{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T16:00:47Z","timestamp":1743091247109,"version":"3.40.3"},"publisher-location":"Cham","reference-count":24,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319701387"},{"type":"electronic","value":"9783319701394"}],"license":[{"start":{"date-parts":[[2017,1,1]],"date-time":"2017-01-01T00:00:00Z","timestamp":1483228800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017]]},"DOI":"10.1007\/978-3-319-70139-4_45","type":"book-chapter","created":{"date-parts":[[2017,10,28]],"date-time":"2017-10-28T01:24:18Z","timestamp":1509153858000},"page":"442-451","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":11,"title":["Detection of Botnet Activities Through the Lens of a Large-Scale Darknet"],"prefix":"10.1007","author":[{"given":"Tao","family":"Ban","sequence":"first","affiliation":[]},{"given":"Lei","family":"Zhu","sequence":"additional","affiliation":[]},{"given":"Jumpei","family":"Shimamura","sequence":"additional","affiliation":[]},{"given":"Shaoning","family":"Pang","sequence":"additional","affiliation":[]},{"given":"Daisuke","family":"Inoue","sequence":"additional","affiliation":[]},{"given":"Koji","family":"Nakao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2017,10,29]]},"reference":[{"key":"45_CR1","doi-asserted-by":"crossref","unstructured":"Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC 2006), pp. 41\u201352. ACM (2006). http:\/\/doi.acm.org\/10.1145\/1177080.1177086","DOI":"10.1145\/1177080.1177086"},{"key":"45_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"620","DOI":"10.1007\/978-3-642-34500-5_73","volume-title":"Neural Information Processing","author":"T Ban","year":"2012","unstructured":"Ban, T., Zhu, L., Shimamura, J., Pang, S., Inoue, D., Nakao, K.: Behavior analysis of long-term cyber attacks in the darknet. In: Huang, T., Zeng, Z., Li, C., Leung, C.S. (eds.) ICONIP 2012. LNCS, vol. 7667, pp. 620\u2013628. Springer, Heidelberg (2012). doi:10.1007\/978-3-642-34500-5_73"},{"key":"45_CR3","doi-asserted-by":"crossref","unstructured":"Benson, K., Dainotti, A., Claffy, K., Aben, E.: Gaining insight into as-level outages through analysis of internet background radiation. In: Proceedings of the 2012 ACM Conference on CoNEXT Student Workshop, pp. 63\u201364 (2012)","DOI":"10.1145\/2413247.2413285"},{"key":"45_CR4","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: EXPOSURE: finding malicious domains using passive DNS analysis. In: 18th Annual Network and Distributed System Security Symposium, NDSS 2011, San Diego, CA, USA, 6\u20139 February 2011. http:\/\/www.eurecom.fr\/publication\/3281"},{"key":"45_CR5","doi-asserted-by":"crossref","unstructured":"Cho, C.Y., Domagoj, B., Shin, E.C.R., Song, D.: Inference and analysis of formal models of botnet command and control protocols. In: Computer and Communications Security (CCS 2010), pp. 426\u2013439. ACM (2010)","DOI":"10.1145\/1866307.1866355"},{"key":"45_CR6","doi-asserted-by":"crossref","unstructured":"Choi, H., Lee, H., Lee, H., Kim, H.: Botnet detection by monitoring group activities in DNS traffic. In: Proceedings of the 7th IEEE International Conference on Computer and Information Technology, pp. 715\u2013720 (2007)","DOI":"10.1109\/CIT.2007.90"},{"issue":"1","key":"45_CR7","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1016\/j.comnet.2011.07.018","volume":"56","author":"H Choi","year":"2012","unstructured":"Choi, H., Lee, H.: Identifying botnets by capturing group activities in DNS traffic. Comput. Netw. 56(1), 20\u201333 (2012). http:\/\/dx.doi.org\/10.1016\/j.comnet.2011.07.018","journal-title":"Comput. Netw."},{"key":"45_CR8","doi-asserted-by":"crossref","unstructured":"Choi, H., Lee, H., Kim, H.: Botgad: detecting botnets by capturing group activities in network traffic. In: Proceedings of the Fourth International ICST Conference on COMmunication System softWAre and middlewaRE, COMSWARE 2009, pp. 2:1\u20132:8. ACM (2009). http:\/\/doi.acm.org\/10.1145\/1621890.1621893","DOI":"10.1145\/1621890.1621893"},{"key":"45_CR9","series-title":"Advances in Information Security","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-0-387-68768-1_8","volume-title":"Botnet Detection","author":"D Dagon","year":"2008","unstructured":"Dagon, D., Gu, G., Lee, C.P.: A taxonomy of botnet structures. In: Lee, W., Wang, C., Dagon, D. (eds.) Botnet Detection. Advances in Information Security, vol. 36, pp. 143\u2013164. Springer, Boston (2008). doi:10.1007\/978-0-387-68768-1_8"},{"key":"45_CR10","doi-asserted-by":"crossref","unstructured":"Dainotti, A., King, A., Claffy, K., Papale, F., Pescap\u00e8, A.: Analysis of a \u201c\/0\u201d stealth scan from a botnet. In: Internet Measurement Conference, IMC 2012, pp. 1\u201314. ACM (2012)","DOI":"10.1145\/2398776.2398778"},{"key":"45_CR11","unstructured":"Friess, N., Aycock, J., Vogt, R.: Black market botnets. In: Proceedings of the MIT Spam Conference, pp. 1\u20138 (2010)"},{"key":"45_CR12","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: USENIX Security Symposium, SS 2007, pp. 1\u201316. USENIX Association (2007)"},{"key":"45_CR13","doi-asserted-by":"crossref","unstructured":"Gu, G., Yegneswaran, V., Porras, P., Stoll, J., Lee, W.: Active botnet probing to identify obscure command and control channels. In: 2009 Annual Computer Security Applications Conference (ACSAC 2009), pp. 241\u2013253 (2009)","DOI":"10.1109\/ACSAC.2009.30"},{"issue":"3","key":"45_CR14","doi-asserted-by":"publisher","first-page":"47","DOI":"10.1016\/j.entcs.2006.03.011","volume":"151","author":"U Harder","year":"2006","unstructured":"Harder, U., Johnson, M.W., Bradley, J.T., Knottenbelt, W.J.: Observing internet worm and virus attacks with a small network telescope. Electr. Notes Theor. Comput. Sci. 151(3), 47\u201359 (2006)","journal-title":"Electr. Notes Theor. Comput. Sci."},{"issue":"1","key":"45_CR15","first-page":"7","volume":"10","author":"T Hyslip","year":"2015","unstructured":"Hyslip, T., Pittman, J.: A survey of botnet detection techniques by command and control infrastructure. JDFSL 10(1), 7\u201326 (2015)","journal-title":"JDFSL"},{"key":"45_CR16","doi-asserted-by":"crossref","unstructured":"Inoue, D., Eto, M., Yoshioka, K., Baba, S., Suzuki, K., Nakazato, J., Ohtaka, K., Nakao, K.: Nicter: an incident analysis system toward binding network monitoring with malware analysis. In: Proceedings of the 2008 WOMBAT Workshop on Information Security Threats Data Collection and Sharing, pp. 58\u201366 (2008)","DOI":"10.1109\/WISTDCS.2008.14"},{"key":"45_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"579","DOI":"10.1007\/978-3-642-02490-0_71","volume-title":"Advances in Neuro-Information Processing","author":"D Inoue","year":"2009","unstructured":"Inoue, D., Yoshioka, K., Eto, M., Yamagata, M., Nishino, E., Takeuchi, J., Ohkouchi, K., Nakao, K.: An incident analysis system NICTER and its analysis engines based on data mining techniques. In: K\u00f6ppen, M., Kasabov, N., Coghill, G. (eds.) ICONIP 2008. LNCS, vol. 5506, pp. 579\u2013586. Springer, Heidelberg (2009). doi:10.1007\/978-3-642-02490-0_71"},{"issue":"4","key":"45_CR18","doi-asserted-by":"crossref","first-page":"613","DOI":"10.1111\/j.2517-6161.1995.tb02052.x","volume":"57","author":"TL Lai","year":"1995","unstructured":"Lai, T.L.: Sequential change-point detection in quality control and dynamical systems. J. R. Stat. Soc. Ser. B 57(4), 613\u2013658 (1995)","journal-title":"J. R. Stat. Soc. Ser. B"},{"key":"45_CR19","doi-asserted-by":"crossref","unstructured":"Mazzariello, C.: IRC traffic analysis for botnet detection. In: 2008 Fourth International Conference on Information Assurance and Security (ISIAS 2008), pp. 318\u2013323 (2008)","DOI":"10.1109\/IAS.2008.58"},{"key":"45_CR20","doi-asserted-by":"crossref","unstructured":"Mizoguchi, S., Kugisaki, Y., Kasahara, Y., Hori, Y., Sakurai, K.: Implementation and evaluation of bot detection scheme based on data transmission intervals. In: 2010 6th IEEE Workshop on Secure Network Protocols (NPSec), pp. 73\u201378 (2010)","DOI":"10.1109\/NPSEC.2010.5634446"},{"key":"45_CR21","unstructured":"Nakao, K., Yoshioka, K., Inoue, D., Eto, M.: A novel concept of network incident analysis based on multi-layer ovservation of malware activities. In: Proceedings of The 2nd Joint Workshop on Information Security (JWIS07), pp. 267\u2013279 (2007)"},{"key":"45_CR22","unstructured":"Puri, R.: Bots & botnet: an overview. http:\/\/www.sans.org\/readingroom\/whitepapers\/malicious\/1299.php"},{"key":"45_CR23","doi-asserted-by":"publisher","DOI":"10.1007\/978-1-4757-2440-0","volume-title":"The Nature of Statistical Learning Theory","author":"VN Vapnik","year":"1995","unstructured":"Vapnik, V.N.: The Nature of Statistical Learning Theory. Springer, New York (1995). doi:10.1007\/978-1-4757-2440-0"},{"key":"45_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"207","DOI":"10.1007\/978-3-540-70542-0_11","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"T-F Yen","year":"2008","unstructured":"Yen, T.-F., Reiter, M.K.: Traffic aggregation for malware detection. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 207\u2013227. Springer, Heidelberg (2008). doi:10.1007\/978-3-540-70542-0_11"}],"container-title":["Lecture Notes in Computer Science","Neural Information Processing"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-70139-4_45","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,6,28]],"date-time":"2024-06-28T03:23:53Z","timestamp":1719545033000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-319-70139-4_45"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017]]},"ISBN":["9783319701387","9783319701394"],"references-count":24,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-70139-4_45","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2017]]},"assertion":[{"value":"29 October 2017","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ICONIP","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Neural Information Processing","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Guangzhou","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"China","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2017","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"14 November 2017","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 November 2017","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"24","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"iconip2017","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"http:\/\/www.iconip2017.org\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}