{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,8]],"date-time":"2024-09-08T22:40:23Z","timestamp":1725835223165},"publisher-location":"Cham","reference-count":30,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319263618"},{"type":"electronic","value":"9783319263625"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015]]},"DOI":"10.1007\/978-3-319-26362-5_26","type":"book-chapter","created":{"date-parts":[[2015,10,26]],"date-time":"2015-10-26T14:10:45Z","timestamp":1445868645000},"page":"565-587","source":"Crossref","is-referenced-by-count":1,"title":["$$\\textsc {BotWatcher}$$"],"prefix":"10.1007","author":[{"given":"Thomas","family":"Barabosch","sequence":"first","affiliation":[]},{"given":"Adrian","family":"Dombeck","sequence":"additional","affiliation":[]},{"given":"Khaled","family":"Yakdan","sequence":"additional","affiliation":[]},{"given":"Elmar","family":"Gerhards-Padilla","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2015,12,12]]},"reference":[{"unstructured":"Blue Coat Labs, CryptoLocker, Kegotip, Medfos Malware Triple-Threat, 26 September 2015. \n                      http:\/\/bluecoat.com\/security-blog\/2013-10-11\/cryptolocker-kegotip-medfos-malware-triple-threat","key":"26_CR1"},{"unstructured":"Kaspersky Lab ZAO, The Banking Trojan Emotet: Detailed Analysis, 26 September 2015. \n                      http:\/\/securelist.com\/analysis\/publications\/69560\/the-banking-trojan-emotet-detailed-analysis","key":"26_CR2"},{"unstructured":"Microsoft Malware Protection Center, MSRT January 2015 - Dyzap, 26 September 2015. \n                      http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2015\/01\/13\/msrt-january-2015-dyzap.aspx","key":"26_CR3"},{"unstructured":"Microsoft Malware Protection Center, Unexpected reboot: Necurs, 26 September 2015. \n                      http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2012\/12\/07\/unexpected-reboot-necurs.aspx","key":"26_CR4"},{"unstructured":"Oracle VirtualBox, 26 September 2015. \n                      www.virtualbox.org","key":"26_CR5"},{"unstructured":"The Bro Network Security Monitor, 26 September 2015. \n                      www.bro.org","key":"26_CR6"},{"unstructured":"The netfilter project (1999). \n                      www.netfilter.org","key":"26_CR7"},{"unstructured":"The Volatility Foundation, 26 September 2015. \n                      www.volatilityfoundation.org","key":"26_CR8"},{"unstructured":"ZeuS Tracker, 26 September 2015. \n                      www.zeustracker.abuse.ch","key":"26_CR9"},{"unstructured":"Zscaler Research, Evolution of Upatre Trojan Downloader, 26 September 2015. \n                      www.research.zscaler.com\/2014\/11\/evolution-of-upatre-trojan-downloader.html","key":"26_CR10"},{"unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kirda, E., Kruegel, C., Vigna, G.: Efficient detection of split personalities in malware. In: Network and Distributed System Security Symposium (NDSS) (2010)","key":"26_CR11"},{"unstructured":"Barabosch, T.: Complementary material used in Botwatcher: Transparent and Generic Botnet Tracking, 26 September 2015. \n                      http:\/\/net.cs.uni-bonn.de\/wg\/cs\/staff\/thomas-barabosch\/","key":"26_CR12"},{"key":"26_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"235","DOI":"10.1007\/978-3-319-08509-8_13","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T Barabosch","year":"2014","unstructured":"Barabosch, T., Eschweiler, S., Gerhards-Padilla, E.: Bee master: detecting host-based code injection attacks. In: Dietrich, S. (ed.) DIMVA 2014. LNCS, vol. 8550, pp. 235\u2013254. Springer, Heidelberg (2014)"},{"unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: Network and Distributed System Security Symposium (NDSS) (2011)","key":"26_CR14"},{"unstructured":"Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: the commoditization of malware distribution. In: USENIX Security Symposium (2011)","key":"26_CR15"},{"unstructured":"Denneman, F.: Memory Deep Dive - Optimizing for Performance, 26 September 2015. \n                      http:\/\/frankdenneman.nl\/2015\/02\/20\/memory-deep-dive\/","key":"26_CR16"},{"key":"26_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/11555827_19","volume-title":"Computer Security \u2013 ESORICS 2005","author":"FC Freiling","year":"2005","unstructured":"Freiling, F.C., Holz, T., Wicherski, G.: Botnet tracking: exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: di Vimercati, S.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 319\u2013335. Springer, Heidelberg (2005)"},{"key":"26_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"141","DOI":"10.1007\/3-540-47870-1_9","volume-title":"Security and Privacy in Digital Rights Management","author":"B Horne","year":"2002","unstructured":"Horne, B., Matheson, L.R., Sheehan, C., Tarjan, R.E.: Dynamic self-checking techniques for improved tamper resistance. In: Sander, T. (ed.) DRM 2001. LNCS, vol. 2320, pp. 141\u2013159. Springer, Heidelberg (2002)"},{"doi-asserted-by":"crossref","unstructured":"Kanich, C., Kreibich, C., Levchenko, K., Enright, B., Voelker, G.M., Paxson, V., Savage, S.: Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS) (2008)","key":"26_CR19","DOI":"10.1145\/1455770.1455774"},{"unstructured":"Kirat, D., Vigna, G., Kruegel, C.: BareCloud: bare-metal analysis-based evasive malware detection. In: USENIX Security Symposium (2014)","key":"26_CR20"},{"doi-asserted-by":"crossref","unstructured":"Kolbitsch, C., Kirda, E., Kruegel, C.: The power of procrastination: detection and mitigation of execution-stalling malicious code. In: ACM Conference on Computer and Communications Security (CCS) (2011)","key":"26_CR21","DOI":"10.1145\/2046707.2046740"},{"doi-asserted-by":"crossref","unstructured":"Kreibich, C., Weaver, N., Kanich, C., Cui, W., Paxson, V.: GQ: practical containment for measuring modern malware systems. In: ACM SIGCOMM Internet Measurement Conference (IMC) (2011)","key":"26_CR22","DOI":"10.1145\/2068816.2068854"},{"doi-asserted-by":"crossref","unstructured":"Lengyel, T.K., Maresca, S., Payne, B.D., Webster, G.D., Vogl, S., Kiayias, A.: Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system. In: Annual Computer Security Applications Conference (ACSAC) (2014)","key":"26_CR23","DOI":"10.1145\/2664243.2664252"},{"unstructured":"Plohmann, D., Gerhards-Padilla, E.: Case study of the Miner Botnet. In: International Conference on Cyber Conflict (CYCON) (2012)","key":"26_CR24"},{"doi-asserted-by":"crossref","unstructured":"Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C.J., Bos, H.: P2PWNED: modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE Symposium on Security and Privacy (S&P) (2013)","key":"26_CR25","DOI":"10.1109\/SP.2013.17"},{"key":"26_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-642-37300-8_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C Rossow","year":"2013","unstructured":"Rossow, C., Dietrich, C., Bos, H.: Large-scale analysis of malware downloaders. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 42\u201361. Springer, Heidelberg (2013)"},{"doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: network traffic analysis of malicious software. In: Proceedings of Building Analysis Datasets and Gathering Experience Returns for Security (BADGERS) (2011)","key":"26_CR27","DOI":"10.1145\/1978672.1978682"},{"doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your Botnet is My Botnet: analysis of a Botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS) (2009)","key":"26_CR28","DOI":"10.1145\/1653662.1653738"},{"unstructured":"Weis, S.: Protecting data in use from firmware and physical attacks. In: BlackHat (2014)","key":"26_CR29"},{"doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. In: IEEE Symposium on Security and Privacy (S&P) (2007)","key":"26_CR30","DOI":"10.1109\/MSP.2007.45"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-26362-5_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,31]],"date-time":"2019-05-31T09:21:43Z","timestamp":1559294503000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-26362-5_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015]]},"ISBN":["9783319263618","9783319263625"],"references-count":30,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-26362-5_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2015]]}}}