{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T15:58:03Z","timestamp":1774022283108,"version":"3.50.1"},"publisher-location":"Cham","reference-count":39,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319687100","type":"print"},{"value":"9783319687117","type":"electronic"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-68711-7_9","type":"book-chapter","created":{"date-parts":[[2017,10,4]],"date-time":"2017-10-04T08:23:40Z","timestamp":1507105420000},"page":"151-170","source":"Crossref","is-referenced-by-count":10,"title":["A Stackelberg Game Model for Botnet Data Exfiltration"],"prefix":"10.1007","author":[{"given":"Thanh","family":"Nguyen","sequence":"first","affiliation":[]},{"given":"Michael P.","family":"Wellman","sequence":"additional","affiliation":[]},{"given":"Satinder","family":"Singh","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,10,4]]},"reference":[{"key":"9_CR1","unstructured":"Bacher, P., Holz, T., Kotter, M., Wicherski, G.: Know your enemy: tracking botnets. Technical report (2005)"},{"key":"9_CR2","doi-asserted-by":"crossref","first-page":"780","DOI":"10.1057\/jors.2016.37","volume":"68","author":"A Baldwin","year":"2017","unstructured":"Baldwin, A., Gheyas, I., Ioannidis, C., Pym, D., Williams, J.: Contagion in cyber security attacks. J. Oper. Res. Soc. 68, 780\u2013791 (2017)","journal-title":"J. Oper. Res. Soc."},{"key":"9_CR3","unstructured":"Basilico, N., Gatti, N., Amigoni, F.: Leader-follower strategies for robotic patrolling in environments with arbitrary topologies. In: 8th International Conference on Autonomous Agents and Multiagent Systems, pp. 57\u201364 (2009)"},{"key":"9_CR4","doi-asserted-by":"crossref","unstructured":"Bensoussan, A., Kantarcioglu, M., Hoe, S.C.: A game-theoretical approach for finding optimal strategies in a botnet defense model. In: 1st Conference on Decision and Game Theory for Security, pp. 135\u2013148 (2010)","DOI":"10.1007\/978-3-642-17197-0_9"},{"key":"9_CR5","doi-asserted-by":"crossref","unstructured":"Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: 7th IEEE International Conference on Computer and Information Technology, pp. 715\u2013720. IEEE (2007)","DOI":"10.1109\/CIT.2007.90"},{"key":"9_CR6","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), pp. 39\u201344 (2005)"},{"key":"9_CR7","volume-title":"Taking down botnets","author":"J Demarest","year":"2014","unstructured":"Demarest, J.: Taking down botnets. Statement before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism (2014)"},{"issue":"4","key":"9_CR8","doi-asserted-by":"crossref","first-page":"251","DOI":"10.1145\/316194.316229","volume":"29","author":"M Faloutsos","year":"1999","unstructured":"Faloutsos, M., Faloutsos, P., Faloutsos, C.: On power-law relationships of the Internet topology. ACM SIGCOMM Comput. Commun. Rev. 29(4), 251\u2013262 (1999)","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"9_CR9","doi-asserted-by":"crossref","unstructured":"Fang, F., Nguyen, T.H., Pickles, R., Lam, W.Y., Clements, G.R., An, B., Singh, A., Tambe, M., Lemieux, A.: Deploying PAWS: field optimization of the protection assistant for wildlife security. In: 28th Conference on Innovative Applications of Artificial Intelligence, pp. 3966\u20133973 (2016)","DOI":"10.1609\/aaai.v30i2.19070"},{"key":"9_CR10","doi-asserted-by":"crossref","unstructured":"Feily, M., Shahrestani, A., Ramadass, S.: A survey of botnet and botnet detection. In: 3rd International Conference on Emerging Security Information, Systems, and Technologies, pp. 268\u2013273 (2009)","DOI":"10.1109\/SECURWARE.2009.48"},{"key":"9_CR11","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W., et al.: BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection. In: 17th USENIX Security Symposium, pp. 139\u2013154 (2008)"},{"key":"9_CR12","unstructured":"Gu, G., Porras, P.A., Yegneswaran, V., Fong, M.W., Lee, W.: BotHunter: detecting malware infection through IDS-driven dialog correlation. In: 16th USENIX Security Symposium, pp. 167\u2013182 (2007)"},{"key":"9_CR13","unstructured":"Gu, G., Zhang, J., Lee, W.: BotSniffer: detecting botnet command and control channels in network traffic. In: 15th Annual Network and Distributed System Security Symposium (2008)"},{"key":"9_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-04444-1_1","volume-title":"Computer Security \u2013 ESORICS 2009","author":"T Holz","year":"2009","unstructured":"Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: a case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 1\u201318. Springer, Heidelberg (2009). doi: 10.1007\/978-3-642-04444-1_1"},{"key":"9_CR15","unstructured":"Jain, M., Korzhyk, D., Van\u011bk, O., Conitzer, V., P\u011bchou\u010dek, M., Tambe, M.: A double oracle algorithm for zero-sum security games on graphs. In: 10th International Conference on Autonomous Agents and MultiAgent Systems, pp. 327\u2013334 (2011)"},{"key":"9_CR16","unstructured":"Kiekintveld, C., Jain, M., Tsai, J., Pita, J., Ord\u00f3\/ nez, F., Tambe, M.: Computing optimal randomized resource allocations for massive security games. In: 8th International Conference on Autonomous Agents and Multi-Agent Systems, pp. 689\u2013696 (2009)"},{"key":"9_CR17","doi-asserted-by":"crossref","first-page":"669","DOI":"10.1007\/s00245-016-9389-6","volume":"74","author":"V Kolokoltsov","year":"2016","unstructured":"Kolokoltsov, V., Bensoussan, A.: Mean-field-game model for botnet defense in cyber-security. Appl. Math. Optim. 74, 669\u2013692 (2016)","journal-title":"Appl. Math. Optim."},{"key":"9_CR18","doi-asserted-by":"crossref","first-page":"297","DOI":"10.1613\/jair.3269","volume":"41","author":"D Korzhyk","year":"2011","unstructured":"Korzhyk, D., Yin, Z., Kiekintveld, C., Conitzer, V., Tambe, M.: Stackelberg vs. Nash in security games: an extended investigation of interchangeability, equivalence, and uniqueness. J. Artif. Intell. Res. 41, 297\u2013327 (2011)","journal-title":"J. Artif. Intell. Res."},{"key":"9_CR19","first-page":"06","volume":"11","author":"J Letchford","year":"2011","unstructured":"Letchford, J., Vorobeychik, Y.: Computing randomized security strategies in networked domains. Appl. Advers. Reason. Risk Model. 11, 06 (2011)","journal-title":"Appl. Advers. Reason. Risk Model."},{"key":"9_CR20","doi-asserted-by":"crossref","unstructured":"Mc Carthy, S.M., Sinha, A., Tambe, M., Manadhata, P.: Data exfiltration detection and prevention: virtually distributed POMDPs for practically safer networks. In: 7th Conference on Decision and Game Theory for Security, pp. 69\u201361 (2016)","DOI":"10.1007\/978-3-319-47413-7_3"},{"key":"9_CR21","unstructured":"McMahan, H.B., Gordon, G.J., Blum, A.: Planning in the presence of cost functions controlled by an adversary. In: 20th International Conference on Machine Learning, pp. 536\u2013543 (2003)"},{"key":"9_CR22","unstructured":"Naveh, B., Contributors: JGraphT - a free java graph library (2009)"},{"issue":"1","key":"9_CR23","doi-asserted-by":"crossref","first-page":"3","DOI":"10.1145\/1216370.1216373","volume":"39","author":"T Peng","year":"2007","unstructured":"Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv. 39(1), 3 (2007)","journal-title":"ACM Comput. Surv."},{"key":"9_CR24","unstructured":"Rocketfuel: Rocketfuel: an ISP topology mapping engine (2002)"},{"key":"9_CR25","doi-asserted-by":"crossref","unstructured":"Rossow, C., Andriesse, D., Werner, T., Stone-Gross, B., Plohmann, D., Dietrich, C.J., Bos, H.: SoK: P2PWNED \u2013 modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE Symposium on Security and Privacy, pp. 97\u2013111 (2013)","DOI":"10.1109\/SP.2013.17"},{"key":"9_CR26","unstructured":"Shieh, E., An, B., Yang, R., Tambe, M., Baldwin, C., DiRenzo, J., Maule, B., Meyer, G.: PROTECT: a deployed game theoretic system to protect the ports of the United States. In: 11th International Conference on Autonomous Agents and Multiagent Systems, pp. 13\u201320 (2012)"},{"key":"9_CR27","doi-asserted-by":"crossref","unstructured":"Soper, B., Musacchio, J.: A botnet detection game. In: 52nd Annual Allerton Conference on Communication Control and Computing, pp. 294\u2013303. IEEE (2014)","DOI":"10.1109\/ALLERTON.2014.7028469"},{"key":"9_CR28","doi-asserted-by":"crossref","unstructured":"Soper, B.C.: Non-zero-sum, adversarial detection games in network security. Ph.D. thesis, University of California, Santa Cruz (2015)","DOI":"10.1109\/ALLERTON.2015.7447027"},{"key":"9_CR29","unstructured":"Stinson, E., Mitchell, J.C.: Towards systematic evaluation of the evadability of bot\/botnet detection methods. In: 2nd USENIX Workshop on Offensive Technologies (2008)"},{"key":"9_CR30","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Abman, R., Kemmerer, R.A., Kruegel, C., Steigerwald, D.G., Vigna, G.: The underground economy of fake antivirus software. In: 10th Workshop on the Economics of Information Security (2011)","DOI":"10.1007\/978-1-4614-1981-5_4"},{"key":"9_CR31","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Cova, M., Cavallaro, L., Gilbert, B., Szydlowski, M., Kemmerer, R., Kruegel, C., Vigna, G.: Your botnet is my botnet: analysis of a botnet takeover. In: 16th ACM Conference on Computer and Communications Security, pp. 635\u2013647 (2009)","DOI":"10.1145\/1653662.1653738"},{"key":"9_CR32","series-title":"Advances in Information Security","first-page":"1","volume-title":"Botnet Detection: Countering the Largest Security Threat","author":"WT Strayer","year":"2008","unstructured":"Strayer, W.T., Lapsely, D., Walsh, R., Livadas, C.: Botnet detection based on network behavior. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection: Countering the Largest Security Threat. Advances in Information Security, vol. 36, pp. 1\u201324. Springer, Boston (2008)"},{"key":"9_CR33","unstructured":"Sweeney, P.J.: Designing effective and stealthy botnets for cyber espionage and interdiction: finding the cyber high ground. Ph.D. thesis, September 2014"},{"key":"9_CR34","volume-title":"Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned","year":"2011","unstructured":"Tambe, M. (ed.): Security and Game Theory: Algorithms, Deployed Systems, Lessons Learned. Cambridge University Press, Cambridge (2011)"},{"key":"9_CR35","unstructured":"Van Eeten, M., Bauer, J.M., Asghari, H., Tabatabaie, S., Rand, D.: The role of Internet service providers in botnet mitigation an empirical analysis based on spam data. In: 9th Workshop on the Economics of Information Security (2010)"},{"key":"9_CR36","unstructured":"Van\u011bk, O., Yin, Z., Jain, M., Bo\u0161ansk\u1ef3, B., Tambe, M., P\u011bchou\u010dek, M.: Game-theoretic resource allocation for malicious packet detection in computer networks. In: 11th International Conference on Autonomous Agents and Multiagent Systems, pp. 905\u2013912 (2012)"},{"key":"9_CR37","doi-asserted-by":"crossref","unstructured":"Venkatesan, S., Albanese, M., Cybenko, G., Jajodia, S.: A moving target defense approach to disrupting stealthy botnets. In: ACM Workshop on Moving Target, Defense, pp. 37\u201346 (2016)","DOI":"10.1145\/2995272.2995280"},{"key":"9_CR38","doi-asserted-by":"crossref","unstructured":"Venkatesan, S., Albanese, M., Jajodia, S.: Disrupting stealthy botnets through strategic placement of detectors. In: IEEE Conference on Communications and Network Security (CNS), pp. 95\u2013103 (2015)","DOI":"10.1109\/CNS.2015.7346816"},{"issue":"2","key":"9_CR39","doi-asserted-by":"crossref","first-page":"113","DOI":"10.1109\/TDSC.2008.35","volume":"7","author":"P Wang","year":"2010","unstructured":"Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secure Comput. 7(2), 113 (2010)","journal-title":"IEEE Trans. Dependable Secure Comput."}],"container-title":["Lecture Notes in Computer Science","Decision and Game Theory for Security"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-68711-7_9","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,8,3]],"date-time":"2022-08-03T22:39:45Z","timestamp":1659566385000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-68711-7_9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319687100","9783319687117"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-68711-7_9","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017]]}}}