{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,7,16]],"date-time":"2025-07-16T12:14:17Z","timestamp":1752668057364,"version":"3.40.3"},"publisher-location":"Cham","reference-count":19,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030622220"},{"type":"electronic","value":"9783030622237"}],"license":[{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2020,1,1]],"date-time":"2020-01-01T00:00:00Z","timestamp":1577836800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2020]]},"DOI":"10.1007\/978-3-030-62223-7_12","type":"book-chapter","created":{"date-parts":[[2020,11,10]],"date-time":"2020-11-10T10:03:00Z","timestamp":1605002580000},"page":"140-152","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Detection of Malicious Domains in APT via Mining Massive DNS Logs"],"prefix":"10.1007","author":[{"given":"Lu","family":"Huang","sequence":"first","affiliation":[]},{"given":"Jingfeng","family":"Xue","sequence":"additional","affiliation":[]},{"given":"Weijie","family":"Han","sequence":"additional","affiliation":[]},{"given":"Zixiao","family":"Kong","sequence":"additional","affiliation":[]},{"given":"Zequn","family":"Niu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2020,11,11]]},"reference":[{"key":"12_CR1","unstructured":"Bejtlich, R.: Air force cyberspace report (2007). http:\/\/taosecurity.blogspot.com\/2007\/10\/air-force-cyberspace-report.html"},{"key":"12_CR2","doi-asserted-by":"crossref","unstructured":"Bohara, A., Noureddine, M.A., Fawaz, A., Sanders, W.H.: An unsupervised multi-detector approach for identifying malicious lateral movement. In: IEEE Symposium on Reliable Distributed Systems (2017)","DOI":"10.1109\/SRDS.2017.31"},{"key":"12_CR3","doi-asserted-by":"crossref","unstructured":"Mavroeidis, V., Bromander, S.: Cyber threat intelligence model: an evaluation of taxonomies, sharing standards, and ontologies within cyber threat intelligence. In: European Intelligence and Security Informatics Conference (EISIC), pp. 91\u201398 (2017)","DOI":"10.1109\/EISIC.2017.20"},{"key":"12_CR4","doi-asserted-by":"crossref","unstructured":"Sakib, M.N., Huang,C.T.: Using anomaly detection based techniques to detect HTTP-based botnet C&C traffic. In: IEEE International Conference on Communications, pp. 1\u20136 (2016)","DOI":"10.1109\/ICC.2016.7510883"},{"key":"12_CR5","unstructured":"Villeneuve, N., Bennett, J.: Detecting apt activity with network traffic analysis. Trend Micro Incorporated (2012)"},{"key":"12_CR6","doi-asserted-by":"crossref","unstructured":"Yan, G., Li, Q., Guo, D., Li, B.: AULD: Large scale suspicious DNS activities detection via unsupervised learning in advanced persistent threats. Sensors 19, 3180 (2019)","DOI":"10.3390\/s19143180"},{"key":"12_CR7","doi-asserted-by":"crossref","unstructured":"Wang, X., Zheng, K.F., Niu, X.X., Wu, B., Wu, C.H.: Detection of command and control in advanced persistent threat based on independent access. In: IEEE International Conference on Communications (ICC) (2016)","DOI":"10.1109\/ICC.2016.7511197"},{"key":"12_CR8","unstructured":"Nadler, A., Aminov, A., Shabtai, A.: Detection of malicious and low throughput data exfiltration over the DNS protocol. Comput. Secur. 80, 36\u201353 (2019)"},{"key":"12_CR9","series-title":"IFIP Advances in Information and Communication Technology","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-55415-5_1","volume-title":"ICT Systems Security and Privacy Protection","author":"N Kheir","year":"2014","unstructured":"Kheir, N., Tran, F., Caron, P., Deschamps, N.: Mentor: positive DNS reputation to skim-off benign domains in botnet C&C blacklists. In: Cuppens-Boulahia, N., Cuppens, F., Jajodia, S., Abou El Kalam, A., Sans, T. (eds.) SEC 2014. IAICT, vol. 428, pp. 1\u201314. Springer, Heidelberg (2014). https:\/\/doi.org\/10.1007\/978-3-642-55415-5_1"},{"key":"12_CR10","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-11203-9_1","volume-title":"Computer Security - ESORICS 2014","author":"PK Manadhata","year":"2014","unstructured":"Manadhata, P.K., Yadav, S., Rao, P., Horne, W.: Detecting malicious domains via graph inference. In: Kuty\u0142owski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 1\u201318. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11203-9_1"},{"key":"12_CR11","first-page":"102687","volume":"11","author":"F Zou","year":"2015","unstructured":"Zou, F., Zhang, S., Rao, W., Yi, P.: Detecting malware based on DNS graph mining. Int. J. Distrib. Sens. Netw. 11, 102687 (2015)","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"12_CR12","doi-asserted-by":"crossref","unstructured":"Oprea, A., Li, Z., Yen, T.-F., Chin.S. H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In IEEE\/IFIP International Conference on Dependable Systems and Networks (2015)","DOI":"10.1109\/DSN.2015.14"},{"key":"12_CR13","doi-asserted-by":"publisher","first-page":"13917","DOI":"10.1109\/ACCESS.2019.2894509","volume":"7","author":"Z Ma","year":"2019","unstructured":"Ma, Z., Li, Q., Meng, X.: Discovering suspicious APT families through a large-scale domain graph in information-centric IoT. IEEE Access 7, 13917\u201313926 (2019)","journal-title":"IEEE Access"},{"key":"12_CR14","doi-asserted-by":"crossref","unstructured":"Khalil, I., Yu, T., Guan, B.: Discovering malicious domains through passive DNS data graph analysis. In: ACM on Asia Conference on Computer & Communications Security. ACM (2016)","DOI":"10.1145\/2897845.2897877"},{"key":"12_CR15","doi-asserted-by":"publisher","first-page":"1132","DOI":"10.1109\/ACCESS.2015.2458581","volume":"3","author":"G Zhao","year":"2015","unstructured":"Zhao, G., Xu, K., Xu, L., Wu, B.: Detecting APT malware infections based on malicious DNS and traffic analysis. IEEE Access 3, 1132\u20131142 (2015)","journal-title":"IEEE Access"},{"key":"12_CR16","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1016\/j.future.2018.06.055","volume":"89","author":"I Ghafir","year":"2018","unstructured":"Ghafir, I., Hammoudeh, M., Prenosil, V., Han, L., Hegarty, R., Rabie, K.: Detection of advanced persistent threat using machine-learning correlation analysis. Future Generation Comput. Syst. 89, 349\u2013359 (2018)","journal-title":"Future Generation Comput. Syst."},{"key":"12_CR17","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1016\/j.comcom.2014.04.013","volume":"49","author":"J Lee","year":"2014","unstructured":"Lee, J., Lee, H.: GMAD: graph-based malware activity detection by DNS traffic analysis. Comput. Commun. 49, 33\u201347 (2014)","journal-title":"Comput. Commun."},{"issue":"2","key":"12_CR18","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/s10207-016-0331-3","volume":"16","author":"M Stevanovic","year":"2016","unstructured":"Stevanovic, M., Pedersen, J.M., D\u2019Alconzo, A., Ruehrup, S.: A method for identifying compromised clients based on DNS traffic analysis. Int. J. Inf. Secur. 16(2), 115\u2013132 (2016). https:\/\/doi.org\/10.1007\/s10207-016-0331-3","journal-title":"Int. J. Inf. Secur."},{"key":"12_CR19","unstructured":"Ferrell, P.S.: Apt infection discovery using DNS data. Los Alamos National Laboratory (LANL), Technical report (2013)"}],"container-title":["Lecture Notes in Computer Science","Machine Learning for Cyber Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-62223-7_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,10]],"date-time":"2020-11-10T10:10:22Z","timestamp":1605003022000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-030-62223-7_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020]]},"ISBN":["9783030622220","9783030622237"],"references-count":19,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-62223-7_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2020]]},"assertion":[{"value":"11 November 2020","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ML4CS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Machine Learning for Cyber Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2020","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"8 October 2020","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"10 October 2020","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"3","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ml4cs2020","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/nsclab.org\/ml4cs2020\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Single-blind","order":1,"name":"type","label":"Type","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"EasyChair","order":2,"name":"conference_management_system","label":"Conference Management System","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"360","order":3,"name":"number_of_submissions_sent_for_review","label":"Number of Submissions Sent for Review","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"118","order":4,"name":"number_of_full_papers_accepted","label":"Number of Full Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"40","order":5,"name":"number_of_short_papers_accepted","label":"Number of Short Papers Accepted","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"33% - The value is computed by the equation \"Number of Full Papers Accepted \/ Number of Submissions Sent for Review * 100\" and then rounded to a whole number.","order":6,"name":"acceptance_rate_of_full_papers","label":"Acceptance Rate of Full Papers","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"2.2","order":7,"name":"average_number_of_reviews_per_paper","label":"Average Number of Reviews per Paper","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"8","order":8,"name":"average_number_of_papers_per_reviewer","label":"Average Number of Papers per Reviewer","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}},{"value":"Yes","order":9,"name":"external_reviewers_involved","label":"External Reviewers Involved","group":{"name":"ConfEventPeerReviewInformation","label":"Peer Review Information (provided by the conference organizers)"}}]}}