{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,24]],"date-time":"2025-10-24T13:09:13Z","timestamp":1761311353558},"publisher-location":"Cham","reference-count":40,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783319788128"},{"type":"electronic","value":"9783319788135"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-78813-5_5","type":"book-chapter","created":{"date-parts":[[2018,4,10]],"date-time":"2018-04-10T06:03:21Z","timestamp":1523340201000},"page":"88-107","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Guilt-by-Association: Detecting Malicious Entities via Graph Mining"],"prefix":"10.1007","author":[{"given":"Pejman","family":"Najafi","sequence":"first","affiliation":[]},{"given":"Andrey","family":"Sapegin","sequence":"additional","affiliation":[]},{"given":"Feng","family":"Cheng","sequence":"additional","affiliation":[]},{"given":"Christoph","family":"Meinel","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2018,4,11]]},"reference":[{"key":"5_CR1","unstructured":"Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: USENIX Security Symposium, pp. 273\u2013290 (2010)"},{"key":"5_CR2","unstructured":"Antonakakis, M., Perdisci, R., Lee, W., Vasiloglou II, N., Dagon, D.: Detecting malware domains at the upper DNS hierarchy. In: USENIX Security Symposium, vol. 11, pp. 1\u201316 (2011)"},{"key":"5_CR3","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive DNS analysis. In: NDSS (2011)"},{"issue":"1","key":"5_CR4","doi-asserted-by":"publisher","first-page":"107","DOI":"10.1016\/S0169-7552(98)00110-X","volume":"30","author":"S Brin","year":"1998","unstructured":"Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. Comput. Netw. ISDN Syst. 30(1), 107\u2013117 (1998)","journal-title":"Comput. Netw. ISDN Syst."},{"key":"5_CR5","unstructured":"Cao, Q., Sirivianos, M., Yang, X., Pregueiro, T.: Aiding the detection of fake accounts in large scale social online services. In: Proceedings of the 9th USENIX Conference on Networked Systems Design and Implementation, p. 15. USENIX Association (2012)"},{"key":"5_CR6","doi-asserted-by":"publisher","first-page":"131","DOI":"10.1137\/1.9781611972818.12","volume-title":"Proceedings of the 2011 SIAM International Conference on Data Mining","author":"Duen Horng \u201cPolo\u201d Chau","year":"2011","unstructured":"Chau, D.H.P., Nachenberg, C., Wilhelm, J., Wright, A., Faloutsos, C.: Polonium: tera-scale graph mining and inference for malware detection. In: Proceedings of the 2011 SIAM International Conference on Data Mining, pp. 131\u2013142. SIAM (2011)"},{"key":"5_CR7","first-page":"6","volume":"10","author":"M Felegyhazi","year":"2010","unstructured":"Felegyhazi, M., Kreibich, C., Paxson, V.: On the potential of proactive domain blacklisting. LEET 10, 6 (2010)","journal-title":"LEET"},{"issue":"1","key":"5_CR8","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1023\/A:1026501619075","volume":"40","author":"WT Freeman","year":"2000","unstructured":"Freeman, W.T., Pasztor, E.C., Carmichael, O.T.: Learning low-level vision. Int. J. Comput. Vis. 40(1), 25\u201347 (2000)","journal-title":"Int. J. Comput. Vis."},{"key":"5_CR9","doi-asserted-by":"publisher","first-page":"576","DOI":"10.1016\/B978-012088469-8.50052-8","volume-title":"Proceedings 2004 VLDB Conference","author":"Zolt\u00e1n Gy\u00f6ngyi","year":"2004","unstructured":"Gy\u00f6ngyi, Z., Garcia-Molina, H., Pedersen, J.: Combating web spam with trustrank. In: Proceedings of the Thirtieth International Conference on Very Large Data Bases, vol. 30, pp. 576\u2013587. VLDB Endowment (2004)"},{"key":"5_CR10","unstructured":"Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: NDSS (2008)"},{"key":"5_CR11","unstructured":"Howard, F.: A closer look at the Angler exploit kit (2015). https:\/\/news.sophos.com\/en-us\/2015\/07\/21\/a-closer-look-at-the-angler-exploit-kit\/"},{"key":"5_CR12","doi-asserted-by":"crossref","unstructured":"Huang, Y., Greve, P.: Large scale graph mining for web reputation inference. In: 2015 IEEE 25th International Workshop on Machine Learning for Signal Processing (MLSP), pp. 1\u20136. IEEE (2015)","DOI":"10.1109\/MLSP.2015.7324374"},{"key":"5_CR13","doi-asserted-by":"crossref","unstructured":"Scarfone, K.A., Hoffman, P.: Guidelines on firewalls and firewall policy (2009). https:\/\/www.nist.gov\/publications\/guidelines-firewalls-and-firewall-policy","DOI":"10.6028\/NIST.SP.800-41r1"},{"key":"5_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"181","DOI":"10.1007\/978-3-642-36563-8_13","volume-title":"Engineering Secure Software and Systems","author":"V Kotov","year":"2013","unstructured":"Kotov, V., Massacci, F.: Anatomy of exploit kits. In: J\u00fcrjens, J., Livshits, B., Scandariato, R. (eds.) ESSoS 2013. LNCS, vol. 7781, pp. 181\u2013196. Springer, Heidelberg (2013). https:\/\/doi.org\/10.1007\/978-3-642-36563-8_13"},{"key":"5_CR15","series-title":"Lecture Notes in Computer Science (Lecture Notes in Artificial Intelligence)","doi-asserted-by":"publisher","first-page":"245","DOI":"10.1007\/978-3-642-23783-6_16","volume-title":"Machine Learning and Knowledge Discovery in Databases","author":"D Koutra","year":"2011","unstructured":"Koutra, D., Ke, T.-Y., Kang, U., Chau, D.H.P., Pao, H.-K.K., Faloutsos, C.: Unifying guilt-by-association approaches: theorems and fast algorithms. In: Gunopulos, D., Hofmann, T., Malerba, D., Vazirgiannis, M. (eds.) ECML PKDD 2011. LNCS (LNAI), vol. 6912, pp. 245\u2013260. Springer, Heidelberg (2011). https:\/\/doi.org\/10.1007\/978-3-642-23783-6_16"},{"key":"5_CR16","doi-asserted-by":"crossref","unstructured":"Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Beyond blacklists: learning to detect malicious web sites from suspicious URLs. In: Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1245\u20131254. ACM (2009)","DOI":"10.1145\/1557019.1557153"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Ma, J., Saul, L.K., Savage, S., Voelker, G.M.: Identifying suspicious URLs: an application of large-scale online learning. In: Proceedings of the 26th Annual International Conference on Machine Learning, pp. 681\u2013688. ACM (2009)","DOI":"10.1145\/1553374.1553462"},{"key":"5_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-319-11203-9_1","volume-title":"Computer Security - ESORICS 2014","author":"PK Manadhata","year":"2014","unstructured":"Manadhata, P.K., Yadav, S., Rao, P., Horne, W.: Detecting malicious domains via graph inference. In: Kuty\u0142owski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8712, pp. 1\u201318. Springer, Cham (2014). https:\/\/doi.org\/10.1007\/978-3-319-11203-9_1"},{"key":"5_CR19","unstructured":"Manners, D.: The user agent field: analyzing and detecting the abnormal or malicious in your organization (2011)"},{"key":"5_CR20","unstructured":"Mavrommatis, N.P.P., Monrose, M.A.R.F.: All your iframes point to us (2008)"},{"issue":"2","key":"5_CR21","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1109\/49.661103","volume":"16","author":"RJ McEliece","year":"1998","unstructured":"McEliece, R.J., MacKay, D.J.C., Cheng, J.F.: Turbo decoding as an instance of pearl\u2019s \u201cbelief propagation\u201d algorithm. IEEE J. Sel. Areas Commun. 16(2), 140\u2013152 (1998)","journal-title":"IEEE J. Sel. Areas Commun."},{"key":"5_CR22","unstructured":"Mockapetris, P.: Domain names - concepts and facilities (1987). https:\/\/www.ietf.org\/rfc\/rfc1034.txt"},{"key":"5_CR23","unstructured":"Mockapetris, P.: Domain names - implementation and specification (1987). https:\/\/www.ietf.org\/rfc\/rfc1034.txt"},{"key":"5_CR24","unstructured":"Murphy, K.P., Weiss, Y., Jordan, M.I.: Loopy belief propagation for approximate inference: an empirical study. In: Proceedings of the Fifteenth Conference on Uncertainty in Artificial Intelligence, pp. 467\u2013475. Morgan Kaufmann Publishers Inc. (1999)"},{"key":"5_CR25","doi-asserted-by":"crossref","unstructured":"Oprea, A., Li, Z., Yen, T.F., Chin, S.H., Alrwais, S.: Detection of early-stage enterprise infection by mining large-scale log data. In: 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 45\u201356. IEEE (2015)","DOI":"10.1109\/DSN.2015.14"},{"key":"5_CR26","volume-title":"Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference","author":"J Pearl","year":"2014","unstructured":"Pearl, J.: Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan Kaufmann, Burlington (2014)"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Corona, I., Dagon, D., Lee, W.: Detecting malicious flux service networks through passive analysis of recursive DNS traces. In: Annual Computer Security Applications Conference, ACSAC 2009, pp. 311\u2013320. IEEE (2009)","DOI":"10.1109\/ACSAC.2009.36"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Rahbarinia, B., Perdisci, R., Antonakakis, M.: Segugio: efficient behavior-based tracking of malware-control domains in large ISP networks. In: 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 403\u2013414. IEEE (2015)","DOI":"10.1109\/DSN.2015.35"},{"key":"5_CR29","unstructured":"Rocha, L.: Neutrino exploit kit analysis and threat indicator (2016)"},{"key":"5_CR30","doi-asserted-by":"crossref","unstructured":"Tamersoy, A., Roundy, K., Chau, D.H.: Guilt by association: large scale malware detection by mining file-relation graphs. In: Proceedings of the 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1524\u20131533. ACM (2014)","DOI":"10.1145\/2623330.2623342"},{"key":"5_CR31","unstructured":"Weimer, F.: Passive DNS replication. In: First Conference on Computer Security Incident, p. 98 (2005)"},{"key":"5_CR32","unstructured":"Wu, B., Goel, V., Davison, B.D.: Propagating trust and distrust to demote web spam. MTW 190 (2006)"},{"key":"5_CR33","unstructured":"Xu, W., Sanders, K., Zhang, Y.: We know it before you do: predicting malicious domains. In: Proceedings of the 2014 Virus Bulletin International Conference, pp. 73\u201377 (2014)"},{"issue":"5","key":"5_CR34","doi-asserted-by":"publisher","first-page":"1663","DOI":"10.1109\/TNET.2012.2184552","volume":"20","author":"S Yadav","year":"2012","unstructured":"Yadav, S., Reddy, A.K.K., Reddy, A.N., Ranjan, S.: Detecting algorithmically generated domain-flux attacks with DNS traffic analysis. IEEE\/ACM Trans. Netw. 20(5), 1663\u20131677 (2012)","journal-title":"IEEE\/ACM Trans. Netw."},{"key":"5_CR35","first-page":"236","volume":"8","author":"JS Yedidia","year":"2003","unstructured":"Yedidia, J.S., Freeman, W.T., Weiss, Y.: Understanding belief propagation and its generalizations. Exploring Artif. Intell. New Millennium 8, 236\u2013239 (2003)","journal-title":"Exploring Artif. Intell. New Millennium"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"Zhang, Y., Hong, J.I., Cranor, L.F.: CANTINA: a content-based approach to detecting phishing web sites. In: Proceedings of the 16th International Conference on World Wide Web, pp. 639\u2013648. ACM (2007)","DOI":"10.1145\/1242572.1242659"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Zhao, P., Hoi, S.C.: Cost-sensitive online active learning with application to malicious URL detection. In: Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 919\u2013927. ACM (2013)","DOI":"10.1145\/2487575.2487647"},{"key":"5_CR38","first-page":"912","volume":"3","author":"X Zhu","year":"2003","unstructured":"Zhu, X., Ghahramani, Z., Lafferty, J., et al.: Semi-supervised learning using Gaussian fields and harmonic functions. ICML 3, 912\u2013919 (2003)","journal-title":"ICML"},{"key":"5_CR39","unstructured":"Zhu, X., Lafferty, J., Rosenfeld, R.: Semi-supervised learning with graphs. Carnegie Mellon University, Language Technologies Institute, School of Computer Science (2005)"},{"key":"5_CR40","doi-asserted-by":"crossref","unstructured":"Zou, F., Zhang, S., Rao, W., Yi, P.: Detecting malware based on DNS graph mining. Int. J. Distrib. Sens. Netw. (2015)","DOI":"10.1155\/2015\/102687"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-78813-5_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,14]],"date-time":"2019-10-14T17:52:24Z","timestamp":1571075544000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-78813-5_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319788128","9783319788135"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-78813-5_5","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"type":"print","value":"1867-8211"},{"type":"electronic","value":"1867-822X"}],"subject":[],"published":{"date-parts":[[2018]]}}}