{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T03:13:02Z","timestamp":1743131582339,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319678061"},{"type":"electronic","value":"9783319678078"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-67807-8_2","type":"book-chapter","created":{"date-parts":[[2017,9,26]],"date-time":"2017-09-26T08:22:18Z","timestamp":1506414138000},"page":"18-33","source":"Crossref","is-referenced-by-count":0,"title":["Enhanced Sinkhole System: Collecting System Details to Support Investigations"],"prefix":"10.1007","author":[{"given":"Martin","family":"Ussath","sequence":"first","affiliation":[]},{"given":"Feng","family":"Cheng","sequence":"additional","affiliation":[]},{"given":"Christoph","family":"Meinel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,9,27]]},"reference":[{"key":"2_CR1","unstructured":"Avalanche (2016). \nhttp:\/\/blog.shadowserver.org\/2016\/12\/01\/avalanche\/\n\n. Accessed 18 Dec 2016"},{"key":"2_CR2","unstructured":"DNS Response Policy Zones (2016). \nhttps:\/\/dnsrpz.info\/\n\n. Accessed 02 Dec 2016"},{"key":"2_CR3","unstructured":"Balzarotti, D., Cova, M., Karlberger, C., Kruegel, C., Kirda, E., Vigna, G.: Efficient detection of split personalities in malware. In: Proceedings of the Symposium on Network and Distributed System Security (NDSS) (2010)"},{"issue":"1","key":"2_CR4","doi-asserted-by":"publisher","first-page":"67","DOI":"10.1007\/s11416-006-0012-2","volume":"2","author":"U Bayer","year":"2006","unstructured":"Bayer, U., Moser, A., Kruegel, C., Kirda, E.: Dynamic analysis of malicious code. J. Comput. Virol. 2(1), 67\u201377 (2006). doi:\n10.1007\/s11416-006-0012-2","journal-title":"J. Comput. Virol."},{"key":"2_CR5","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-319-40667-1_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"M Brengel","year":"2016","unstructured":"Brengel, M., Backes, M., Rossow, C.: Detecting hardware-assisted virtualization. In: Caballero, J., Zurutuza, U., Rodr\u00edguez, R.J. (eds.) DIMVA 2016. LNCS, vol. 9721, pp. 207\u2013227. Springer, Cham (2016). doi:\n10.1007\/978-3-319-40667-1_11"},{"key":"2_CR6","unstructured":"Dell Incorporated: Dell Security Annual Threat Report 2016. Technical report (2016)"},{"key":"2_CR7","unstructured":"Graeber, M.: PowerShell Script: Out-Minidump.ps1 (2013). \nhttps:\/\/raw.githubusercontent.com\/PowerShellMafia\/PowerSploit\/master\/Exfiltration\/Out-Minidump.ps1\n\n. Accessed 05 Aug 2016"},{"key":"2_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"464","DOI":"10.1007\/978-3-642-15512-3_24","volume-title":"Recent Advances in Intrusion Detection","author":"C-H Hsu","year":"2010","unstructured":"Hsu, C.-H., Huang, C.-Y., Chen, K.-T.: Fast-flux bot detection in real time. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 464\u2013483. Springer, Heidelberg (2010). doi:\n10.1007\/978-3-642-15512-3_24"},{"key":"2_CR9","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/s11277-016-3443-1","volume":"93","author":"HM Jung","year":"2016","unstructured":"Jung, H.M., Lee, H.G., Choi, J.W.: Efficient malicious packet capture through advanced dns sinkhole. Wirel. Personal Commun. 93, 21\u201334 (2016). doi:\n10.1007\/s11277-016-3443-1","journal-title":"Wirel. Personal Commun."},{"key":"2_CR10","unstructured":"Juwono, J.T., Lim, C., Erwin, A.: A comparative study of behavior analysis sandboxes in malware detection. In: Proceedings of the International Conference on New Media (CONMEDIA) (2015)"},{"key":"2_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"469","DOI":"10.1007\/978-3-642-17569-5_46","volume-title":"Future Generation Information Technology","author":"H-G Lee","year":"2010","unstructured":"Lee, H.-G., Choi, S.-S., Lee, Y.-S., Park, H.-S.: Enhanced sinkhole system by improving post-processing mechanism. In: Kim, T., Lee, Y., Kang, B.-H., \u015al\u0119zak, D. (eds.) FGIT 2010. LNCS, vol. 6485, pp. 469\u2013480. Springer, Heidelberg (2010). doi:\n10.1007\/978-3-642-17569-5_46"},{"key":"2_CR12","unstructured":"Kirat, D., Vigna, G., Kruegel, C.: BareCloud: bare-metal analysis-based evasive malware detection. In: Proceedings of the 23rd USENIX Security Symposium (USENIX Security), August 2014"},{"key":"2_CR13","unstructured":"Krebs, B.: Security firm Bit9 hacked, used to spread malware. \nhttps:\/\/krebsonsecurity.com\/2013\/02\/security-firm-bit9-hacked-used-to-spread-malware\/\n\n. Accessed 03 Feb 2017"},{"key":"2_CR14","unstructured":"Markoff, J.: SecurID company suffers a breach of data security. \nhttp:\/\/www.nytimes.com\/2011\/03\/18\/technology\/18secure.html\n\n. Accessed 03 Feb 2017"},{"key":"2_CR15","unstructured":"Mathews, L.: ThyssenKrupp attackers stole trade secrets in massive hack (2016). \nhttp:\/\/www.forbes.com\/sites\/leemathews\/2016\/12\/08\/thyssenkrupp-attackers-stole-trade-secrets-in-massive-hack\/LeeMathews,Lee\n\n. Accessed 10 Dec 2016"},{"key":"2_CR16","unstructured":"Raiu, C.: Microsoft seizes 22 NO-IP domains, disrupts cybercriminal and nation state APT malware operations (2014). \nhttps:\/\/securelist.com\/blog\/events\/64143\/microsoft-seizes-22-no-ip-domains-disrupts-cybercriminal-and-nation-state-apt-malware-operations\/\n\n. Accessed 14 Dec 2016"},{"key":"2_CR17","unstructured":"Raiu, C., Baumgartner, K.: Sinkholing volatile cedar DGA infrastructure (2015). \nhttps:\/\/securelist.com\/blog\/research\/69421\/sinkholing-volatile-cedar-dga-infrastructure\/\n\n. Accessed 18 Dec 2016"},{"key":"2_CR18","unstructured":"Regalado, D., Karim, T., Jain, V., Hernandez, E.: Ghosts in the endpoint (2016). \nhttps:\/\/www.fireeye.com\/blog\/threat-research\/2016\/04\/ghosts_in_the_endpoi.html\n\n. Accessed 18 Nov 2016"},{"key":"2_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"42","DOI":"10.1007\/978-3-642-37300-8_3","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C Rossow","year":"2013","unstructured":"Rossow, C., Dietrich, C., Bos, H.: Large-scale analysis of malware downloaders. In: Flegel, U., Markatos, E., Robertson, W. (eds.) DIMVA 2012. LNCS, vol. 7591, pp. 42\u201361. Springer, Heidelberg (2013). doi:\n10.1007\/978-3-642-37300-8_3"},{"key":"2_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"21","DOI":"10.1007\/978-3-642-39235-1_2","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"C Rossow","year":"2013","unstructured":"Rossow, C., Dietrich, C.J.: ProVeX: detecting botnets with encrypted command and control channels. In: Rieck, K., Stewin, P., Seifert, J.-P. (eds.) DIMVA 2013. LNCS, vol. 7967, pp. 21\u201340. Springer, Heidelberg (2013). doi:\n10.1007\/978-3-642-39235-1_2"},{"key":"2_CR21","unstructured":"Schwartz, M.J.: Lockheed martin suffers massive cyberattack. \nhttp:\/\/www.darkreading.com\/risk-management\/lockheed-martin-suffers-massive-cyberattack\/d\/d-id\/1098013\n\n. Accessed 03 Feb 2017"},{"key":"2_CR22","unstructured":"Symantec Corporation: Internet Security Threat Report. Technical report 21 (2016)"},{"issue":"2","key":"2_CR23","doi-asserted-by":"publisher","first-page":"32","DOI":"10.1109\/MSP.2007.45","volume":"5","author":"C Willems","year":"2007","unstructured":"Willems, C., Holz, T., Freiling, F.: Toward automated dynamic malware analysis using CWSandbox. IEEE Secur. Priv. 5(2), 32\u201339 (2007). doi:\n10.1109\/MSP.2007.45","journal-title":"IEEE Secur. Priv."},{"key":"2_CR24","doi-asserted-by":"publisher","unstructured":"Willems, C., Hund, R., Fobian, A., Felsch, D., Holz, T., Vasudevan, A.: Down to the bare metal: using processor features for binary analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference (ACSAC). ACM (2012). doi:\n10.1145\/2420950.2420980","DOI":"10.1145\/2420950.2420980"}],"container-title":["Lecture Notes in Computer Science","Mobile, Secure, and Programmable Networking"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-67807-8_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,10,2]],"date-time":"2017-10-02T03:53:19Z","timestamp":1506916399000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-67807-8_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319678061","9783319678078"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-67807-8_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]}}}