{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T16:10:04Z","timestamp":1746202204611,"version":"3.40.4"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319063195"},{"type":"electronic","value":"9783319063201"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-06320-1_7","type":"book-chapter","created":{"date-parts":[[2014,4,28]],"date-time":"2014-04-28T00:59:27Z","timestamp":1398646767000},"page":"75-89","source":"Crossref","is-referenced-by-count":14,"title":["A Mulitiprocess Mechanism of Evading Behavior-Based Bot Detection Approaches"],"prefix":"10.1007","author":[{"given":"Yuede","family":"Ji","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yukun","family":"He","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dewei","family":"Zhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiang","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dong","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"7_CR1","doi-asserted-by":"crossref","unstructured":"Silva, S.S.C., Silva, R.M.P., Pinto, R.C.G., Salles, R.M.: Botnets: A survey. Computer Networks (2012)","DOI":"10.1016\/j.comnet.2012.07.021"},{"key":"7_CR2","unstructured":"Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: Proceedings of the First Conference on First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA, p. 8 (2007)"},{"key":"7_CR3","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-540-73614-1_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E. Stinson","year":"2007","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing bots remote control behavior. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 89\u2013108. Springer, Heidelberg (2007)"},{"key":"7_CR4","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: Proceedings of the 18th Conference on USENIX Security Symposium, pp. 351\u2013366. USENIX Association (2009)"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Shin, S., Xu, Z., Gu, G.: Effort: Efficient and effective bot malware detection. In: 2012 Proceedings of the IEEE INFOCOM, pp. 2846\u20132850 (2012)","DOI":"10.1109\/INFCOM.2012.6195713"},{"key":"7_CR6","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1007\/978-3-540-87403-4_5","volume-title":"Recent Advances in Intrusion Detection","author":"L. Martignoni","year":"2008","unstructured":"Martignoni, L., Stinson, E., Fredrikson, M., Jha, S., Mitchell, J.C.: A layered architecture for detecting malicious behaviors. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol.\u00a05230, pp. 78\u201397. Springer, Heidelberg (2008)"},{"key":"7_CR7","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: Detecting malware infection through ids-driven dialog correlation. In: Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium, p. 12. USENIX Association (2007)"},{"key":"7_CR8","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W., et al.: Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: Proceedings of the 17th Conference on Security Symposium, pp. 139\u2013154 (2008)"},{"key":"7_CR9","unstructured":"Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic (2008)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Ramilli, M., Bishop, M., Sun, S.: Multiprocess malware. In: 2011 6th International Conference on Malicious and Unwanted Software (MALWARE), pp. 8\u201313. IEEE (2011)","DOI":"10.1109\/MALWARE.2011.6112320"},{"key":"7_CR11","doi-asserted-by":"crossref","unstructured":"Fan, L., Wang, Y., Cheng, X., Li, J., Jin, S.: Privacy theft malware multi-process collaboration analysis. In: Security and Communication Networks (2013)","DOI":"10.1002\/sec.705"},{"issue":"1-2","key":"7_CR12","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/s11416-011-0157-5","volume":"8","author":"W. Ma","year":"2012","unstructured":"Ma, W., Duan, P., Liu, S., Gu, G., Liu, J.-C.: Shadow attacks: Automatically evading system-call-behavior based malware detection. Journal in Computer Virology\u00a08(1-2), 1\u201313 (2012)","journal-title":"Journal in Computer Virology"},{"key":"7_CR13","unstructured":"Microsoft security intelligence report, http:\/\/www.microsoft.com\/security\/sir\/story\/default.aspx#!zbot (accessed November 2013)"},{"key":"7_CR14","doi-asserted-by":"crossref","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: 2010 IEEE Symposium on Security and Privacy (SP), pp. 317\u2013331. IEEE (2010)","DOI":"10.1109\/SP.2010.26"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Park, Y., Reeves, D.S.: Identification of bot commands by run-time execution monitoring. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 321\u2013330. IEEE (2009)","DOI":"10.1109\/ACSAC.2009.37"},{"key":"7_CR16","unstructured":"Jacob, G., Hund, R., Kruegel, C., Holz, T.: Jackstraws: Picking command and control connections from bot traffic. In: USENIX Security Symposium (2011)"},{"key":"7_CR17","unstructured":"http:\/\/www.nektra.com\/products\/deviare-api-hook-windows\/ (accessed November 2013)"},{"key":"7_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-540-85886-7_7","volume-title":"Information Security","author":"L. Liu","year":"2008","unstructured":"Liu, L., Chen, S., Yan, G., Zhang, Z.: Bottracer: Execution-based bot-like malware detection. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol.\u00a05222, pp. 97\u2013113. Springer, Heidelberg (2008)"},{"issue":"3","key":"7_CR19","doi-asserted-by":"publisher","first-page":"44","DOI":"10.1109\/COMST.2007.4317620","volume":"9","author":"S. Zander","year":"2007","unstructured":"Zander, S., Armitage, G., Branch, P.: A survey of covert channels and countermeasures in computer network protocols. IEEE Communications Surveys and Tutorials\u00a09(3), 44\u201357 (2007)","journal-title":"IEEE Communications Surveys and Tutorials"},{"key":"7_CR20","doi-asserted-by":"crossref","unstructured":"Acii\u00e7mez, O., Ko\u00e7, \u00c7.K., Seifert, J.-P.: On the power of simple branch prediction analysis. In: Proceedings of the 2nd ACM Symposium on Information, Computer and Communications Security, pp. 312\u2013320. ACM (2007)","DOI":"10.1145\/1229285.1266999"},{"key":"7_CR21","unstructured":"Percival, C.: Cache missing for fun and profit (2005)"},{"key":"7_CR22","doi-asserted-by":"crossref","unstructured":"Binsalleeh, H., Ormerod, T., Boukhtouta, A., Sinha, P., Youssef, A., Debbabi, M., Wang, L.: On the analysis of the zeus botnet crimeware toolkit. In: 2010 Eighth Annual International Conference on Privacy Security and Trust (PST), pp. 31\u201338. IEEE (2010)","DOI":"10.1109\/PST.2010.5593240"}],"container-title":["Lecture Notes in Computer Science","Information Security Practice and Experience"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-06320-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,2]],"date-time":"2025-05-02T15:35:23Z","timestamp":1746200123000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-06320-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319063195","9783319063201"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-06320-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}