{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T07:39:31Z","timestamp":1743061171632,"version":"3.40.3"},"publisher-location":"Cham","reference-count":38,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031757631"},{"type":"electronic","value":"9783031757648"}],"license":[{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,10,17]],"date-time":"2024-10-17T00:00:00Z","timestamp":1729123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025]]},"DOI":"10.1007\/978-3-031-75764-8_12","type":"book-chapter","created":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:03:12Z","timestamp":1729594992000},"page":"226-245","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Automated Generation of\u00a0Behavioral Signatures for\u00a0Malicious Web Campaigns"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-6700-5824","authenticated-orcid":false,"given":"Shaown","family":"Sarker","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2505-684X","authenticated-orcid":false,"given":"William","family":"Melicher","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2796-6345","authenticated-orcid":false,"given":"Oleksii","family":"Starov","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8961-9963","authenticated-orcid":false,"given":"Anupam","family":"Das","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8839-8521","authenticated-orcid":false,"given":"Alexandros","family":"Kapravelos","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,10,17]]},"reference":[{"unstructured":"alexa.com. Alexa Top Sites. https:\/\/www.alexa.com\/topsites. Accessed 28 Nov 2021","key":"12_CR1"},{"unstructured":"Calzavara, S., Roth, S., Rabitti, A., Backes, M., Stock, B.: A tale of two headers: a formal analysis of inconsistent click-jacking protection on the web. In: Proceedings of the USENIX Security Symposium (2020)","key":"12_CR2"},{"doi-asserted-by":"crossref","unstructured":"Canali, D., Cova, M., Vigna, G., Kruegel, C.: Prophiler : a fast filter for the large-scale detection of malicious web pages categories and subject descriptors. In: Proceedings of the International World Wide Web Conference (WWW) (2011)","key":"12_CR3","DOI":"10.1145\/1963405.1963436"},{"doi-asserted-by":"crossref","unstructured":"Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javaScript code. In: Proceedings of the International World Wide Web Conference (WWW) (2010)","key":"12_CR4","DOI":"10.1145\/1772690.1772720"},{"unstructured":"Curtsinger, C., Livshits, B., Zorn, B.G., Seifert, C.: Zozzle: fast and precise in-browser javascript malware detection. In: Proceedings of the USENIX Security Symposium (2011)","key":"12_CR5"},{"unstructured":"Egele, M., Kruegel, C., Kirda, E., Yin, H., Song, D.: Dynamic spyware analysis. In: Proceedings of the USENIX Annual Technical Conference (2007)","key":"12_CR6"},{"doi-asserted-by":"crossref","unstructured":"Fass, A., Backes, M., Stock, B.: HideNoSeek: camouflaging malicious javaScript in benign ASTs. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2019)","key":"12_CR7","DOI":"10.1145\/3319535.3345656"},{"key":"12_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"303","DOI":"10.1007\/978-3-319-93411-2_14","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Fass","year":"2018","unstructured":"Fass, A., Krawczyk, R.P., Backes, M., Stock, B.: JaSt: fully syntactic detection of malicious (obfuscated) javascript. In: Giuffrida, C., Bardin, S., Blanc, G. (eds.) DIMVA 2018. LNCS, vol. 10885, pp. 303\u2013325. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-319-93411-2_14"},{"key":"12_CR9","series-title":"The Springer Series on Challenges in Machine Learning","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1007\/978-3-030-05318-5_1","volume-title":"Automated Machine Learning","author":"M Feurer","year":"2019","unstructured":"Feurer, M., Hutter, F.: Hyperparameter optimization. In: Hutter, F., Kotthoff, L., Vanschoren, J. (eds.) Automated Machine Learning. TSSCML, pp. 3\u201333. Springer, Cham (2019). https:\/\/doi.org\/10.1007\/978-3-030-05318-5_1"},{"doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., Christodorescu, M., Sailer, R., Yan, X.: Synthesizing near-optimal malware specifications from suspicious behaviors. In: Proceedings of the IEEE Symposium on Security and Privacy (2010)","key":"12_CR10","DOI":"10.1109\/SP.2010.11"},{"doi-asserted-by":"crossref","unstructured":"Jueckstock, J., Kapravelos, A.: Visiblev8: in-browser monitoring of javascript in the wild. In: Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC) (2019)","key":"12_CR11","DOI":"10.1145\/3355369.3355599"},{"unstructured":"Kaplan, S., Livshits, B., Zorn, B., Siefert, C., Curtsinger, C.: \u201cNOFUS: automatically detecting\"+ string. fromcharcode (32)+ \u201cobfuscated\". tolowercase ()+ \u201cjavascript code. In Technical report, Technical Report MSR-TR 2011\u201357, Microsoft Research (2011)","key":"12_CR12"},{"unstructured":"Kapravelos, A., Shoshitaishvili, Y., Cova, M., Kruegel, C., Vigna, G.: Revolver: an automated approach to the detection of evasive web-based malware. In: Proceedings of the USENIX Security Symposium (2013)","key":"12_CR13"},{"doi-asserted-by":"crossref","unstructured":"Kharraz, A., Robertson, W., Kirda, E. : Surveylance: automatically detecting online survey scams. In: Proceedings of the IEEE Symposium on Security and Privacy. IEEE(2018)","key":"12_CR14","DOI":"10.1109\/SP.2018.00044"},{"unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X.Y., Wang. X.: Effective and efficient malware detection at the end host. In: Proceedings of the USENIX Security Symposium (2009)","key":"12_CR15"},{"doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: de-cloaking internet malware. In: Proceedings of the IEEE Symposium on Security and Privacy (2012)","key":"12_CR16","DOI":"10.1109\/SP.2012.48"},{"doi-asserted-by":"crossref","unstructured":"Kutt, B., Hewlett, W., Starov, O., Zhou, Y.: Innocent until proven guilty (IUPG): building deep learning models with embedded robustness to out-of-distribution content. In: 2021 IEEE Security and Privacy Workshops (SPW) (2021)","key":"12_CR17","DOI":"10.1109\/SPW53761.2021.00016"},{"issue":"3","key":"12_CR18","doi-asserted-by":"publisher","first-page":"183","DOI":"10.1109\/TDSC.2013.3","volume":"10","author":"S Lee","year":"2013","unstructured":"Lee, S., Kim, J.: WARNINGBIRD: a near real-time detection system for suspicious URLs in twitter stream. IEEE Trans. Dependable Secure Comput. 10(3), 183\u2013195 (2013)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"doi-asserted-by":"crossref","unstructured":"Lu, L., Perdisci, R., Lee., W.: Surf: detecting and measuring search poisoning. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2011)","key":"12_CR19","DOI":"10.1145\/2046707.2046762"},{"unstructured":"microsoft.com\/. HTML smuggling surges: highly evasive loader technique increasingly used in banking malware, targeted attacks. https:\/\/www.microsoft.com\/security\/blog\/2021\/11\/11\/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks\/. Accessed 28 Nov 2021","key":"12_CR20"},{"doi-asserted-by":"crossref","unstructured":"Miramirkhani, N., Starov, O., Nikiforakis, N.: Dial one for scam: a large-scale analysis of technical support scams. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2017)","key":"12_CR21","DOI":"10.14722\/ndss.2017.23163"},{"unstructured":"Muggleton, S., Feng, C., et\u00a0al.: Efficient induction of logic programs. Citeseer (1990)","key":"12_CR22"},{"unstructured":"Nelms, T., Perdisci, R., Antonakakis, M., Ahamad, M.: $$\\{$$WebWitness$$\\}$$: investigating, categorizing, and mitigating malware download paths. In: Proceedings of the USENIX Security Symposium (2015)","key":"12_CR23"},{"unstructured":"Nelms, T., Perdisci, R., Antonakakis, M., Ahamad, M.: Towards measuring and mitigating social engineering software download attacks. In: Proceedings of the USENIX Security Symposium (2016)","key":"12_CR24"},{"unstructured":"Oest, A., et al.: Sunrise to sunset: analyzing the end-to-end life cycle and effectiveness of phishing attacks at scale. In: Proceedings of the USENIX Security Symposium (2020)","key":"12_CR25"},{"unstructured":"Plotkin, G.: Automatic methods of inductive inference. Ph.D. Thesis (1972)","key":"12_CR26"},{"issue":"1","key":"12_CR27","first-page":"153","volume":"5","author":"GD Plotkin","year":"1971","unstructured":"Plotkin, G.D.: A further note on inductive generalization. Mach. Intell. 5(1), 153\u2013163 (1971)","journal-title":"Mach. Intell."},{"unstructured":"Rafique, M.Z., Van Goethem, T., Joosen, W., Huygens, C., Nikiforakis, N.: It\u2019s free for a reason: exploring the ecosystem of free live streaming services. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2016)","key":"12_CR28"},{"unstructured":"Ratanaworabhan, P., Livshits, V.B., Zorn., B.G.: NOZZLE: a defense against heap-spraying code injection attacks. In: Proceedings of the USENIX Security Symposium (2009)","key":"12_CR29"},{"doi-asserted-by":"crossref","unstructured":"Srinivasan, B., et al.: Exposing search and advertisement abuse tactics and infrastructure of technical support scammers. In: Proceedings of the International World Wide Web Conference (WWW) (2018)","key":"12_CR30","DOI":"10.1145\/3178876.3186098"},{"doi-asserted-by":"crossref","unstructured":"Starov, O., Zhou, Y., Wang, J.: Detecting malicious campaigns in obfuscated javascript with scalable behavioral analysis. In: 2019 IEEE Security and Privacy Workshops (SPW) (2019)","key":"12_CR31","DOI":"10.1109\/SPW.2019.00048"},{"doi-asserted-by":"crossref","unstructured":"Starov, O., Zhou, Y., Zhang, X., Miramirkhani, N., Nikiforakis, N.: Betrayed by your dashboard: discovering malicious campaigns via web analytics. In: Proceedings of the International World Wide Web Conference (WWW) (2018)","key":"12_CR32","DOI":"10.1145\/3178876.3186089"},{"doi-asserted-by":"crossref","unstructured":"Stringhini, G., Kruegel, C., Vigna, G.: Shady paths: leveraging surfing crowds to detect malicious web pages. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2013)","key":"12_CR33","DOI":"10.1145\/2508859.2516682"},{"unstructured":"tranco-list.eu. Tranco - A Research-Oriented Top Sites Ranking Hardened Against Manipulation. https:\/\/tranco-list.eu\/. Accessed 28 Nov 2021","key":"12_CR34"},{"doi-asserted-by":"crossref","unstructured":"Vadrevu, P., Perdisci, R.: What you see is not what you get: discovering and tracking social engineering attack campaigns. In: Proceedings of the ACM SIGCOMM Internet Measurement Conference (IMC) (2019)","key":"12_CR35","DOI":"10.1145\/3355369.3355600"},{"unstructured":"virustotal.com. VirusTotal - Analyze suspicious files and URLs to detect types of malware, automatically share them with the security community. https:\/\/www.virustotal.com\/gui\/home\/upload. Accessed 28 Nov 2021","key":"12_CR36"},{"doi-asserted-by":"crossref","unstructured":"Xu, W., Zhang, F., Zhu, S.: Jstill: mostly static detection of obfuscated malicious javascript code. In: Proceedings of the third ACM Conference on Data and Application Security and Privacy - CODASPY (2013)","key":"12_CR37","DOI":"10.1145\/2435349.2435364"},{"issue":"6","key":"12_CR38","doi-asserted-by":"publisher","first-page":"1091","DOI":"10.1109\/TPAMI.2007.1078","volume":"29","author":"L Yujian","year":"2007","unstructured":"Yujian, L., Bo, L.: A normalized levenshtein distance metric. IEEE Trans. Pattern Anal. Mach. Intell. 29(6), 1091\u20131095 (2007)","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-75764-8_12","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,10,22]],"date-time":"2024-10-22T11:07:53Z","timestamp":1729595273000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-75764-8_12"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,17]]},"ISBN":["9783031757631","9783031757648"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-75764-8_12","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024,10,17]]},"assertion":[{"value":"17 October 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ISC","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Information Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Arlington, VA","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"USA","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24 October 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"26 October 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"27","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"isw2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/isc24.cs.gmu.edu\/","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}