{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,11]],"date-time":"2024-09-11T00:43:21Z","timestamp":1726015401435},"publisher-location":"Cham","reference-count":46,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030105426"},{"type":"electronic","value":"9783030105433"}],"license":[{"start":{"date-parts":[[2019,1,1]],"date-time":"2019-01-01T00:00:00Z","timestamp":1546300800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019]]},"DOI":"10.1007\/978-3-030-10543-3_12","type":"book-chapter","created":{"date-parts":[[2019,3,22]],"date-time":"2019-03-22T18:03:29Z","timestamp":1553277809000},"page":"273-299","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["A Cyber Kill Chain Based Analysis of Remote Access Trojans"],"prefix":"10.1007","author":[{"given":"Reyhaneh","family":"HosseiniNejad","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hamed","family":"HaddadPajouh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ali","family":"Dehghantanha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Reza M.","family":"Parizi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2019,3,23]]},"reference":[{"key":"12_CR1","unstructured":"S. Walker-Roberts, M. Hammoudeh, and A. Dehghantanha, \u201cA Systematic Review of the Availability and Efficacy of Countermeasures to Internal Threats in Healthcare Critical Infrastructure,\u201d IEEE Access, vol. 6, pp. 25167\u201325177, 2018."},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"M. Conti, A. Dehghantanha, K. Franke, and S. Watson, \u201cInternet of Things security and forensics: Challenges and opportunities,\u201d Futur. Gener. Comput. Syst., vol. 78, pp. 544\u2013546, 2018.","DOI":"10.1016\/j.future.2017.07.060"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"H. H. Pajouh, A. Dehghantanha, R. Khayami, and K. K. R. Choo, \u201cIntelligent OS X malware threat detection with code inspection,\u201d J. Comput. Virol. Hacking Tech., pp. 1\u201311, 2017.","DOI":"10.1007\/s11416-017-0307-5"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"L. Chen, T. Li, M. Abdulhayoglu, and Y. Ye, \u201cIntelligent malware detection based on file relation graphs,\u201d in Proceedings of the 2015 IEEE 9th International Conference on Semantic Computing (IEEE ICSC 2015), 2015, pp. 85\u201392.","DOI":"10.1109\/ICOSC.2015.7050784"},{"key":"12_CR5","unstructured":"A. Azmoodeh, A. Dehghantanha, M. Conti, and K.-K. R. Choo, \u201cDetecting crypto-ransomware in IoT networks based on energy consumption footprint,\u201d J. Ambient Intell. Humaniz. Comput., vol. 0, no. 0, p. 0, 2017."},{"key":"12_CR6","unstructured":"H. Haddad Pajouh, R. Javidan, R. Khayami, D. Ali, and K.-K. R. Choo, \u201cA Two-layer Dimension Reduction and Two-tier Classification Model for Anomaly-Based Intrusion Detection in IoT Backbone Networks,\u201d IEEE Trans. Emerg. Top. Comput., vol. 6750, no. c, pp. 1\u20131, 2016."},{"key":"12_CR7","unstructured":"S. Homayoun, A. Dehghantanha, M. Ahmadzadeh, S. Hashemi, and R. Khayami, \u201cKnow Abnormal, Find Evil: Frequent Pattern Mining for Ransomware Threat Hunting and Intelligence,\u201d IEEE Trans. Emerg. Top. Comput., vol. 6750, no. c, pp. 1\u201311, 2017."},{"key":"12_CR8","doi-asserted-by":"crossref","unstructured":"H. HaddadPajouh, A. Dehghantanha, R. Khayami, and K. K. R. Choo, \u201cA deep Recurrent Neural Network based approach for Internet of Things malware threat hunting,\u201d Futur. Gener. Comput. Syst., vol. 85, pp. 88\u201396, 2018.","DOI":"10.1016\/j.future.2018.03.007"},{"key":"12_CR9","unstructured":"A. Azmoodeh, A. Dehghantanha, and K.-K. R. Choo, \u201cRobust Malware Detection for Internet Of (Battlefield) Things Devices Using Deep Eigenspace Learning,\u201d IEEE Trans. Sustain. Comput., vol. 3782, no. c, pp. 1\u20131, 2018."},{"key":"12_CR10","unstructured":"M. Damshenas, A. Dehghantanha, and R. Mahmoud, \u201cA Survey on Malware propagation, analysis and detection,\u201d Int. J. Cyber-Security Digit. Forensics, vol. 2, no. 4, pp. 10\u201329, 2013."},{"key":"12_CR11","unstructured":"\u201ckaspersky.\u201d [Online]. Available: https:\/\/kasperskycontenthub.com\/securelist\/files\/2016\/11\/KL_Predictions_2017.pdf ."},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"A. Shalaginov, S. Banin, A. Dehghantanha, and K. Franke, Machine learning aided static malware analysis: A survey and tutorial, vol. 70. 2018.","DOI":"10.1007\/978-3-319-73951-9_2"},{"key":"12_CR13","doi-asserted-by":"crossref","unstructured":"J. Baldwin and A. Dehghantanha, \u201cfor Opcode Density Based Detection of Crypto-Ransomware,\u201d 2018.","DOI":"10.1007\/978-3-319-73951-9_6"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"M. Hopkins and A. Dehghantanha, \u201cExploit Kits: The production line of the Cybercrime economy?,\u201d 2015 2nd Int. Conf. Inf. Secur. Cyber Forensics, InfoSec 2015, pp. 23\u201327, 2016.","DOI":"10.1109\/InfoSec.2015.7435501"},{"key":"12_CR15","unstructured":"A. Khalilian, A. Baraani, \u201cAn Investigation and Comparison of Metamorphic Virus Detection and Current Challenges.,\u201d Biannu. J. Monadi Cybersp. Secur., 2014."},{"key":"12_CR16","unstructured":"\u201cAV-TEST,\u201d 2018. [Online]. Available: https:\/\/www.av-test.org\/en\/statistics\/malware \/."},{"key":"12_CR17","unstructured":"Mcafee, \u201cMcAfee Labs Threat Report,\u201d no. December, p. 50, 2016."},{"key":"12_CR18","doi-asserted-by":"crossref","unstructured":"D. Kiwia, A. Dehghantanha, K.-K. R. Choo, and J. Slaughter, \u201cA cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence,\u201d J. Comput. Sci., Nov. 2017.","DOI":"10.1016\/j.jocs.2017.10.020"},{"key":"12_CR19","doi-asserted-by":"crossref","unstructured":"G. Canfora, F. Mercaldo, C. A. Visaggio, and P. Di Notte, \u201cMetamorphic Malware Detection Using Code Metrics,\u201d Inf. Secur. J. A Glob. Perspect., vol. 23, no. 3, pp. 57\u201367, May 2014.","DOI":"10.1080\/19393555.2014.931487"},{"key":"12_CR20","doi-asserted-by":"crossref","unstructured":"S. Wu, S. Liu, W. Lin, X. Zhao, and S. Chen, \u201cDetecting Remote Access Trojans through External Control at Area Network Borders,\u201d Proc. - 2017 ACM\/IEEE Symp. Archit. Netw. Commun. Syst. ANCS 2017, pp. 131\u2013141, 2017.","DOI":"10.1109\/ANCS.2017.27"},{"key":"12_CR21","doi-asserted-by":"crossref","unstructured":"S. Shin, J. Jung, and H. Balakrishnan, \u201cMalware prevalence in the KaZaA file-sharing network,\u201d in Proceedings of the 6th ACM SIGCOMM on Internet measurement - IMC \u201806, 2006, no. May, p. 333.","DOI":"10.1145\/1177080.1177125"},{"key":"12_CR22","doi-asserted-by":"crossref","unstructured":"S. Mohtasebi and A. Dehghantanha, \u201cA Mitigation Approach to the Malwares Threats of Social Network Services,\u201d Muktimedia Inf. Netw. Secur., pp. 448\u2013449, 2009.","DOI":"10.1007\/978-3-642-22410-2_39"},{"key":"12_CR23","doi-asserted-by":"crossref","unstructured":"X. M. Wang, Z. B. He, X. Q. Zhao, C. Lin, Y. Pan, and Z. P. Cai, \u201cReaction-diffusion modeling of malware propagation in mobile wireless sensor networks,\u201d Sci. China Inf. Sci., vol. 56, no. 9, pp. 1\u201318, 2013.","DOI":"10.1007\/s11432-013-4977-4"},{"key":"12_CR24","doi-asserted-by":"crossref","unstructured":"D. Jiang and K. Omote, \u201cA RAT detection method based on network behavior of the communication\u2019s early stage,\u201d IEICE Trans. Fundam. Electron. Commun. Comput. Sci., vol. E99A, no. 1, pp. 145\u2013153, 2016.","DOI":"10.1587\/transfun.E99.A.145"},{"key":"12_CR25","unstructured":"M. N. Kondalwar and C. J. Shelke, \u201cRemote Administrative Trojan\/Tool (RAT),\u201d Int. J. Comput. Sci. Mob. Comput., vol. 3333, no. 3, pp. 482\u2013487, 2014."},{"key":"12_CR26","doi-asserted-by":"crossref","unstructured":"D. Jiang and K. Omote, \u201cAn approach to detect remote access trojan in the early stage of communication,\u201d Proc. - Int. Conf. Adv. Inf. Netw. Appl. AINA, vol. 2015\u2013April, pp. 706\u2013713, 2015.","DOI":"10.1109\/AINA.2015.257"},{"key":"12_CR27","doi-asserted-by":"crossref","unstructured":"U. Losche, M. Morgenstern, and H. Pilz, \u201cPlatform Independent Malware Analysis Framework,\u201d Proc. - 9th Int. Conf. IT Secur. Incid. Manag. IT Forensics, IMF 2015, pp. 109\u2013113, 2015.","DOI":"10.1109\/IMF.2015.21"},{"key":"12_CR28","unstructured":"\u201cscmagazine.\u201d [Online]. Available: https:\/\/www.scmagazine.com\/cross-platform-rat-alienspy-targets-mac-os-x-windows-and-android-users\/article\/535974\/2 \/."},{"key":"12_CR29","doi-asserted-by":"crossref","unstructured":"A. Shabtai, L. Tenenboim-Chekina, D. Mimran, L. Rokach, B. Shapira, and Y. Elovici, \u201cMobile malware detection through analysis of deviations in application network behavior,\u201d Comput. Secur., vol. 43, pp. 1\u201318, Jun. 2014.","DOI":"10.1016\/j.cose.2014.02.009"},{"key":"12_CR30","doi-asserted-by":"crossref","unstructured":"M. Lindorfer, C. Kolbitsch, and P. M. Comparetti, \u201cDetecting environment-sensitive malware,\u201d in International Workshop on Recent Advances in Intrusion Detection, 2011, vol. 2011, pp. 338\u2013357.","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"12_CR31","doi-asserted-by":"crossref","unstructured":"A. Karim, S. Adeel, A. Shah, and R. Salleh, \u201cNew Perspectives in Information Systems and Technologies, Volume 2,\u201d vol. 276, pp. 153\u2013164, 2014.","DOI":"10.1007\/978-3-319-05948-8_15"},{"key":"12_CR32","unstructured":"X. Ugarte-Pedrero, D. Balzarotti, I. Santos, and P. G. Bringas, \u201cSoK: Deep packer inspection: A longitudinal study of the complexity of run-time packers,\u201d Proc. - IEEE Symp. Secur. Priv., vol. 2015\u2013July, pp. 659\u2013673, 2015."},{"key":"12_CR33","unstructured":"B. B. Gupta, A. Tewari, A. K. Jain, and D. P. Agrawal, \u201cFighting against phishing attacks: state of the art and future challenges,\u201d Neural Comput. Appl., vol. 28, no. 12, pp. 3629\u20133654, Dec. 2017."},{"key":"12_CR34","doi-asserted-by":"crossref","unstructured":"M. Nawir, A. Amir, N. Yaakob, and O. B. Lynn, \u201cInternet of Things (IoT): Taxonomy of security attacks,\u201d 2016 3rd Int. Conf. Electron. Des., pp. 321\u2013326, 2016.","DOI":"10.1109\/ICED.2016.7804660"},{"key":"12_CR35","doi-asserted-by":"crossref","unstructured":"A. Cook, H. Janicke, R. Smith, and L. Maglaras, \u201cThe industrial control system cyber defence triage process,\u201d Comput. Secur., vol. 70, pp. 467\u2013481, 2017.","DOI":"10.1016\/j.cose.2017.07.009"},{"key":"12_CR36","unstructured":"T. Who and E. T. Hunting, \u201cInterested in learning SANS Institute InfoSec Reading Room The Who, What, Where, When, Why and How of.\u201d"},{"key":"12_CR37","doi-asserted-by":"crossref","unstructured":"T. Yadav and A. M. Rao, \u201cTechnical aspects of cyber kill chain,\u201d in International Symposium on Security in Computing and Communication, 2015, pp. 438\u2013452.","DOI":"10.1007\/978-3-319-22915-7_40"},{"key":"12_CR38","unstructured":"S. Attaluri, \u201cDetecting Metamorphic Viruses Using Profile Hidden Markov Models,\u201d no. December, 2007."},{"key":"12_CR39","unstructured":"B. Kolosnjaji, A. Zarras, G. Webster, and C. Eckert, \u201cDeep Learning for Classification of Malware System Call Sequences.\u201d"},{"key":"12_CR40","doi-asserted-by":"crossref","unstructured":"T. Yadav and P. Szor, \u201cThe art of computer virus research and defense,\u201d Choice Rev. Online, vol. 43, no. 03, pp. 43\u20131613\u201343\u20131613, Nov. 2005.","DOI":"10.5860\/CHOICE.43-1613"},{"key":"12_CR41","doi-asserted-by":"crossref","unstructured":"M. Egele, T. Scholte, E. Kirda, and C. Kruegel, \u201cA survey on automated dynamic malware-analysis techniques and tools,\u201d ACM Comput. Surv., vol. 44, no. 2, pp. 1\u201342, 2012.","DOI":"10.1145\/2089125.2089126"},{"key":"12_CR42","doi-asserted-by":"crossref","unstructured":"F. Daryabar, A. Dehghantanha, and N. I. Udzir, \u201cInvestigation of bypassing malware defences and malware detections,\u201d in Information Assurance and Security (IAS), 2011 7th International Conference on, 2011, pp. 173\u2013178.","DOI":"10.1109\/ISIAS.2011.6122815"},{"key":"12_CR43","unstructured":"M. Assante and R. Lee, \u201cInterested in learning SANS Institute InfoSec Reading Room System Cyber Kill Chain,\u201d 2015."},{"key":"12_CR44","doi-asserted-by":"crossref","unstructured":"S. Khattak, N. R. Ramay, K. R. Khan, A. A. Syed, and S. A. Khayam, \u201cA Taxonomy of botnet behavior, detection, and defense,\u201d IEEE Commun. Surv. Tutorials, vol. 16, no. 2, pp. 898\u2013924, 2014.","DOI":"10.1109\/SURV.2013.091213.00134"},{"key":"12_CR45","unstructured":"A. Buescher, F. Leder, and T. Siebert, \u201cBanksafe Information Stealer Detection Inside the Web Browser,\u201d in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 6961 LNCS, Springer, 2011, pp. 262\u2013280."},{"key":"12_CR46","unstructured":"A. Stewart, \u201cDLL Side-Loading: A Thorn in the Side of the Anti-Virus (AV) Industry,\u201d FireEye, Inc, 2014."}],"container-title":["Handbook of Big Data and IoT Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-10543-3_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T03:15:50Z","timestamp":1574392550000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-10543-3_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019]]},"ISBN":["9783030105426","9783030105433"],"references-count":46,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-10543-3_12","relation":{},"subject":[],"published":{"date-parts":[[2019]]},"assertion":[{"value":"23 March 2019","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}