{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,13]],"date-time":"2025-05-13T16:14:53Z","timestamp":1747152893452,"version":"3.40.5"},"publisher-location":"Cham","reference-count":27,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030385569"},{"type":"electronic","value":"9783030385576"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-38557-6_18","type":"book-chapter","created":{"date-parts":[[2020,3,18]],"date-time":"2020-03-18T14:10:05Z","timestamp":1584540605000},"page":"371-383","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":5,"title":["RAT Hunter: Building Robust Models for Detecting Remote Access Trojans Based on Optimum Hybrid Features"],"prefix":"10.1007","author":[{"given":"Mohammad Mehdi","family":"BehradFar","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hamed","family":"HaddadPajouh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9294-7554","authenticated-orcid":false,"given":"Ali","family":"Dehghantanha","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Amin","family":"Azmoodeh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hadis","family":"Karimipour","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Reza M.","family":"Parizi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gautam","family":"Srivastava","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2020,3,19]]},"reference":[{"key":"18_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1016\/j.sysarc.2019.01.017","volume":"97","author":"EM Dovom","year":"2019","unstructured":"E.M. Dovom, A. Azmoodeh, A. Dehghantanha, D.E. Newton, R.M. Parizi, H. Karimipour, Fuzzy pattern tree for edge malware detection and categorization in IoT. J. Syst. Archit. 97, 1\u20137 (2019). \nhttps:\/\/doi.org\/10.1016\/j.sysarc.2019.01.017","journal-title":"J. Syst. Archit."},{"key":"18_CR2","doi-asserted-by":"publisher","first-page":"100111","DOI":"10.1016\/j.iot.2019.100111","volume":"2019","author":"J Sakhnini","year":"2019","unstructured":"J. Sakhnini, H. Karimipour, A. Dehghantanha, R.M. Parizi, G. Srivastava, Security aspects of internet of things aided smart grids: a bibliometric survey. Internet of Things 2019, 100111 (2019). \nhttps:\/\/doi.org\/10.1016\/j.iot.2019.100111","journal-title":"Internet of Things"},{"key":"18_CR3","volume-title":"Scanning tool for the detection of images embedded with malicious programs, in 2015 International Conference on Electrical, Electronics, Signals, Communication and Optimization (EESCO)","author":"RT Shoniwa","year":"2015","unstructured":"R.T. Shoniwa, G. George, Scanning tool for the detection of images embedded with malicious programs, in 2015 International Conference on Electrical, Electronics, Signals, Communication and Optimization (EESCO) (2015)"},{"key":"18_CR4","doi-asserted-by":"publisher","first-page":"394","DOI":"10.1016\/j.jocs.2017.10.020","volume":"27","author":"D Kiwia","year":"2018","unstructured":"D. Kiwia, A. Dehghantanha, K.-K.R. Choo, J. Slaughter, A cyber kill chain based taxonomy of banking Trojans for evolutionary computational intelligence. J. Comput. Sci. 27, 394\u2013409 (2018)","journal-title":"J. Comput. Sci."},{"key":"18_CR5","doi-asserted-by":"publisher","first-page":"865","DOI":"10.3745\/JIPS.03.0126","volume":"15","author":"PN Bahrami","year":"2019","unstructured":"P.N. Bahrami, A. Dehghantanha, T. Dargahi, R.M. Parizi, K.R. Choo, H.H.S. Javadi, Cyber kill chain-based taxonomy of advanced persistent threat actors: analogy of tactics, techniques, and procedures. J. Inf. Process. Syst. 15, 865\u2013889 (2019). \nhttps:\/\/doi.org\/10.3745\/JIPS.03.0126","journal-title":"J. Inf. Process. Syst."},{"key":"18_CR6","doi-asserted-by":"publisher","first-page":"3539","DOI":"10.1109\/BigData.2016.7841017","volume-title":"Label propagation in big data to detect remote access Trojans, in 2016 IEEE International Conference on Big Data (Big Data)","author":"SC Pallaprolu","year":"2016","unstructured":"S.C. Pallaprolu, J.M. Namayanja, V.P. Janeja, C.S. Adithya, Label propagation in big data to detect remote access Trojans, in 2016 IEEE International Conference on Big Data (Big Data) (IEEE, Piscataway, 2016), pp. 3539\u20133547"},{"key":"18_CR7","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-030-10543-3_12","volume-title":"Handbook of Big Data and IoT Security","author":"R HosseiniNejad","year":"2019","unstructured":"R. HosseiniNejad, H. HaddadPajouh, A. Dehghantanha, R. M. Parizi, A cyber kill chain based analysis of remote access Trojans, in Handbook of Big Data and IoT Security, ed. by A. Dehghantanha, K.-K.R. Choo (Springer, Cham, 2019), pp. 273\u2013299. \nhttps:\/\/doi.org\/10.1007\/978-3-030-10543-3_12"},{"issue":"4","key":"18_CR8","doi-asserted-by":"publisher","first-page":"277","DOI":"10.1007\/s11416-019-00338-7","volume":"15","author":"T Dargahi","year":"2019","unstructured":"T. Dargahi, A. Dehghantanha, P.N. Bahrami, M. Conti, G. Bianchi, L. Benedetto, A Cyber-Kill-Chain based taxonomy of crypto-ransomware features. J. Comput. Virol. Hack Tech. 15(4), 277\u2013305 (2019). \nhttps:\/\/doi.org\/10.1007\/s11416-019-00338-7","journal-title":"J. Comput. Virol. Hack Tech."},{"key":"18_CR9","doi-asserted-by":"crossref","unstructured":"S. Samuel, J. Graham, C. Hinds, Hunting Malware: An example using Gh0st, in 2017 International Conference on Computational Science and Computational Intelligence (CSCI) (IEEE, 2017 Dec), pp. 97\u2013102","DOI":"10.1109\/CSCI.2017.16"},{"key":"18_CR10","first-page":"221","volume-title":"Analysis and triage of advanced hacking groups targeting western countries critical national infrastructure: APT28, RED October, and Regin, in Critical Infrastructure Security and Resilience","author":"H Mwiki","year":"2019","unstructured":"H. Mwiki, T. Dargahi, A. Dehghantanha, K.-K.R. Choo, Analysis and triage of advanced hacking groups targeting western countries critical national infrastructure: APT28, RED October, and Regin, in Critical Infrastructure Security and Resilience (Springer, Berlin, 2019), pp. 221\u2013244"},{"key":"18_CR11","unstructured":"M. Rezaeirad, B. Farinholt, H. Dharmdasani, P. Pearce, K. Levchenko, D. McCoy, Schr\u00f6dinger\u2019s RAT: profiling the stakeholders in the remote access Trojan ecosystem, in 27th USENIX Security Symposium (USENIX Security 18) (2018), pp. 1043\u20131060"},{"key":"18_CR12","first-page":"147","volume-title":"Evaluation of a brute forcing tool that extracts the rat from a malicious document file, in 2016 11th Asia Joint Conference on Information Security (AsiaJCIS)","author":"M Mimura","year":"2016","unstructured":"M. Mimura, Y. Otsubo, H. Tanaka, Evaluation of a brute forcing tool that extracts the rat from a malicious document file, in 2016 11th Asia Joint Conference on Information Security (AsiaJCIS) (IEEE, Piscataway, 2016), pp. 147\u2013154"},{"key":"18_CR13","first-page":"91","volume":"37","author":"A Pekta\u015f","year":"2017","unstructured":"A. Pekta\u015f, T. Acarman, Classification of malware families based on runtime behaviors. J. Inform. Secur. Appl. 37, 91\u2013100 (2017)","journal-title":"J. Inform. Secur. Appl."},{"key":"18_CR14","first-page":"131","volume-title":"Detecting remote access Trojans through external control at area network borders, in Proceedings of the Symposium on Architectures for Networking and Communications Systems","author":"S Wu","year":"2017","unstructured":"S. Wu, S. Liu, W. Lin, X. Zhao, S. Chen, Detecting remote access Trojans through external control at area network borders, in Proceedings of the Symposium on Architectures for Networking and Communications Systems (IEEE Press, New York, 2017), pp. 131\u2013141"},{"issue":"1","key":"18_CR15","doi-asserted-by":"publisher","first-page":"61","DOI":"10.1007\/s10844-015-0388-x","volume":"48","author":"HH Pajouh","year":"2017","unstructured":"H.H. Pajouh, G. Dastghaibyfard, S. Hashemi, Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61\u201374 (2017). \nhttps:\/\/doi.org\/10.1007\/s10844-015-0388-x","journal-title":"J. Intell. Inf. Syst."},{"key":"18_CR16","unstructured":"R.M. Parizi, A. Dehghantanha, K.-K.R. Choo, A. Singh, Empirical vulnerability analysis of automated smart contracts security testing on blockchains, in Proceedings of the 28th Annual International Conference on Computer Science and Software Engineering, CASCON \u201918 (2018), pp. 103\u2013113"},{"key":"18_CR17","first-page":"706","volume-title":"An approach to detect remote access Trojan in the early stage of communication, in 2015 IEEE 29th International Conference on Advanced Information Networking and Applications","author":"D Jiang","year":"2015","unstructured":"D. Jiang, K. Omote, An approach to detect remote access Trojan in the early stage of communication, in 2015 IEEE 29th International Conference on Advanced Information Networking and Applications (IEEE, Piscataway, 2015), pp. 706\u2013713"},{"key":"18_CR18","first-page":"321","volume-title":"RAT-based malicious activities detection on enterprise internal networks, in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST)","author":"M Yamada","year":"2015","unstructured":"M. Yamada, M. Morinaga, Y. Unno, S. Torii, M. Takenaka, RAT-based malicious activities detection on enterprise internal networks, in 2015 10th International Conference for Internet Technology and Secured Transactions (ICITST) (IEEE, Piscataway, 2015), pp. 321\u2013325"},{"key":"18_CR19","first-page":"128","volume-title":"A network-based framework for RAT-bots detection, in 2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON)","author":"AA Awad","year":"2017","unstructured":"A.A. Awad, S.G. Sayed, S.A. Salem, A network-based framework for RAT-bots detection, in 2017 8th IEEE Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON) (IEEE, Piscataway, 2017), pp. 128\u2013133"},{"key":"18_CR20","doi-asserted-by":"crossref","unstructured":"B. Kolosnjaji, A. Zarras, G. Webster, C. Eckert, Deep learning for classification of malware system call sequences, in Australasian Joint Conference on Artificial Intelligence (Springer, 2016), pp. 137\u2013149","DOI":"10.1007\/978-3-319-50127-7_11"},{"key":"18_CR21","doi-asserted-by":"publisher","first-page":"88","DOI":"10.1016\/j.future.2018.03.007","volume":"85","author":"H HaddadPajouh","year":"2018","unstructured":"H. HaddadPajouh, A. Dehghantanha, R. Khayami, K.-K.R. Choo, A deep Recurrent Neural Network based approach for Internet of Things malware threat hunting. Futur. Gener. Comput. Syst. 85, 88\u201396 (2018)","journal-title":"Futur. Gener. Comput. Syst."},{"issue":"6","key":"18_CR22","doi-asserted-by":"publisher","first-page":"1012","DOI":"10.1016\/j.jcss.2014.12.014","volume":"81","author":"P Wang","year":"2015","unstructured":"P. Wang, Y.-S. Wang, Malware behavioural detection and vaccine development by using a support vector model classifier. J. Comput. Syst. Sci. 81(6), 1012\u20131026 (2015)","journal-title":"J. Comput. Syst. Sci."},{"key":"18_CR23","unstructured":"Z. Xu, S. Ray, P. Subramanyan, S. Malik, Malware detection using machine learning based analysis of virtual memory access patterns, in Proceedings of the Conference on Design, Automation and Test in Europe, European Design and Automation Association (2017), pp. 169\u2013174"},{"key":"18_CR24","volume-title":"Practical Malware Analysis: The Hands-on Guide to Dissecting Malicious Software","author":"M Sikorski","year":"2012","unstructured":"M. Sikorski, A. Honig, Practical Malware Analysis: The Hands-on Guide to Dissecting Malicious Software (No Starch Press, San Francisco, 2012)"},{"issue":"5","key":"18_CR25","doi-asserted-by":"publisher","first-page":"390","DOI":"10.1109\/TSMC.1978.4309980","volume":"8","author":"JM Campenhout Van","year":"1978","unstructured":"J.M. Van Campenhout, On the peaking of the Hughes mean recognition accuracy: The resolution of an apparent paradox. IEEE Trans. Syst. Man Cybern. 8(5), 390\u2013395 (1978 May)","journal-title":"IEEE Trans. Syst. Man Cybern."},{"key":"18_CR26","unstructured":"Y. Yang, J.O. Pedersen, A comparative study on feature selection in text categorization, in Proceedings of the International Conference on Machine Learning, vol. 97 (1997), p. 35"},{"key":"18_CR27","unstructured":"M.A. Hall, Correlation-based feature selection for machine learning. Ph.D Thesis, The University of Waikato, Hamilton, 1999"}],"container-title":["Handbook of Big Data Privacy"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-38557-6_18","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,3,19]],"date-time":"2020-03-19T00:27:31Z","timestamp":1584577651000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-38557-6_18"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030385569","9783030385576"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-38557-6_18","relation":{},"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"19 March 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}