{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,15]],"date-time":"2025-12-15T19:33:44Z","timestamp":1765827224861,"version":"3.40.4"},"publisher-location":"Cham","reference-count":44,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319113784"},{"type":"electronic","value":"9783319113791"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014]]},"DOI":"10.1007\/978-3-319-11379-1_1","type":"book-chapter","created":{"date-parts":[[2014,8,20]],"date-time":"2014-08-20T03:14:54Z","timestamp":1408504494000},"page":"1-21","source":"Crossref","is-referenced-by-count":81,"title":["Paint It Black: Evaluating the Effectiveness of Malware Blacklists"],"prefix":"10.1007","author":[{"given":"Marc","family":"K\u00fchrer","sequence":"first","affiliation":[]},{"given":"Christian","family":"Rossow","sequence":"additional","affiliation":[]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"1_CR1","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1109\/SP.2012.48","volume-title":"Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012","author":"C. Kolbitsch","year":"2012","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-Cloaking Internet Malware. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 443\u2013457. IEEE Computer Society, Washington, DC (2012)"},{"key":"1_CR2","unstructured":"Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou, I.N., Dagon, D.: Detecting Malware Domains at the Upper DNS Hierarchy. In: Proceedings of the 20th USENIX Conference on Security, SEC 2011, p. 27. USENIX Association, Berkeley (2011)"},{"key":"1_CR3","first-page":"24","volume-title":"Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012","author":"M. Antonakakis","year":"2012","unstructured":"Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From Throw-Away Traffic to Bots: Detecting the Rise of DGA-Based Malware. In: Proceedings of the 21st USENIX Conference on Security Symposium, Security 2012, p. 24. USENIX Association, Berkeley (2012)"},{"key":"1_CR4","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In: 18th Annual Network and Distributed System Security Symposium. The Internet Society, San Diego (2011)"},{"key":"1_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-642-37300-8_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C. Rossow","year":"2013","unstructured":"Rossow, C., Dietrich, C., Bos, H.: Large-Scale Analysis of Malware Downloaders. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol.\u00a07591, pp. 42\u201361. Springer, Heidelberg (2013)"},{"issue":"1","key":"1_CR6","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1515\/pik-2012-0003piko.2012.35.1.11","volume":"35","author":"M. K\u00fchrer","year":"2012","unstructured":"K\u00fchrer, M., Holz, T.: An Empirical Analysis of Malware Blacklists. Praxis der Informationsverarbeitung und Kommunikation\u00a035(1), 11\u201316 (2012)","journal-title":"Praxis der Informationsverarbeitung und Kommunikation"},{"key":"1_CR7","unstructured":"Microsoft Corp.: Citadel Botnet (2014), http:\/\/botnetlegalnotice.com\/citadel"},{"key":"1_CR8","unstructured":"Abuse.ch Malware Trackers (2014), http:\/\/www.abuse.ch\/"},{"key":"1_CR9","unstructured":"CyberCrime Tracker (2014), http:\/\/cybercrime-tracker.net"},{"key":"1_CR10","unstructured":"Malc0de.com (2014), http:\/\/malc0de.com\/"},{"key":"1_CR11","unstructured":"Malware Domain List (2014), http:\/\/www.malwaredomainlist.com\/"},{"key":"1_CR12","unstructured":"Malware-Domains (2014), http:\/\/www.malware-domains.com\/"},{"key":"1_CR13","unstructured":"Shadowserver: Botnet C&C Servers (2014), http:\/\/rules.emergingthreats.net"},{"key":"1_CR14","unstructured":"Shalla Secure Services (2014), http:\/\/www.shallalist.de\/"},{"key":"1_CR15","unstructured":"URLBlacklist (2014), http:\/\/urlblacklist.com\/"},{"key":"1_CR16","unstructured":"Kleissner & Associates (2014), http:\/\/virustracker.info\/"},{"key":"1_CR17","unstructured":"Bitdefender TrafficLight (2014), http:\/\/trafficlight.bitdefender.com\/"},{"key":"1_CR18","unstructured":"BrowserDefender (2014), http:\/\/www.browserdefender.com"},{"key":"1_CR19","unstructured":"McAfee SiteAdvisor (2014), http:\/\/www.siteadvisor.com\/"},{"key":"1_CR20","unstructured":"Norton Safe Web (2014), http:\/\/safeweb.norton.com\/"},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"K\u00fchrer, M., Rossow, C., Holz, T.: Paint it Black: Evaluating the Effectiveness of Malware Blacklists. Technical Report HGI-2014-002, University of Bochum - Horst G\u00f6rtz Institute for IT Security (June 2014)","DOI":"10.1007\/978-3-319-11379-1_1"},{"key":"1_CR22","doi-asserted-by":"publisher","first-page":"112","DOI":"10.1109\/SP.2013.18","volume-title":"Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013","author":"Z. Li","year":"2013","unstructured":"Li, Z., Alrwais, S., Xie, Y., Yu, F., Wang, X.: Finding the Linchpins of the Dark Web: A Study on Topologically Dedicated Hosts on Malicious Web Infrastructures. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 112\u2013126. IEEE Computer Society, Washington, DC (2013)"},{"key":"1_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"221","DOI":"10.1007\/978-3-642-28537-0_22","volume-title":"Passive and Active Measurement","author":"T. Halvorson","year":"2012","unstructured":"Halvorson, T., Szurdi, J., Maier, G., Felegyhazi, M., Kreibich, C., Weaver, N., Levchenko, K., Paxson, V.: The BIZ Top-Level Domain: Ten Years Later. In: Taft, N., Ricciato, F. (eds.) PAM 2012. LNCS, vol.\u00a07192, pp. 221\u2013230. Springer, Heidelberg (2012)"},{"key":"1_CR24","doi-asserted-by":"publisher","first-page":"901","DOI":"10.1145\/2566486.2567995","volume-title":"Proceedings of the 23rd International Conference on World Wide Web, WWW 2014","author":"T. Halvorson","year":"2014","unstructured":"Halvorson, T., Levchenko, K., Savage, S., Voelker, G.M.: XXXtortion?: Inferring Registration Intent in the. XXX TLD. In: Proceedings of the 23rd International Conference on World Wide Web, WWW 2014, pp. 901\u2013912. International World Wide Web Conferences Steering Committee, Geneva (2014)"},{"key":"1_CR25","unstructured":"Farsight Security, Inc.: DNS Database (2014), https:\/\/www.dnsdb.info\/"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Alexa Internet, Inc.: Top 1M Websites (2013), http:\/\/www.alexa.com\/topsites\/","DOI":"10.1109\/EHB.2013.6707380"},{"issue":"3","key":"1_CR27","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1145\/363958.363994","volume":"7","author":"F.J. Damerau","year":"1964","unstructured":"Damerau, F.J.: A Technique for Computer Detection and Correction of Spelling Errors. Commun. ACM\u00a07(3), 171\u2013176 (1964)","journal-title":"Commun. ACM"},{"key":"1_CR28","unstructured":"RapidMiner, Inc. (2014), http:\/\/rapidminer.com\/"},{"key":"1_CR29","doi-asserted-by":"publisher","first-page":"1171","DOI":"10.1214\/009053607000000677","volume":"36","author":"T. Hofmann","year":"2008","unstructured":"Hofmann, T., Sch\u00f6lkopf, B., Smola, A.J.: Kernel Methods in Machine Learning. Annals of Statistics\u00a036, 1171\u20131220 (2008)","journal-title":"Annals of Statistics"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Kreibich, C., Grier, C., Paxson, V., Pohlmann, N., Bos, H., van Steen, M.: Prudent Practices for Designing Malware Experiments: Status Quo and Outlook. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012. IEEE Computer Society, San Francisco (2012)","DOI":"10.1109\/SP.2012.14"},{"key":"1_CR31","doi-asserted-by":"publisher","first-page":"78","DOI":"10.1145\/1978672.1978682","volume-title":"Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011","author":"C. Rossow","year":"2011","unstructured":"Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: Network Traffic Analysis of Malicious Software. In: Proceedings of the First Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, BADGERS 2011, pp. 78\u201388. ACM, NY (2011)"},{"issue":"2","key":"1_CR32","doi-asserted-by":"publisher","first-page":"475","DOI":"10.1016\/j.comnet.2012.06.019","volume":"57","author":"C.J. Dietrich","year":"2013","unstructured":"Dietrich, C.J., Rossow, C., Pohlmann, N.: CoCoSpot: Clustering and Recognizing Botnet Command and Control Channels using Traffic Analysis. Comput. Netw.\u00a057(2), 475\u2013486 (2013)","journal-title":"Comput. Netw."},{"key":"1_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-39235-1_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C. Rossow","year":"2013","unstructured":"Rossow, C., Dietrich, C.J.: ProVeX: Detecting Botnets with Encrypted Command and Control Channels. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol.\u00a07967, pp. 21\u201340. Springer, Heidelberg (2013)"},{"key":"1_CR34","unstructured":"VirusTotal (2014), http:\/\/www.virustotal.com\/"},{"key":"1_CR35","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1109\/SP.2013.17","volume-title":"Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013","author":"C. Rossow","year":"2013","unstructured":"Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C.J., Bos, H.: P2PWNED: Modeling and Evaluating the Resilience of Peer-to-Peer Botnets. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, SP 2013, pp. 97\u2013111. IEEE Computer Society, Washington, DC (2013)"},{"key":"1_CR36","doi-asserted-by":"publisher","first-page":"443","DOI":"10.1109\/SP.2012.48","volume-title":"Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012","author":"C. Kolbitsch","year":"2012","unstructured":"Kolbitsch, C., Livshits, B., Zorn, B., Seifert, C.: Rozzle: De-cloaking Internet Malware. In: Proceedings of the 2012 IEEE Symposium on Security and Privacy, SP 2012, pp. 443\u2013457. IEEE Computer Society, Washington, DC (2012)"},{"key":"1_CR37","unstructured":"Rahbarinia, B., Perdisci, R., Antonakakis, M., Dagon, D.: SinkMiner: Mining Botnet Sinkholes for Fun and Profit. In: 6th USENIX Workshop on Large-Scale Exploits and Emergent Threats. USENIX, Berkeley (2013)"},{"key":"1_CR38","doi-asserted-by":"publisher","first-page":"447","DOI":"10.1109\/SP.2011.25","volume-title":"Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011","author":"K. Thomas","year":"2011","unstructured":"Thomas, K., Grier, C., Ma, J., Paxson, V., Song, D.: Design and Evaluation of a Real-Time URL Spam Filtering Service. In: Proceedings of the 2011 IEEE Symposium on Security and Privacy, SP 2011, pp. 447\u2013462. IEEE Computer Society, Washington, DC (2011)"},{"key":"1_CR39","doi-asserted-by":"crossref","unstructured":"Sinha, S., Bailey, M., Jahanian, F.: Shades of Grey: On the effectiveness of reputation-based \u201cblacklists\u201d. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 57\u201364 (2008)","DOI":"10.1109\/MALWARE.2008.4690858"},{"key":"1_CR40","unstructured":"Rossow, C., Czerwinski, T., Dietrich, C.J., Pohlmann, N.: Detecting Gray in Black and White. In: MIT Spam Conference (2010)"},{"key":"1_CR41","unstructured":"Dietrich, C.J., Rossow, C.: Empirical Research on IP Blacklisting. In: Proceedings of the 5th Conference on Email and Anti-Spam, CEAS (2008)"},{"key":"1_CR42","unstructured":"Sheng, S., Wardman, B., Warner, G., Cranor, L.F., Hong, J., Zhang, C.: An Empirical Analysis of Phishing Blacklists. In: Proceedings of the Sixth Conference on Email and Anti-Spam (2009)"},{"key":"1_CR43","doi-asserted-by":"crossref","first-page":"21","DOI":"10.1145\/2076732.2076736","volume-title":"Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011","author":"M. Neugschwandtner","year":"2011","unstructured":"Neugschwandtner, M., Comparetti, P.M., Platzer, C.: Detecting Malware\u2019s Failover C&C Strategies with Squeeze. In: Proceedings of the 27th Annual Computer Security Applications Conference, ACSAC 2011, pp. 21\u201330. ACM, NY (2011)"},{"key":"1_CR44","doi-asserted-by":"publisher","first-page":"231","DOI":"10.1109\/ACSAC.2009.29","volume-title":"Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009","author":"B. Stone-Gross","year":"2009","unstructured":"Stone-Gross, B., Kruegel, C., Almeroth, K., Moser, A., Kirda, E.: FIRE: FInding Rogue nEtworks. In: Proceedings of the 2009 Annual Computer Security Applications Conference, ACSAC 2009, pp. 231\u2013240. IEEE Computer Society, Washington, DC (2009)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-11379-1_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,4]],"date-time":"2025-05-04T08:27:16Z","timestamp":1746347236000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-11379-1_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014]]},"ISBN":["9783319113784","9783319113791"],"references-count":44,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-11379-1_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2014]]}}}