{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,28]],"date-time":"2025-05-28T04:21:21Z","timestamp":1748406081308,"version":"3.41.0"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319184661"},{"type":"electronic","value":"9783319184678"}],"license":[{"start":{"date-parts":[[2015,1,1]],"date-time":"2015-01-01T00:00:00Z","timestamp":1420070400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-18467-8_17","type":"book-chapter","created":{"date-parts":[[2015,5,8]],"date-time":"2015-05-08T12:12:03Z","timestamp":1431087123000},"page":"252-266","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":8,"title":["Automated Classification of C&C Connections Through Malware URL Clustering"],"prefix":"10.1007","author":[{"given":"Nizar","family":"Kheir","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gregory","family":"Blanc","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Herv\u00e9","family":"Debar","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joaquin","family":"Garcia-Alfaro","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dingqi","family":"Yang","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2015,5,9]]},"reference":[{"key":"17_CR1","unstructured":"Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., Dagon, D.: From throw-away traffic to bots: detecting the rise of dga-based malware. In: USENIX Security, pp. 24\u201340 (2012)"},{"key":"17_CR2","unstructured":"Bayer, U., Kruegel, C., Kirda, E.: TTAnalyze: a tool for analyzing malware. In: 15th EICAR Conference (2006)"},{"key":"17_CR3","doi-asserted-by":"crossref","unstructured":"Bieganski, P., Riedl, J., Cartis, J., Retzel, E.: Generalized suffix trees for biological sequence data: applications and implementation. In: Proc. of International Conference on System Sciences, vol. 5, pp. 35\u201344 (1994)","DOI":"10.1109\/HICSS.1994.323593"},{"key":"17_CR4","unstructured":"Bu, Z., Bueno, P., Kashyap, R., Wosotowsky, A.: The new era of botnets. White paper from McAfee (2010)"},{"key":"17_CR5","unstructured":"Ester, M., Kriegel, H.-P., Sander, J., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proc. of KDD (1996)"},{"key":"17_CR6","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol and structure independent botnet detection. In: Proc. of IEEE SSP (2008)"},{"key":"17_CR7","unstructured":"Jacob, G., Hund, R., Kruegel, C., Holz, T.: JackStraws: picking command and control connections from bot traffic. In: USENIX Security (2011)"},{"key":"17_CR8","doi-asserted-by":"crossref","unstructured":"Jaro, M.A.: Advances in record-linkage methodology as applied to matching the 1985 census of tampa, florida. Journal of the American Statistical Association 4 (1989)","DOI":"10.2307\/2289924"},{"key":"17_CR9","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"511","DOI":"10.1007\/978-3-642-13708-2_30","volume-title":"Applied Cryptography and Network Security","author":"EJ Kartaltepe","year":"2010","unstructured":"Kartaltepe, E.J., Morales, J.A., Xu, S., Sandhu, R.: Social network-based botnet command-and-control: emerging threats and countermeasures. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 511\u2013528. Springer, Heidelberg (2010)"},{"key":"17_CR10","doi-asserted-by":"crossref","unstructured":"Kheir, N.: Behavioral classification and detection of malware through http user agent anomalies. Journal of Information Security and Applications (2013)","DOI":"10.1016\/j.jisa.2013.07.006"},{"key":"17_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"282","DOI":"10.1007\/978-3-319-03584-0_21","volume-title":"Cyberspace Safety and Security","author":"N Kheir","year":"2013","unstructured":"Kheir, N., Han, X.: PeerViewer: behavioral tracking and classification of P2P malware. In: Wang, G., Ray, I., Feng, D., Rajarajan, M. (eds.) CSS 2013. LNCS, vol. 8300, pp. 282\u2013298. Springer, Heidelberg (2013)"},{"key":"17_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"162","DOI":"10.1007\/978-3-319-02937-5_9","volume-title":"Cryptology and Network Security","author":"N Kheir","year":"2013","unstructured":"Kheir, N., Wolley, C.: BotSuer: suing stealthy P2P bots in network traffic through netflow analysis. In: Abdalla, M., Nita-Rotaru, C., Dahab, R. (eds.) CANS 2013. LNCS, vol. 8257, pp. 162\u2013178. Springer, Heidelberg (2013)"},{"key":"17_CR13","doi-asserted-by":"crossref","unstructured":"Le, A., Markopoulou, A., Faloutsos, M.: Phishdef: URL names say it all. In: IEEE INFOCOM (2011)","DOI":"10.1109\/INFCOM.2011.5934995"},{"key":"17_CR14","unstructured":"Li, Z., Sanghi, M., Chen, Y., Kao, M.-Y., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: Proc. of IEEE SSP (2006)"},{"key":"17_CR15","unstructured":"Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: BotGrep: finding p2p bots with structured graph analysis. In: USENIX Security (2010)"},{"key":"17_CR16","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-39235-1_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"A Nappa","year":"2013","unstructured":"Nappa, A., Rafique, M.Z., Caballero, J.: Driving in the cloud: an analysis of drive-by download operations and abuse reporting. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 1\u201320. Springer, Heidelberg (2013)"},{"key":"17_CR17","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Platzer, C.: Detecting malware\u2019s failover C&C strategies with squeeze. In: Proc. of ACSAC (2011)","DOI":"10.1145\/2076732.2076736"},{"key":"17_CR18","doi-asserted-by":"crossref","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: automatically generating signatures for polymorphic worms. In: Proc. of IEEE SSP, pp. 226\u2013241. IEEE (2005)","DOI":"10.1109\/SP.2005.15"},{"key":"17_CR19","unstructured":"Oberheide, J., Cooke, E., Jahanian, F.: CloudAV: N-version antivirus in the network cloud. In: USENIX Security (2008)"},{"key":"17_CR20","first-page":"487","volume":"57","author":"R Perdisci","year":"2013","unstructured":"Perdisci, R., Ariu, D., Giacinto, G.: Scalable Fine-Grained Behavioral Clustering of HTTP-Based Malware. Special Issue on Botnet Activity: Analysis, Detection and Shutdown 57, 487\u2013500 (2013)","journal-title":"Special Issue on Botnet Activity: Analysis, Detection and Shutdown"},{"key":"17_CR21","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Dagon, D., Lee, W., Fogla, P., Sharif, M.: Misleading worm signature generators using deliberate noise injection. In: Proc. of IEEE SSP (2006)","DOI":"10.1109\/SP.2006.26"},{"key":"17_CR22","doi-asserted-by":"publisher","first-page":"783","DOI":"10.1243\/0954406041319509","volume":"218","author":"DT Pham","year":"2004","unstructured":"Pham, D.T., Dimov, S.S., Nguyen, C.D.: An incremental K-means algorithm. Journal of Mechanical Engineering Science 218, 783\u2013795 (2004)","journal-title":"Journal of Mechanical Engineering Science"},{"key":"17_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"144","DOI":"10.1007\/978-3-642-41284-4_8","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"MZ Rafique","year":"2013","unstructured":"Rafique, M.Z., Caballero, J.: FIRMA: malware clustering and network signature generation with mixed network behaviors. In: Stolfo, S.J., Stavrou, A., Wright, C.V. (eds.) RAID 2013. LNCS, vol. 8145, pp. 144\u2013163. Springer, Heidelberg (2013)"},{"key":"17_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 108\u2013125. Springer, Heidelberg (2008)"}],"container-title":["IFIP Advances in Information and Communication Technology","ICT Systems Security and Privacy Protection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-18467-8_17","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,5,27]],"date-time":"2025-05-27T21:22:23Z","timestamp":1748380943000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-18467-8_17"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319184661","9783319184678"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-18467-8_17","relation":{},"ISSN":["1868-4238","1868-422X"],"issn-type":[{"type":"print","value":"1868-4238"},{"type":"electronic","value":"1868-422X"}],"subject":[],"published":{"date-parts":[[2015]]},"assertion":[{"value":"9 May 2015","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}