{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,19]],"date-time":"2025-08-19T11:03:34Z","timestamp":1755601414837},"publisher-location":"Cham","reference-count":33,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030105426"},{"type":"electronic","value":"9783030105433"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-10543-3_11","type":"book-chapter","created":{"date-parts":[[2019,3,22]],"date-time":"2019-03-22T14:03:29Z","timestamp":1553263409000},"page":"257-272","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["Analysis of APT Actors Targeting IoT and Big Data Systems: Shell_Crew, NetTraveler, ProjectSauron, CopyKittens, Volatile Cedar and Transparent Tribe as a Case Study"],"prefix":"10.1007","author":[{"given":"Paul J.","family":"Taylor","sequence":"first","affiliation":[]},{"given":"Tooska","family":"Dargahi","sequence":"additional","affiliation":[]},{"given":"Ali","family":"Dehghantanha","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2019,3,23]]},"reference":[{"key":"11_CR1","doi-asserted-by":"crossref","unstructured":"M. Hopkins and A. Dehghantanha, \u201cExploit Kits: The production line of the Cybercrime economy?,\u201d in 2015 2nd International Conference on Information Security and Cyber Forensics, InfoSec 2015, 2016.","DOI":"10.1109\/InfoSec.2015.7435501"},{"key":"11_CR2","unstructured":"S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, \u201cKnow Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,\u201d IEEE Trans. Emerg. Top. Comput., 2017."},{"key":"11_CR3","doi-asserted-by":"crossref","unstructured":"S. Walker-Roberts, M. Hammoudeh, and A. Dehghantanha, \u201cA Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure,\u201d IEEE Access, 2018.","DOI":"10.1109\/ACCESS.2018.2817560"},{"key":"11_CR4","doi-asserted-by":"crossref","unstructured":"H. Haddad Pajouh, R. Javidan, R. Khayami, D. Ali, and K.-K. R. Choo, \u201cA Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks,\u201d IEEE Trans. Emerg. Top. Comput., pp. 1\u20131, 2016.","DOI":"10.1109\/TETC.2016.2633228"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"N. Milosevic, A. Dehghantanha, and K.-K. R. Choo, \u201cMachine learning aided Android malware classification,\u201d Comput. Electr. Eng., vol. 61, 2017.","DOI":"10.1016\/j.compeleceng.2017.02.013"},{"key":"11_CR6","doi-asserted-by":"crossref","unstructured":"A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, \u201cRobust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,\u201d IEEE Trans. Sustain. Comput., pp. 1\u20131, 2018.","DOI":"10.1109\/TSUSC.2018.2809665"},{"key":"11_CR7","unstructured":"E. M. Hutchins, M. J. Cloppert, and R. M. Amin, \u201cIntelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains.\u201d"},{"key":"11_CR8","doi-asserted-by":"crossref","unstructured":"D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, \u201cA cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,\u201d J. Comput. Sci., Nov. 2017.","DOI":"10.1016\/j.jocs.2017.10.020"},{"key":"11_CR9","doi-asserted-by":"crossref","unstructured":"H. Haddadpajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, \u201cA Deep Recurrent Neural Network Based Approach for Internet of Things Malware Threat Hunting,\u201d Futur. Gener. Comput. Syst., 2018.","DOI":"10.1016\/j.future.2018.03.007"},{"key":"11_CR10","doi-asserted-by":"crossref","unstructured":"S. Watson and A. Dehghantanha, \u201cDigital forensics: the missing piece of the Internet of Things promise,\u201d Comput. Fraud Secur., vol. 2016, no. 6, 2016.","DOI":"10.1016\/S1361-3723(15)30045-2"},{"key":"11_CR11","doi-asserted-by":"crossref","unstructured":"M. Conti, A. Dehghantanha, K. Franke, and S. Watson, \u201cInternet of Things Security and Forensics: Challenges and Opportunities,\u201d Futur. Gener. Comput. Syst., Jul. 2017.","DOI":"10.1016\/j.future.2017.07.060"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"H. H. Pajouh, A. Dehghantanha, R. Khayami, and K.-K. R. Choo, \u201cIntelligent OS X malware threat detection with code inspection,\u201d J. Comput. Virol. Hacking Tech., 2017.","DOI":"10.1007\/s11416-017-0307-5"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"M. Petraityte, A. Dehghantanha, and G. Epiphaniou, \u201cA Model for Android and iOS Applications Risk Calculation: CVSS Analysis and Enhancement Using Case-Control Studies,\u201d 2018, pp. 219\u2013237.","DOI":"10.1007\/978-3-319-73951-9_11"},{"key":"11_CR14","doi-asserted-by":"crossref","unstructured":"H. Haughey, G. Epiphaniou, H. Al-Khateeb, and A. Dehghantanha, Adaptive traffic fingerprinting for darknet threat intelligence, vol. 70. 2018.","DOI":"10.1007\/978-3-319-73951-9_10"},{"key":"11_CR15","unstructured":"S. Caltagirone, A. Pendergast, and C. Betz, \u201cThe Diamond Model of Intrusion Analysis,\u201d Threat Connect, vol. 298, no. 0704, pp. 1\u201361, 2013."},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"A. Lemay, J. Calvet, F. Menet, and J. M. Fernandez, \u201cSurvey of publicly available reports on advanced persistent threat actors,\u201d Comput. Secur., vol. 72, pp. 26\u201359, Jan. 2018.","DOI":"10.1016\/j.cose.2017.08.005"},{"key":"11_CR17","unstructured":"EMC\/RSA, \u201cRSA Incident Response - Emerging Threat Profile: Shell Crew,\u201d no. January, pp. 1\u201342, 2014."},{"key":"11_CR18","unstructured":"Kaspersky, \u201cThe NetTraveler (aka \u2018Travnet\u2019),\u201d 2004."},{"key":"11_CR19","unstructured":"S. Response and S. Page, \u201cSecurity Response Backdoor . Remsec indicators of compromise,\u201d pp. 1\u201313, 2016."},{"key":"11_CR20","unstructured":"Clearsky, \u201cCopyKittens Attack Group,\u201d Minerva Labs LTD Clear. Cyber Secur., no. Nov, pp. 1\u201323, 2015."},{"key":"11_CR21","unstructured":"T. Intelligence, \u201cVolatile cedar,\u201d 2015."},{"key":"11_CR22","unstructured":"B. K. Baumgartner, \u201cCedar DGA Infrastructure Statistics\u00a0:,\u201d pp. 2\u20136, 2015."},{"key":"11_CR23","unstructured":"D. Huss, \u201cOperation Transparent Tribe - Threat Insight,\u201d 2016."},{"key":"11_CR24","unstructured":"Y. H. Chang and Singh Sudeep, \u201cAPT Group Sends Spear Phishing Emails to Indian Government Officials \u00ab\u00a0APT Group Sends Spear Phishing Emails to Indian Government Officials | FireEye Inc,\u201d FireEye, 2016."},{"key":"11_CR25","doi-asserted-by":"crossref","unstructured":"A. Cook, H. Janicke, R. Smith, and L. Maglaras, \u201cThe industrial control system cyber defence triage process,\u201d Comput. Secur., vol. 70, pp. 467\u2013481, Sep. 2017.","DOI":"10.1016\/j.cose.2017.07.009"},{"key":"11_CR26","unstructured":"Global Research and Analysis Team, \u201cThe ProjectSauron APT,\u201d Kaspersky Lab, vol. 02, pp. 1\u201323, 2016."},{"key":"11_CR27","doi-asserted-by":"crossref","unstructured":"O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, \u201cEnsemble-based multi-filter feature selection method for DDoS detection in cloud computing,\u201d Eurasip J. Wirel. Commun. Netw., vol. 2016, no. 1, 2016.","DOI":"10.1186\/s13638-016-0623-3"},{"key":"11_CR28","doi-asserted-by":"crossref","unstructured":"A. Azmoodeh, A. Dehghantanha, M. Conti, and K.-K. R. Choo, \u201cDetecting crypto-ransomware in IoT networks based on energy consumption footprint,\u201d J. Ambient Intell. Humaniz. Comput., pp. 1\u201312, Aug. 2017.","DOI":"10.1007\/s12652-017-0558-5"},{"key":"11_CR29","doi-asserted-by":"crossref","unstructured":"A. Shalaginov, S. Banin, A. Dehghantanha, and K. Franke, Machine learning aided static malware analysis: A survey and tutorial, vol. 70. 2018.","DOI":"10.1007\/978-3-319-73951-9_2"},{"key":"11_CR30","doi-asserted-by":"crossref","unstructured":"O. M. K. Alhawi, J. Baldwin, and A. Dehghantanha, \u201cLeveraging Machine Learning Techniques for Windows Ransomware Network Traffic Detection,\u201d 2018, pp. 93\u2013106.","DOI":"10.1007\/978-3-319-73951-9_5"},{"key":"11_CR31","doi-asserted-by":"crossref","unstructured":"S. Homayoun, M. Ahmadzadeh, S. Hashemi, A. Dehghantanha, and R. Khayami, \u201cBoTShark: A Deep Learning Approach for Botnet Traffic Detection,\u201d Springer, Cham, 2018, pp. 137\u2013153.","DOI":"10.1007\/978-3-319-73951-9_7"},{"key":"11_CR32","doi-asserted-by":"crossref","unstructured":"J. Gill, I. Okere, H. HaddadPajouh, and A. Dehghantanha, Mobile forensics: A bibliometric analysis, vol. 70. 2018.","DOI":"10.1007\/978-3-319-73951-9_15"},{"key":"11_CR33","doi-asserted-by":"crossref","unstructured":"A. A. James Baldwin, Omar Alhawi, Simone Shaughnessy and A. Dehghantanha, Emerging from The Cloud: A Bibliometric Analysis of Cloud Forensics Studies. Cyber Threat Intelligence- Springer Book, 2017.","DOI":"10.1007\/978-3-319-73951-9_16"}],"container-title":["Handbook of Big Data and IoT Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-10543-3_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,21]],"date-time":"2019-11-21T22:14:34Z","timestamp":1574374474000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-10543-3_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030105426","9783030105433"],"references-count":33,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-10543-3_11","relation":{},"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"23 March 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}