{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,25]],"date-time":"2026-06-25T03:01:31Z","timestamp":1782356491260,"version":"3.54.5"},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319029368","type":"print"},{"value":"9783319029375","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-319-02937-5_9","type":"book-chapter","created":{"date-parts":[[2013,10,30]],"date-time":"2013-10-30T15:52:40Z","timestamp":1383148360000},"page":"162-178","source":"Crossref","is-referenced-by-count":16,"title":["BotSuer: Suing Stealthy P2P Bots in Network Traffic through Netflow Analysis"],"prefix":"10.1007","author":[{"given":"Nizar","family":"Kheir","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Chirine","family":"Wolley","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"297","reference":[{"key":"9_CR1","unstructured":"Cuckoo: Automated malware analysis system (2010), http:\/\/www.cuckoobox.org\/"},{"key":"9_CR2","unstructured":"Anubis: Analyzing unknown binaries (2011), http:\/\/anubis.iseclab.org"},{"key":"9_CR3","unstructured":"Aberer, K., Hauswirth, M.: An overview on peer-to-peer information systems. In: Proceedings of the 4th workshop on Distributed Data and Structures (2002)"},{"key":"9_CR4","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: Disclosure: Detecting botnet command and control servers through large-scale netflow analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC (2012)","DOI":"10.1145\/2420950.2420969"},{"key":"9_CR5","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: Finding malicious domains using passive dns analysis. In: Proceedings of the 18th Network and Distributed System Security Symposium, NDSS (2011)"},{"key":"9_CR6","doi-asserted-by":"crossref","unstructured":"Claise, B.: Cisco systems netflow services export version 9. RFC 3954 (October 2004)","DOI":"10.17487\/rfc3954"},{"key":"9_CR7","doi-asserted-by":"crossref","unstructured":"Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-based Learning Methods. Cambridge University Press (2000)","DOI":"10.1017\/CBO9780511801389"},{"key":"9_CR8","doi-asserted-by":"crossref","unstructured":"Davies, D.I., Bouldin, D.W.: A cluster seperation measure. IEEE Transactions on Pattern Analysis and Machine Intelligence (1979)","DOI":"10.1109\/TPAMI.1979.4766909"},{"key":"9_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-20757-0_1","volume-title":"NETWORKING 2011","author":"J. Fran\u00e7ois","year":"2011","unstructured":"Fran\u00e7ois, J., Wang, S., State, R., Engel, T.: BotTrack: Tracking botnets using netFlow and pageRank. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011, Part I. LNCS, vol.\u00a06640, pp. 1\u201314. Springer, Heidelberg (2011)"},{"key":"9_CR10","unstructured":"Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B.: Peer-to-peer botnets: Overview and case study. In: Proceedings of USENIX HotBots (2007)"},{"key":"9_CR11","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: Clustering analysis of network traffic for protocol and structure independent botnet detection. In: Proceedings of the IEEE Symposium on Security and Privacy, SSP (2008)"},{"key":"9_CR12","unstructured":"Kapoor, A., Mathur, R.: Predicting the future of stealth attacks. In: Virus Bulletin (2011)"},{"key":"9_CR13","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: Is p2p dying or just hiding? In: IEEE GLOBECOM, vol.\u00a03, pp. 1532\u20131538 (2004)","DOI":"10.1109\/GLOCOM.2004.1378239"},{"key":"9_CR14","unstructured":"Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: File-sharing in the internet: A characterization of p2p traffic in the backbone. UC Riverside technical report (November 2003)"},{"key":"9_CR15","doi-asserted-by":"crossref","unstructured":"Little, M.A., McSharry, P.E., Roberts, S.J., Costello, D.A., Moroz, I.M.: Exploiting nonlinear recurrence and fractal scaling properties for voice disorder detection. Biomedical Engineering Online\u00a06 (2007)","DOI":"10.1186\/1475-925X-6-23"},{"key":"9_CR16","unstructured":"Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: Botgrep: Finding p2p bots with structured graph analysis. In: Proceedings of the 19th USENIX Security (2010)"},{"key":"9_CR17","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Platzer, C.: Detecting malware\u2019s failover c&c strategies with squeeze. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC (2011)","DOI":"10.1145\/2076732.2076736"},{"key":"9_CR18","doi-asserted-by":"crossref","unstructured":"O\u2019Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: The hidden malware. In: IEEE Security & Privacy, pp. 41\u201347 (2011)","DOI":"10.1109\/MSP.2011.98"},{"key":"9_CR19","unstructured":"Ollmann, G.: Botnet communication topologies: Understanding the intricacies of botnet command-and-control. Damballa White Paper (2009)"},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Ordonez, C.: Clustering binary data streams with k-means. In: Proceedings of the 8th Workshop on Research Issues in Data Mining and Knowledge Discovery, pp. 12\u201319 (2003)","DOI":"10.1145\/882085.882087"},{"key":"9_CR21","unstructured":"Porras, P., Saidi, H., Yegneswaran, V.: Conficker c p2p protocol and implementation. Technical report, Computer Science Laboratory, SRI International (2009)"},{"key":"9_CR22","unstructured":"Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers (1993)"},{"key":"9_CR23","doi-asserted-by":"crossref","unstructured":"Stover, S., Dittrich, D., Hernandez, J., Dietrich, S.: Analysis of the storm and nugache trojans: P2p is here. In: USENIX, vol.\u00a032 (December 2007)","DOI":"10.1016\/S0262-4079(07)61440-7"},{"key":"9_CR24","doi-asserted-by":"crossref","unstructured":"Stutzbach, D., Rejaie, R.: Understanding churn in peer-to-peer networks. In: Proc. ACM SigComm Internet Measurement Conference (2006)","DOI":"10.1145\/1177080.1177105"},{"key":"9_CR25","unstructured":"Symantec. Internet security threat report. 2012 Trends 18 (April 2013)"},{"key":"9_CR26","unstructured":"Tenebro, G.: W32.waledac threat analysis. Symantec Technical Report (2009)"},{"key":"9_CR27","unstructured":"Trusteer. No silver bullet: 8 ways malware defeats strong security controls (2012), Whitepaper accessible on http:\/\/www.trusteer.com\/resources\/white-papers"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Cwsandbox: Towards automated dynamic binary analysis. In: IEEE Security & Privacy (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"9_CR29","doi-asserted-by":"crossref","unstructured":"Yen, T.-F., Reiter, M.K.: Are your hosts trading or plotting? Telling p2p file-sharing and bots apart. In: 30th Conf. Distributed Computing Systems (2010)","DOI":"10.1109\/ICDCS.2010.76"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., Luo, X.: Detecting stealthy p2p botnet using statistical traffic fingerprints. In: Proc. 41st DSN (2011)","DOI":"10.1109\/DSN.2011.5958212"}],"container-title":["Lecture Notes in Computer Science","Cryptology and Network Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-02937-5_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,4,30]],"date-time":"2025-04-30T19:02:03Z","timestamp":1746039723000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-02937-5_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783319029368","9783319029375"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-02937-5_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}