{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,26]],"date-time":"2025-03-26T21:54:26Z","timestamp":1743026066984,"version":"3.40.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030582944"},{"type":"electronic","value":"9783030582951"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-58295-1_6","type":"book-chapter","created":{"date-parts":[[2020,8,26]],"date-time":"2020-08-26T10:22:49Z","timestamp":1598437369000},"page":"69-82","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Finding Fast Flux Traffic in DNS Haystack"],"prefix":"10.1007","author":[{"given":"Williams","family":"Surjanto","sequence":"first","affiliation":[]},{"given":"Charles","family":"Lim","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,8,26]]},"reference":[{"issue":"12","key":"6_CR1","doi-asserted-by":"publisher","first-page":"3629","DOI":"10.1007\/s00521-016-2275-y","volume":"28","author":"BB Gupta","year":"2017","unstructured":"Gupta, B.B., Tewari, A., Jain, A.K., Agrawal, D.P.: Fighting against phishing attacks: state of the art and future challenges. Neural Comput. Appl. 28(12), 3629\u20133654 (2017). https:\/\/doi.org\/10.1007\/s00521-016-2275-y","journal-title":"Neural Comput. Appl."},{"issue":"4\u20136","key":"6_CR2","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1080\/19393555.2015.1058994","volume":"24","author":"S Zhou","year":"2015","unstructured":"Zhou, S.: A survey on fast-flux attacks. Inf. Secur. J. Global Perspect. 24(4\u20136), 79\u201397 (2015)","journal-title":"Inf. Secur. J. Global Perspect."},{"key":"6_CR3","unstructured":"Salusky, W., Danford, R.: Know your enemy: fast-flux service networks. The Honeynet Project, pp. 1\u201324 (2007)"},{"key":"6_CR4","unstructured":"Katz, O., Perets, R., Matzliach, G.: Digging deeper-an in-depth analysis of a fast flux network (2017)"},{"issue":"4","key":"6_CR5","doi-asserted-by":"publisher","first-page":"491","DOI":"10.1007\/s10257-011-0171-7","volume":"10","author":"A Caglayan","year":"2012","unstructured":"Caglayan, A., Toothaker, M., Drapeau, D., Burke, D., Eaton, G.: Behavioral analysis of botnets for threat intelligence. Inf. Syst. E-Bus. Manage. 10(4), 491\u2013519 (2012). https:\/\/doi.org\/10.1007\/s10257-011-0171-7","journal-title":"Inf. Syst. E-Bus. Manage."},{"key":"6_CR6","unstructured":"Proofpoint. Sandiflux: another fast flux infrastructure used in malware distribution emerges (2018). https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/sandiflux-another-fast-flux-infrastructure-used-malware-distribution-emerges"},{"key":"6_CR7","unstructured":"Cant\u00f3n, D.: Botnet detection through DNS-based approaches (2015). https:\/\/www.incibe-cert.es\/en\/blog\/botnet-detection-dns"},{"key":"6_CR8","unstructured":"Weimer, F.: Passive DNS replication. In: FIRST Conference on Computer Security Incident, p. 98 (2005)"},{"key":"6_CR9","unstructured":"Xu, W., Wang, X., Xie, H.: New trends in fastflux networks (2013). https:\/\/media.blackhat.com\/us-13\/US-13-Xu-New-Trends-in-FastFlux-Networks-WP.pdf"},{"key":"6_CR10","unstructured":"Mike Williams, D.A.: The best CDN providers of 2018 to speed up any website (2018). https:\/\/www.infoworld.com\/article\/2994016\/network-security\/strengthen-your-network-security-with-passive-dns.html"},{"issue":"10","key":"6_CR11","doi-asserted-by":"publisher","first-page":"1947","DOI":"10.1109\/JSAC.2014.2358814","volume":"32","author":"F-H Hsu","year":"2014","unstructured":"Hsu, F.-H., Wang, C.-S., Hsu, C.-H., Tso, C.-K., Chen, L.-H., Lin, S.-H.: Detect fast-flux domains through response time differences. IEEE J. Sel. Areas Commun. 32(10), 1947\u20131956 (2014)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"6_CR12","unstructured":"Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks (2008). https:\/\/www.ndss-symposium.org\/wp-content\/uploads\/2017\/09\/Measuring-and-Detecting-Fast-Flux-Service-Networks-paper-Thorsten-Holz.pdf"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Hu, X., Knysz, M., Shin, K.G.: Measurement and analysis of global IP-usage patterns of fast-flux botnets. In: Proceedings of the IEEE INFOCOM, pp. 2633\u20132641. IEEE (2011)","DOI":"10.1109\/INFCOM.2011.5935091"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Koo, T.-M., Chang, H.-C., Chuang, C.-C.: Detecting and analyzing fast-flux service networks. In: Advances in Information Sciences and Service Sciences, vol. 4, no. 10 (2012)","DOI":"10.4156\/aiss.vol4.issue10.22"},{"key":"6_CR15","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Corona, I., Dagon, D., Lee, W.: Detecting malicious flux service networks through passive analysis of recursive DNS traces. In: Annual Computer Security Applications Conference, pp. 311\u2013320. IEEE (2009)","DOI":"10.1109\/ACSAC.2009.36"},{"key":"6_CR16","unstructured":"Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: USENIX Security Symposium, pp. 273\u2013290 (2010)"},{"key":"6_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"463","DOI":"10.1007\/978-3-319-99136-8_25","volume-title":"Information Security","author":"P Lombardo","year":"2018","unstructured":"Lombardo, P., Saeli, S., Bisio, F., Bernardi, D., Massa, D.: Fast flux service network detection via data mining on passive DNS traffic. In: Chen, L., Manulis, M., Schneider, S. (eds.) ISC 2018. LNCS, vol. 11060, pp. 463\u2013480. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-99136-8_25"},{"key":"6_CR18","doi-asserted-by":"crossref","unstructured":"Dietrich, C.J., Rossow, C., Freiling, F.C., Bos, H., Van Steen, M., Pohlmann, N.: On botnets that use DNS for command and control. In: Seventh European Conference on Computer Network Defense, pp. 9\u201316. IEEE (2011)","DOI":"10.1109\/EC2ND.2011.16"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Thomas, M., Mohaisen, A.: Kindred domains: detecting and clustering botnet domains using DNS traffic. In: Proceedings of the 23rd International Conference on World Wide Web, pp. 707\u2013712. ACM (2014)","DOI":"10.1145\/2567948.2579359"},{"issue":"7","key":"6_CR20","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/s00521-016-2531-1","volume":"29","author":"A Almomani","year":"2018","unstructured":"Almomani, A.: Fast-flux hunter: a system for filtering online fast-flux botnet. Neural Comput. Appl. 29(7), 483\u2013493 (2018). https:\/\/doi.org\/10.1007\/s00521-016-2531-1","journal-title":"Neural Comput. Appl."},{"issue":"10","key":"6_CR21","first-page":"58","volume":"3","author":"D Sonagara","year":"2014","unstructured":"Sonagara, D., Badheka, S.: Comparison of basic clustering algorithms. Int. J. Comput. Sci. Mob. Comput. 3(10), 58\u201361 (2014)","journal-title":"Int. J. Comput. Sci. Mob. Comput."},{"issue":"2","key":"6_CR22","first-page":"390","volume":"25","author":"D Cafuta","year":"2018","unstructured":"Cafuta, D., Sruk, V., Dodig, I.: Fast-flux botnet detection based on traffic response and search engines credit worthiness. Tehni\u010dki vjesnik 25(2), 390\u2013400 (2018)","journal-title":"Tehni\u010dki vjesnik"},{"key":"6_CR23","doi-asserted-by":"publisher","first-page":"48","DOI":"10.1016\/j.comnet.2015.12.008","volume":"97","author":"J Kwon","year":"2016","unstructured":"Kwon, J., Lee, J., Lee, H., Perrig, A.: PsyBoG: a scalable botnet detection method for large-scale DNS traffic. Comput. Netw. 97, 48\u201373 (2016)","journal-title":"Comput. Netw."},{"key":"6_CR24","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9780511809071","volume-title":"Introduction to Information Retrieval","author":"CD Manning","year":"2008","unstructured":"Manning, C.D., Raghavan, P., Sch\u00fctze, H.: Introduction to Information Retrieval. Cambridge University Press, Cambridge (2008)"},{"key":"6_CR25","unstructured":"Palacio-Ni\u00f1o, J.-O., Berzal, F.: Evaluation metrics for unsupervised learning algorithms. arXiv preprint arXiv:1905.05667 (2019)"},{"issue":"11","key":"6_CR26","first-page":"39","volume":"94","author":"J Biswas","year":"2014","unstructured":"Biswas, J., Ashutosh, A.: An insight in to network traffic analysis using packet sniffer. Int. J. Comput. Appl. 94(11), 39\u201344 (2014)","journal-title":"Int. J. Comput. Appl."},{"key":"6_CR27","unstructured":"Schiffman, M.: Farsight\u2019s network message, volume 1: introduction to NMSG (2015). https:\/\/www.farsightsecurity.com\/txt-record\/2015\/01\/28\/nmsg-intro\/"},{"key":"6_CR28","volume-title":"Learning scikit-learn: Machine Learning in Python","author":"R Garreta","year":"2013","unstructured":"Garreta, R., Moncecchi, G.: Learning scikit-learn: Machine Learning in Python. Packt Publishing, Birmingham (2013)"},{"key":"6_CR29","first-page":"1","volume":"14","author":"W McKinney","year":"2011","unstructured":"McKinney, W.: pandas: a foundational python library for data analysis and statistics. Python High Perform. Sci. Comput. 14, 1\u20139 (2011)","journal-title":"Python High Perform. Sci. Comput."},{"key":"6_CR30","unstructured":"Umbrella, C.: Alexa one million list domain (2016). http:\/\/s3-us-west-1.amazonaws.com\/umbrella-static\/top-1m.csv.zip"},{"key":"6_CR31","unstructured":"Alexa one million list TLD (2016). http:\/\/s3-us-west-1.amazonaws.com\/umbrella-static\/top-1m-TLD.csv.zip"},{"key":"6_CR32","unstructured":"Alexa. Top sites in Indonesia - Alexa (2018). https:\/\/www.alexa.com\/topsites\/countries\/ID"},{"key":"6_CR33","doi-asserted-by":"crossref","unstructured":"Martinez-Bea, S., Castillo-Perez, S., Garcia-Alfaro, J.: Real-time malicious fast-flux detection using DNS and bot related features. In: 2013 Eleventh Annual Conference on Privacy, Security and Trust, pp. 369\u2013372. IEEE (2013)","DOI":"10.1109\/PST.2013.6596093"},{"key":"6_CR34","unstructured":"scikit, selecting the number of clusters with silhouette analysis on kmeans clustering. https:\/\/scikit-learn.org\/stable\/auto-examples\/cluster\/plot-kmeans-silhouette-analysis.html"},{"key":"6_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"380","DOI":"10.1007\/978-3-030-05366-6_31","volume-title":"Distributed Computing and Internet Technology","author":"R Patgiri","year":"2019","unstructured":"Patgiri, R., Katari, H., Kumar, R., Sharma, D.: Empirical study on malicious URL detection using machine learning. In: Fahrnberger, G., Gopinathan, S., Parida, L. (eds.) ICDCIT 2019. LNCS, vol. 11319, pp. 380\u2013388. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-05366-6_31"},{"key":"6_CR36","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.cose.2019.05.019","volume":"86","author":"M Singh","year":"2019","unstructured":"Singh, M., Singh, M., Kaur, S.: Issues and challenges in DNS based botnet detection: a survey. Comput. Secur. 86, 28\u201352 (2019)","journal-title":"Comput. Secur."},{"key":"6_CR37","doi-asserted-by":"crossref","unstructured":"Kadir, A.F.A., Othman, R.A.R., Aziz, N.A.: Behavioral analysis and visualization of fast-flux DNS, pp. 250\u2013253. In: European Intelligence and Security Informatics Conference. IEEE (2012)","DOI":"10.1109\/EISIC.2012.36"},{"key":"6_CR38","doi-asserted-by":"crossref","unstructured":"Caglayan, A., Toothaker, M., Drapaeau, D., Burke, D., Eaton, G.: Behavioral patterns of fast flux service networks. In: 2010 43rd Hawaii International Conference on System Sciences, pp. 1\u20139. IEEE (2010)","DOI":"10.1109\/HICSS.2010.81"}],"container-title":["Lecture Notes in Computer Science","Critical Information Infrastructures Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-58295-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,24]],"date-time":"2021-04-24T06:39:31Z","timestamp":1619246371000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-58295-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030582944","9783030582951"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-58295-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"26 August 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"CRITIS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Critical Information Infrastructures Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bristol","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2 September 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3 September 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"15","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"critis2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/critis2020.blogs.bristol.ac.uk\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Double-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Easy Chair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"17","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"5","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"1","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"29% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"4","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"3","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"No","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"The conference was held virtually due to the COVID-19 pandemic.","order":10,"name":"additional_info_on_review_process","label":"Additional Info on Review Process","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}