{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,18]],"date-time":"2026-03-18T13:41:33Z","timestamp":1773841293499,"version":"3.50.1"},"publisher-location":"Cham","reference-count":35,"publisher":"Springer International Publishing","isbn-type":[{"value":"9783319986531","type":"print"},{"value":"9783319986548","type":"electronic"}],"license":[{"start":{"date-parts":[[2018,1,1]],"date-time":"2018-01-01T00:00:00Z","timestamp":1514764800000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018]]},"DOI":"10.1007\/978-3-319-99136-8_25","type":"book-chapter","created":{"date-parts":[[2018,8,14]],"date-time":"2018-08-14T08:39:41Z","timestamp":1534235981000},"page":"463-480","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Fast Flux Service Network Detection via Data Mining on Passive DNS Traffic"],"prefix":"10.1007","author":[{"given":"Pierangelo","family":"Lombardo","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Salvatore","family":"Saeli","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Federica","family":"Bisio","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Davide","family":"Bernardi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Danilo","family":"Massa","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2018,8,15]]},"reference":[{"key":"25_CR1","unstructured":"https:\/\/www.acs.org.au\/content\/dam\/acs\/acs-publications\/ACS_Cybersecurity_Guide.pdf"},{"key":"25_CR2","unstructured":"https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/sandiflux-another-fast-flux-infrastructure-used-malware-distribution-emerges"},{"key":"25_CR3","unstructured":"https:\/\/www.hybrid-analysis.com\/"},{"key":"25_CR4","unstructured":"https:\/\/packettotal.com\/"},{"key":"25_CR5","unstructured":"https:\/\/www.reverse.it\/"},{"key":"25_CR6","unstructured":"https:\/\/virustotal.com\/"},{"key":"25_CR7","unstructured":"http:\/\/www.aramisec.com"},{"key":"25_CR8","unstructured":"https:\/\/www.malware-traffic-analysis.net\/"},{"key":"25_CR9","unstructured":"https:\/\/tools.ietf.org\/html\/rfc1035"},{"key":"25_CR10","unstructured":"http:\/\/www.forbes.com"},{"key":"25_CR11","unstructured":"http:\/\/www.alexa.com"},{"key":"25_CR12","unstructured":"https:\/\/dev.maxmind.com\/geoip\/"},{"key":"25_CR13","unstructured":"http:\/\/blog.talosintelligence.com\/2017\/07\/threat-roundup-0630-0707.html"},{"key":"25_CR14","unstructured":"https:\/\/www.torproject.org\/docs\/tor-manual.html.en"},{"key":"25_CR15","unstructured":"https:\/\/www.cert.pl\/en\/news\/single\/nymaim-revisited\/"},{"issue":"7","key":"25_CR16","doi-asserted-by":"publisher","first-page":"1541","DOI":"10.1007\/s00521-015-2128-0","volume":"28","author":"K Alieyan","year":"2017","unstructured":"Alieyan, K., Almomani, A., Manasrah, A., Kadhum, M.M.: A survey of botnet detection based on DNS. Neural Comput. Appl. 28(7), 1541\u20131558 (2017)","journal-title":"Neural Comput. Appl."},{"issue":"7","key":"25_CR17","doi-asserted-by":"publisher","first-page":"483","DOI":"10.1007\/s00521-016-2531-1","volume":"29","author":"A Almomani","year":"2018","unstructured":"Almomani, A.: Fast-flux hunter: a system for filtering online fast-flux botnet. Neural Comput. Appl. 29(7), 483\u2013493 (2018)","journal-title":"Neural Comput. Appl."},{"key":"25_CR18","doi-asserted-by":"publisher","first-page":"28","DOI":"10.1016\/j.comnet.2016.02.009","volume":"100","author":"A Berger","year":"2016","unstructured":"Berger, A., D\u2019Alconzo, A., Gansterer, W.N., Pescap\u00e9, A.: Mining agile DNS traffic using graph analysis for cybercrime detection. Comput. Netw. 100, 28\u201344 (2016)","journal-title":"Comput. Netw."},{"key":"25_CR19","doi-asserted-by":"crossref","unstructured":"Bisio, F., Saeli, S., Lombardo, P., Bernardi, D., Perotti, A., Massa, D.: Real-time behavioral DGA detection through machine learning. In: 2017 International Carnahan Conference on Security Technology (ICCST), pp. 1\u20136. IEEE (2017)","DOI":"10.1109\/CCST.2017.8167790"},{"issue":"10","key":"25_CR20","first-page":"37","volume":"8","author":"PS Chahal","year":"2016","unstructured":"Chahal, P.S., Khurana, S.S.: TempR: application of stricture dependent intelligent classifier for fast flux domain detection. Int. J. Comput. Netw. Inf. Secur. 8(10), 37 (2016)","journal-title":"Int. J. Comput. Netw. Inf. Secur."},{"key":"25_CR21","unstructured":"Crowder, W., Dunker, N.: Dark cloud network facilitates crimeware. https:\/\/www.riskanalytics.com\/wp-content\/uploads\/2017\/10\/Dark_Cloud_Network_Facilitates_Crimeware.pdf"},{"key":"25_CR22","unstructured":"Holz, T., Gorecki, C., Rieck, K., Freiling, F.C.: Measuring and detecting fast-flux service networks. In: NDSS (2008)"},{"key":"25_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"464","DOI":"10.1007\/978-3-642-15512-3_24","volume-title":"Recent Advances in Intrusion Detection","author":"C-H Hsu","year":"2010","unstructured":"Hsu, C.-H., Huang, C.-Y., Chen, K.-T.: Fast-flux bot detection in real time. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 464\u2013483. Springer, Heidelberg (2010). https:\/\/doi.org\/10.1007\/978-3-642-15512-3_24"},{"issue":"4","key":"25_CR24","doi-asserted-by":"crossref","first-page":"371","DOI":"10.17706\/jcp.12.4.371-379","volume":"12","author":"CB Jiang","year":"2017","unstructured":"Jiang, C.B., Li, J.S.: Exploring global IP-usage patterns in fast-flux service networks. JCP 12(4), 371\u2013379 (2017)","journal-title":"JCP"},{"key":"25_CR25","unstructured":"Katz, O., Perets, R., Matzliach, G.: Digging deeper - an in-depth analysis of a fast flux network (2017). https:\/\/www.akamai.com\/us\/en\/multimedia\/documents\/white-paper\/digging-deeper-in-depth-analysis-of-fast-flux-network.pdf"},{"issue":"2","key":"25_CR26","doi-asserted-by":"publisher","first-page":"501","DOI":"10.1016\/j.comnet.2012.07.017","volume":"57","author":"HT Lin","year":"2013","unstructured":"Lin, H.T., Lin, Y.Y., Chiang, J.W.: Genetic-based real-time fast-flux service networks detection. Comput. Netw. 57(2), 501\u2013513 (2013)","journal-title":"Comput. Netw."},{"key":"25_CR27","doi-asserted-by":"crossref","unstructured":"Martinez-Bea, S., Castillo-Perez, S., Garcia-Alfaro, J.: Real-time malicious fast-flux detection using DNS and bot related features. In: 2013 Eleventh Annual International Conference on Privacy, Security and Trust (PST), pp. 369\u2013372. IEEE (2013)","DOI":"10.1109\/PST.2013.6596093"},{"key":"25_CR28","doi-asserted-by":"crossref","unstructured":"Nazario, J., Holz, T.: As the net churns: fast-flux botnet observations. In: 2008 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 24\u201331. IEEE (2008)","DOI":"10.1109\/MALWARE.2008.4690854"},{"key":"25_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"186","DOI":"10.1007\/978-3-540-70542-0_10","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E Passerini","year":"2008","unstructured":"Passerini, E., Paleari, R., Martignoni, L., Bruschi, D.: FluXOR: detecting and monitoring fast-flux service networks. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 186\u2013206. Springer, Heidelberg (2008). https:\/\/doi.org\/10.1007\/978-3-540-70542-0_10"},{"issue":"5","key":"25_CR30","first-page":"714","volume":"9","author":"R Perdisci","year":"2012","unstructured":"Perdisci, R., Corona, I., Giacinto, G.: Early detection of malicious flux networks via large-scale passive DNS traffic analysis. IEEE Trans. Dependable Secure Comput. 9(5), 714\u2013726 (2012)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"25_CR31","doi-asserted-by":"crossref","unstructured":"Ruohonen, J., Lepp\u00e4nen, V.: Investigating the agility bias in DNS graph mining. In: 2017 IEEE International Conference on Computer and Information Technology (CIT), pp. 253\u2013260. IEEE (2017)","DOI":"10.1109\/CIT.2017.55"},{"key":"25_CR32","unstructured":"Salusky, W., Danford, R.: Know your enemy: fast-flux service networks. Honeynet Proj. 1\u201324 (2007)"},{"issue":"6","key":"25_CR33","first-page":"2389","volume":"22","author":"E Soltanaghaei","year":"2015","unstructured":"Soltanaghaei, E., Kharrazi, M.: Detection of fast-flux botnets through DNS traffic analysis. Scientia Iranica. Trans. D Comput. Sci. Eng. Electr. 22(6), 2389 (2015)","journal-title":"Scientia Iranica. Trans. D Comput. Sci. Eng. Electr."},{"issue":"2","key":"25_CR34","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/s10207-016-0331-3","volume":"16","author":"M Stevanovic","year":"2017","unstructured":"Stevanovic, M., Pedersen, J.M., D\u2019Alconzo, A., Ruehrup, S.: A method for identifying compromised clients based on DNS traffic analysis. Int. J. Inf. Secur. 16(2), 115\u2013132 (2017)","journal-title":"Int. J. Inf. Secur."},{"issue":"4\u20136","key":"25_CR35","doi-asserted-by":"publisher","first-page":"79","DOI":"10.1080\/19393555.2015.1058994","volume":"24","author":"S Zhou","year":"2015","unstructured":"Zhou, S.: A survey on fast-flux attacks. Inf. Secur. J. Glob. Perspect. 24(4\u20136), 79\u201397 (2015)","journal-title":"Inf. Secur. J. Glob. Perspect."}],"container-title":["Lecture Notes in Computer Science","Developments in Language Theory"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-319-99136-8_25","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,10,22]],"date-time":"2019-10-22T04:40:34Z","timestamp":1571719234000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-319-99136-8_25"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018]]},"ISBN":["9783319986531","9783319986548"],"references-count":35,"URL":"https:\/\/doi.org\/10.1007\/978-3-319-99136-8_25","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018]]}}}