012
  end-page: 374
  ident: bib0034
  article-title: Toward developing a systematic approach to generate benchmark datasets for intrusion detection
  publication-title: computers & security
– volume: 6
  start-page: 35365
  year: 2018
  end-page: 35381
  ident: bib0042
  article-title: Machine learning and deep learning methods for cybersecurity
  publication-title: IEEE Access
– volume: 34
  start-page: 39
  year: 2004
  end-page: 53
  ident: bib0026
  article-title: A taxonomy of ddos attack and ddos defense mechanisms
  publication-title: ACM SIGCOMM Computer Communication Review
– volume: 29
  start-page: 713
  year: 2005
  end-page: 722
  ident: bib0012
  article-title: An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks
  publication-title: Expert systems with Applications
– volume: 86
  start-page: 53
  year: 2019
  end-page: 62
  ident: bib0016
  article-title: A novel approach to intrusion detection using svm ensemble with feature augmentation
  publication-title: Computers & Security
– volume: 511
  start-page: 284
  year: 2020
  end-page: 296
  ident: bib0040
  article-title: Botmark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors
  publication-title: Information Sciences
– volume: 65
  start-page: 386
  year: 1958
  ident: bib0031
  article-title: The perceptron: a probabilistic model for information storage and organization in the brain.
  publication-title: Psychological review
– volume: 49
  start-page: 1
  year: 2014
  end-page: 17
  ident: bib0018
  article-title: False alarm minimization techniques in signature-based intrusion detection systems: A survey
  publication-title: Computer Communications
– volume: 16
  start-page: 303
  year: 2013
  end-page: 336
  ident: bib0003
  article-title: Network anomaly detection: methods, systems and tools
  publication-title: Ieee communications surveys & tutorials
– volume: 12
  start-page: 569
  year: 2016
  end-page: 580
  ident: bib0007
  article-title: Anomaly network intrusion detection using hidden markov model
  publication-title: Int. J. Innov. Comput. Inform. Control
– start-page: 313
  year: 2017
  end-page: 316
  ident: bib0021
  article-title: Method of intrusion detection using deep neural network
  publication-title: 2017 IEEE International Conference on Big Data and Smart Computing (BigComp)
– reference: Chen, E., Bates, T., 1996. Rfc1998: An application of the bgp community attribute in multi-home routing.
– volume: 8
  start-page: 512
  year: 2017
  end-page: 530
  ident: bib0017
  article-title: Cross-site scripting (xss) attacks and defense mechanisms: classification and state-of-the-art
  publication-title: International Journal of System Assurance Engineering and Management
– start-page: 1
  year: 2009
  end-page: 6
  ident: bib0037
  article-title: A detailed analysis of the kdd cup 99 data set
  publication-title: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications
– volume: 77
  start-page: 304
  year: 2018
  end-page: 314
  ident: bib0039
  article-title: Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection
  publication-title: Computers & Security
– year: 2019
  ident: bib0030
  article-title: A survey of network-based intrusion detection data sets
  publication-title: Computers & Security
– volume: 18
  start-page: 1153
  year: 2015
  end-page: 1176
  ident: bib0005
  article-title: A survey of data mining and machine learning methods for cyber security intrusion detection
  publication-title: IEEE Communications Surveys & Tutorials
– volume: 930
  year: 1995
  ident: bib0025
  article-title: From Natural to Artificial Neural Computation: International Workshop on Artificial Neural Networks, Malaga-Torremolinos, Spain, June 7-9, 1995: Proceedings
– year: 2019
  ident: bib0010
  article-title: 2018 China Internet Cyber Security Report
– volume: 10
  start-page: 3035
  year: 2019
  end-page: 3043
  ident: bib0041
  article-title: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network
  publication-title: Journal of Ambient Intelligence and Humanized Computing
– start-page: 1
  year: 2017
  end-page: 13
  ident: bib0022
  article-title: A survey of deep learning-based network anomaly detection
  publication-title: Cluster Comput.
– start-page: 665
  year: 2017
  end-page: 674
  ident: bib0045
  article-title: Anomaly detection with robust deep autoencoders
  publication-title: Proceedings of the 23rd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining
– volume: 58
  start-page: 121
  year: 2016
  end-page: 134
  ident: bib0014
  article-title: High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning
  publication-title: Pattern Recognition
– volume: 36
  start-page: 16
  year: 2013
  end-page: 24
  ident: bib0024
  article-title: Intrusion detection system: A comprehensive review
  publication-title: Journal of Network and Computer Applications
– volume: 5
  start-page: 21954
  year: 2017
  end-page: 21961
  ident: bib0043
  article-title: A deep learning approach for intrusion detection using recurrent neural networks
  publication-title: Ieee Access
– volume: 4324
  start-page: 4325
  year: 2015
  ident: bib0004
  article-title: Machine learning classification over encrypted data.
  publication-title: NDSS
– volume: 20
  start-page: 273
  year: 1995
  end-page: 297
  ident: bib0011
  article-title: Support-vector networks
  publication-title: Machine learning
– year: 2013
  ident: bib0028
  article-title: Discriminators for use in flow-based classification
  publication-title: Technical Report
– volume: 67
  start-page: 296
  year: 2017
  end-page: 303
  ident: bib0001
  article-title: Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system
  publication-title: Expert Syst. Appl.
– volume: 35
  start-page: supl27
  year: 2002
  end-page: supl30
  ident: bib0020
  article-title: Intrusion detection: a brief history and overview
  publication-title: Computer
– volume: 49
  start-page: 1
  year: 2014
  ident: 10.1016/j.cose.2020.101923_bib0018
  article-title: False alarm minimization techniques in signature-based intrusion detection systems: A survey
  publication-title: Computer Communications
  doi: 10.1016/j.comcom.2014.04.012
– volume: 67
  start-page: 296
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0001
  article-title: Multi-level hybrid support vector machine and extreme learning machine based on modified k-means for intrusion detection system
  publication-title: Expert Syst. Appl.
  doi: 10.1016/j.eswa.2016.09.041
– volume: 7
  start-page: 258
  issue: 12
  year: 2007
  ident: 10.1016/j.cose.2020.101923_bib0029
  article-title: Network intrusion detection using naive bayes
  publication-title: International journal of computer science and network security
– volume: 21
  start-page: 686
  issue: 1
  year: 2018
  ident: 10.1016/j.cose.2020.101923_bib0027
  article-title: A detailed investigation and analysis of using machine learning techniques for intrusion detection
  publication-title: IEEE Communications Surveys & Tutorials
  doi: 10.1109/COMST.2018.2847722
– year: 2013
  ident: 10.1016/j.cose.2020.101923_bib0028
  article-title: Discriminators for use in flow-based classification
– volume: 2
  start-page: 41
  issue: 1
  year: 2018
  ident: 10.1016/j.cose.2020.101923_bib0035
  article-title: A deep learning approach to network intrusion detection
  publication-title: IEEE Transactions on Emerging Topics in Computational Intelligence
  doi: 10.1109/TETCI.2017.2772792
– volume: 29
  start-page: 713
  issue: 4
  year: 2005
  ident: 10.1016/j.cose.2020.101923_bib0012
  article-title: An intelligent intrusion detection system (ids) for anomaly and misuse detection in computer networks
  publication-title: Expert systems with Applications
  doi: 10.1016/j.eswa.2005.05.002
– volume: 8
  start-page: 512
  issue: 1
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0017
  article-title: Cross-site scripting (xss) attacks and defense mechanisms: classification and state-of-the-art
  publication-title: International Journal of System Assurance Engineering and Management
  doi: 10.1007/s13198-015-0376-0
– volume: 18
  start-page: 1153
  issue: 2
  year: 2015
  ident: 10.1016/j.cose.2020.101923_bib0005
  article-title: A survey of data mining and machine learning methods for cyber security intrusion detection
  publication-title: IEEE Communications Surveys & Tutorials
  doi: 10.1109/COMST.2015.2494502
– volume: 84
  start-page: 179
  year: 2019
  ident: 10.1016/j.cose.2020.101923_bib0015
  article-title: A flow-based approach for trickbot banking trojan detection
  publication-title: Computers & Security
  doi: 10.1016/j.cose.2019.03.013
– start-page: 1
  year: 2009
  ident: 10.1016/j.cose.2020.101923_bib0037
  article-title: A detailed analysis of the kdd cup 99 data set
– volume: 36
  start-page: 16
  issue: 1
  year: 2013
  ident: 10.1016/j.cose.2020.101923_bib0024
  article-title: Intrusion detection system: A comprehensive review
  publication-title: Journal of Network and Computer Applications
  doi: 10.1016/j.jnca.2012.09.004
– volume: 10
  start-page: 3035
  issue: 8
  year: 2019
  ident: 10.1016/j.cose.2020.101923_bib0041
  article-title: Effective android malware detection with a hybrid model based on deep autoencoder and convolutional neural network
  publication-title: Journal of Ambient Intelligence and Humanized Computing
  doi: 10.1007/s12652-018-0803-6
– start-page: 313
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0021
  article-title: Method of intrusion detection using deep neural network
– volume: 65
  start-page: 386
  issue: 6
  year: 1958
  ident: 10.1016/j.cose.2020.101923_bib0031
  article-title: The perceptron: a probabilistic model for information storage and organization in the brain.
  publication-title: Psychological review
  doi: 10.1037/h0042519
– start-page: 307
  year: 2013
  ident: 10.1016/j.cose.2020.101923_bib0044
  article-title: An effective feature selection approach for network intrusion detection
– ident: 10.1016/j.cose.2020.101923_bib0008
  doi: 10.17487/rfc1998
– year: 2019
  ident: 10.1016/j.cose.2020.101923_bib0010
– year: 2019
  ident: 10.1016/j.cose.2020.101923_bib0030
  article-title: A survey of network-based intrusion detection data sets
  publication-title: Computers & Security
  doi: 10.1016/j.cose.2019.06.005
– year: 2012
  ident: 10.1016/j.cose.2020.101923_bib0036
  article-title: Lstm neural networks for language modeling
– volume: 4324
  start-page: 4325
  year: 2015
  ident: 10.1016/j.cose.2020.101923_bib0004
  article-title: Machine learning classification over encrypted data.
– volume: 930
  year: 1995
  ident: 10.1016/j.cose.2020.101923_bib0025
– volume: 16
  start-page: 303
  issue: 1
  year: 2013
  ident: 10.1016/j.cose.2020.101923_bib0003
  article-title: Network anomaly detection: methods, systems and tools
  publication-title: Ieee communications surveys & tutorials
  doi: 10.1109/SURV.2013.052213.00046
– volume: 5
  start-page: 21954
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0043
  article-title: A deep learning approach for intrusion detection using recurrent neural networks
  publication-title: Ieee Access
  doi: 10.1109/ACCESS.2017.2762418
– volume: 511
  start-page: 284
  year: 2020
  ident: 10.1016/j.cose.2020.101923_bib0040
  article-title: Botmark: Automated botnet detection with hybrid analysis of flow-based and graph-based traffic behaviors
  publication-title: Information Sciences
  doi: 10.1016/j.ins.2019.09.024
– volume: 1
  start-page: 85
  issue: 2
  year: 2000
  ident: 10.1016/j.cose.2020.101923_bib0032
  article-title: Kdd-cup 99: knowledge discovery in a charitable organization’s donor database
  publication-title: SIGKDD Explorations
  doi: 10.1145/846183.846204
– volume: 20
  start-page: 273
  issue: 3
  year: 1995
  ident: 10.1016/j.cose.2020.101923_bib0011
  article-title: Support-vector networks
  publication-title: Machine learning
  doi: 10.1007/BF00994018
– start-page: 1
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0022
  article-title: A survey of deep learning-based network anomaly detection
  publication-title: Cluster Comput.
– volume: 31
  start-page: 357
  issue: 3
  year: 2012
  ident: 10.1016/j.cose.2020.101923_bib0034
  article-title: Toward developing a systematic approach to generate benchmark datasets for intrusion detection
  publication-title: computers & security
  doi: 10.1016/j.cose.2011.12.012
– volume: 58
  start-page: 121
  year: 2016
  ident: 10.1016/j.cose.2020.101923_bib0014
  article-title: High-dimensional and large-scale anomaly detection using a linear one-class svm with deep learning
  publication-title: Pattern Recognition
  doi: 10.1016/j.patcog.2016.03.028
– volume: 34
  start-page: 39
  issue: 2
  year: 2004
  ident: 10.1016/j.cose.2020.101923_bib0026
  article-title: A taxonomy of ddos attack and ddos defense mechanisms
  publication-title: ACM SIGCOMM Computer Communication Review
  doi: 10.1145/997150.997156
– volume: 77
  start-page: 304
  year: 2018
  ident: 10.1016/j.cose.2020.101923_bib0039
  article-title: Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection
  publication-title: Computers & Security
  doi: 10.1016/j.cose.2018.04.010
– volume: 25
  start-page: 152
  year: 2018
  ident: 10.1016/j.cose.2020.101923_bib0002
  article-title: Anomaly-based intrusion detection system through feature selection analysis and building hybrid efficient model
  publication-title: J. Comput. Sci.
  doi: 10.1016/j.jocs.2017.03.006
– start-page: 1
  year: 2015
  ident: 10.1016/j.cose.2020.101923_bib0006
  article-title: A survey of intrusion detection systems in wireless sensor networks
– volume: 35
  start-page: supl27
  issue: 4
  year: 2002
  ident: 10.1016/j.cose.2020.101923_bib0020
  article-title: Intrusion detection: a brief history and overview
  publication-title: Computer
  doi: 10.1109/MC.2002.1012428
– volume: 6
  start-page: 35365
  issue: 99
  year: 2018
  ident: 10.1016/j.cose.2020.101923_bib0042
  article-title: Machine learning and deep learning methods for cybersecurity
  publication-title: IEEE Access
– start-page: 21
  year: 2016
  ident: 10.1016/j.cose.2020.101923_bib0019
  article-title: A deep learning approach for network intrusion detection system
– start-page: 665
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0045
  article-title: Anomaly detection with robust deep autoencoders
– volume: 83
  start-page: 167
  year: 2019
  ident: 10.1016/j.cose.2020.101923_bib0033
  article-title: Integrally private model selection for decision trees
  publication-title: Computers & Security
  doi: 10.1016/j.cose.2019.01.006
– volume: 12
  start-page: 569
  year: 2016
  ident: 10.1016/j.cose.2020.101923_bib0007
  article-title: Anomaly network intrusion detection using hidden markov model
  publication-title: Int. J. Innov. Comput. Inform. Control
– year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0038
  article-title: Detection of repackaged android malware with code-heterogeneity features
  publication-title: IEEE Transactions on Dependable and Secure Computing
– volume: 433
  start-page: 346
  year: 2018
  ident: 10.1016/j.cose.2020.101923_bib0009
  article-title: Machine learning based mobile malware detection using highly imbalanced network traffic
  publication-title: Information Sciences
  doi: 10.1016/j.ins.2017.04.044
– volume: 86
  start-page: 53
  year: 2019
  ident: 10.1016/j.cose.2020.101923_bib0016
  article-title: A novel approach to intrusion detection using svm ensemble with feature augmentation
  publication-title: Computers & Security
  doi: 10.1016/j.cose.2019.05.022
– start-page: 581
  year: 2016
  ident: 10.1016/j.cose.2020.101923_bib0013
  article-title: Comparison deep learning method to traditional methods using for network intrusion detection
– start-page: 858
  year: 2017
  ident: 10.1016/j.cose.2020.101923_bib0023
  article-title: Intrusion detection using convolutional neural networks for representation learning
SSID ssj0017688
Score 2.386095
Snippet HTTP-based Trojan is extremely threatening, and it is difficult to be effectively detected because of its concealment and confusion. Previous detection methods...
SourceID proquest
crossref
elsevier
SourceType Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 101923
SubjectTerms Artificial neural networks
Datasets
Deep learning
Feature extraction
HTTP-based Trojan detection
Machine learning
Malware
Model accuracy
Spatial data
Spatio-temporal features
Title HSTF-Model: An HTTP-based Trojan detection model via the Hierarchical Spatio-temporal Features of Traffics
URI https://dx.doi.org/10.1016/j.cose.2020.101923
https://www.proquest.com/docview/2505725703
Volume 96
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8NAEB60Xrz4Fp9lD94kNtnNY-OtiBIVRWiF3pZ9ZKGlpKVWj_52d5JNQUEPHrNklzA7O_Ml-WY-gIs8dTnDyDzIOJbk2JAHysgo0JxmGdNUM4XfO56e0-I1fhglozW4aWthkFbpY38T0-to7Ud63pq9-XjcG9QEeueAFFF9zkfrsEFZniYd2OjfPxbPq58JDlHzVYtvN8HXzjQ0L6SFu9dEWg_klP2Wn35E6jr93O3AlseNpN882i6sldUebLeaDMQf0X2YFAPncKhwNr0m_YoUw-FLgKnKkOFiNpEVMeWypl9VpFbBIR9jSRwKJMUYa5FraZQpGdRE68A3rpoSRIrv7s2czKxbR2LfibcDeL27Hd4UgddTCDSjfBkkRuUqNlRZqsJIZaEpw9QhLsPShGoac2lZqamKckVTaXRkdGKtTjktHaqwjB1Cp5pV5REQxZhVaWi5xSKGWHHsgp_HoVQyk6HKjiFqrSi0bzaOmhdT0bLKJgItL9DyorH8MVyu5sybVht_3p20myO-OYxwueDPeWftTgp_XN8E4sAM9fzYyT-XPYVNvGrYZ2fQWS7ey3MHV5aqC-tXn1HXO-UXDQ7n4Q
linkProvider Elsevier
linkToHtml http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1LS8QwEA4-DnrxLb7NwZvUbZM-Um-yuNQnwnZhbyGPBnZZuqKrR3-7mTRdUHAPXtMmlMlk5kv5Zj6ELvLU5gwt8iBjUJJjQhZILaJAMZJlVBFFJfzveHpOi0F8P0yGS6jb1sIArdLH_iamu2jtRzremp3X0ajTdwR664AEUH3OhstoNU5oBry-q685zyOyeJrNG3zb133lTEPyAlK4vSQSN5AT-ld2-hWnXfLpbaENjxrxTfNh22ipqnfQZqvIgP0B3UXjom_dDfTNJtf4psZFWb4EkKg0Lt-mY1FjXc0c-arGTgMHf44EthgQFyOoRHbCKBPcdzTrwLetmmDAiR_2Xo6nxq4joOvE-x4a9G7LbhF4NYVAUcJmQaJlLmNNpCEyjGQW6ipMLd7SNE2IIjEThlaKyCiXJBVaRVolxqiUkcpiCkPpPlqpp3V1gLCk1Mg0NMxACUMsGfTAz-NQSJGJUGaHKGqtyJVvNQ6KFxPecsrGHCzPwfK8sfwhupzPeW0abSx8O2k3h_9wF24zwcJ5J-1Ocn9Y3zmgwAzU_OjRP5c9R2tF-fTIH--eH47ROjxpeGgnaGX29lGdWuAyk2fOMb8B_tforA
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=HSTF-Model%3A+An+HTTP-based+Trojan+detection+model+via+the+Hierarchical+Spatio-temporal+Features+of+Traffics&rft.jtitle=Computers+%26+security&rft.au=Xie%2C+Jiang&rft.au=Li%2C+Shuhao&rft.au=Yun%2C+Xiaochun&rft.au=Zhang%2C+Yongzheng&rft.date=2020-09-01&rft.issn=0167-4048&rft.volume=96&rft.spage=101923&rft_id=info:doi/10.1016%2Fj.cose.2020.101923&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_cose_2020_101923
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0167-4048&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0167-4048&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0167-4048&client=summon