{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,25]],"date-time":"2026-03-25T14:24:44Z","timestamp":1774448684507,"version":"3.50.1"},"publisher-location":"Cham","reference-count":22,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319085081","type":"print"},{"value":"9783319085098","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-08509-8_11","type":"book-chapter","created":{"date-parts":[[2014,6,13]],"date-time":"2014-06-13T03:04:32Z","timestamp":1402628672000},"page":"192-211","source":"Crossref","is-referenced-by-count":101,"title":["Phoenix: DGA-Based Botnet Tracking and Intelligence"],"prefix":"10.1007","author":[{"given":"Stefano","family":"Schiavoni","sequence":"first","affiliation":[]},{"given":"Federico","family":"Maggi","sequence":"additional","affiliation":[]},{"given":"Lorenzo","family":"Cavallaro","sequence":"additional","affiliation":[]},{"given":"Stefano","family":"Zanero","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"11_CR1","unstructured":"Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for dns. In: USENIX Security (2010)"},{"key":"11_CR2","unstructured":"Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, N., Dagon, D.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Security, vol.\u00a011 (2011)"},{"key":"11_CR3","unstructured":"Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of DGA-based malware. In: USENIX Security, USENIX Association (August 2012)"},{"issue":"4","key":"11_CR4","doi-asserted-by":"publisher","first-page":"568","DOI":"10.1006\/jmla.2000.2756","volume":"44","author":"T.M. Bailey","year":"2001","unstructured":"Bailey, T.M., Hahn, U.: Determinants of wordlikeness: Phonotactics or lexical neighborhoods? Journal of Memory and Language\u00a044(4), 568\u2013591 (2001)","journal-title":"Journal of Memory and Language"},{"key":"11_CR5","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: Disclosure: detecting botnet command and control servers through large-scale netflow analysis. In: ACSAC. ACM (2012)","DOI":"10.1145\/2420950.2420969"},{"key":"11_CR6","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: Finding malicious domains using passive DNS analysis. In: NDSS (2011)"},{"key":"11_CR7","unstructured":"Han, J., Kamber, M.: Data mining: concepts and techniques. Morgan Kaufmann (2006)"},{"key":"11_CR8","unstructured":"Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: NDSS (2008)"},{"key":"11_CR9","unstructured":"Jones, E., Oliphant, T., Peterson, P.: et\u00a0al.: SciPy: Open source scientific tools for Python (2001), \n                    \n                      http:\/\/www.scipy.org\/\n                    \n                    \n                   (accessed: January 28, 2013)"},{"key":"11_CR10","unstructured":"Leder, F., Werner, T.: Know your enemy: Containing conficker. The Honeynet Project, University of Bonn, Germany, Tech. Rep. (2009)"},{"key":"11_CR11","unstructured":"Marinos, L., Sfakianakis, A.: ENISA Threat Landscape. Tech. rep., ENISA (2012)"},{"key":"11_CR12","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Platzer, C.: Detecting malware\u2019s failover C&C strategies with Squeeze. In: ACSAC. ACM (2011)","DOI":"10.1145\/2076732.2076736"},{"key":"11_CR13","doi-asserted-by":"crossref","unstructured":"Newman, M.: Networks: an introduction. Oxford University Press (2010)","DOI":"10.1093\/acprof:oso\/9780199206650.003.0001"},{"key":"11_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-540-70542-0_10","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E. Passerini","year":"2008","unstructured":"Passerini, E., Paleari, R., Martignoni, L., Bruschi, D.: fluXOR: Detecting and monitoring fast-flux service networks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 186\u2013206. Springer, Heidelberg (2008)"},{"issue":"5","key":"11_CR15","first-page":"714","volume":"9","author":"R. Perdisci","year":"2012","unstructured":"Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive DNS analysis. IEEE Transactions on Dependable and Secure Computing\u00a09(5), 714\u2013726 (2012)","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"11_CR16","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Grier, C., Kreibich, C., Paxson, V., Pohlmann, N., Bos, H., van Steen, M.: Prudent practices for designing malware experiments: Status quo and outlook. In: Security and Privacy (SP). IEEE (2012)","DOI":"10.1109\/SP.2012.14"},{"key":"11_CR17","unstructured":"Schiavoni, S., Maggi, F., Cavallaro, L., Zanero, S.: Tracking and Characterizing Botnets Using Automatically Generated Domains. Tech. rep. (2013), \n                    \n                      http:\/\/arxiv.org\/abs\/1311.5612"},{"key":"11_CR18","doi-asserted-by":"crossref","unstructured":"Scholes, R.J.: Phonotactic grammaticality. No.\u00a050, Mouton (1966)","DOI":"10.1515\/9783111352930"},{"key":"11_CR19","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: CCS. ACM (2009)","DOI":"10.1145\/1653662.1653738"},{"key":"11_CR20","series-title":"LNICST","doi-asserted-by":"publisher","first-page":"446","DOI":"10.1007\/978-3-642-31909-9_26","volume-title":"Security and Privacy in Communication Networks","author":"S. Yadav","year":"2012","unstructured":"Yadav, S., Reddy, A.L.N.: Winning with DNS failures: Strategies for faster botnet detection. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm 2011. LNICST, vol.\u00a096, pp. 446\u2013459. Springer, Heidelberg (2012)"},{"key":"11_CR21","doi-asserted-by":"crossref","unstructured":"Yadav, S., Reddy, A.K.K., Reddy, A., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with dns traffic analysis. IEEE\/ACM TON\u00a020(5) (2012)","DOI":"10.1109\/TNET.2012.2184552"},{"key":"11_CR22","doi-asserted-by":"crossref","unstructured":"Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated malicious domain names. In: IMC. ACM (2010)","DOI":"10.1145\/1879141.1879148"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-08509-8_11","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,26]],"date-time":"2019-05-26T22:07:43Z","timestamp":1558908463000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-08509-8_11"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319085081","9783319085098"],"references-count":22,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-08509-8_11","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014]]}}}