{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,16]],"date-time":"2025-12-16T12:11:02Z","timestamp":1765887062575,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":38,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540689133"},{"type":"electronic","value":"9783540689140"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-68914-0_2","type":"book-chapter","created":{"date-parts":[[2008,5,26]],"date-time":"2008-05-26T08:58:06Z","timestamp":1211792286000},"page":"21-38","source":"Crossref","is-referenced-by-count":16,"title":["Peeking Through the Cloud: DNS-Based Estimation and Its Applications"],"prefix":"10.1007","author":[{"given":"Moheeb Abu","family":"Rajab","sequence":"first","affiliation":[]},{"given":"Fabian","family":"Monrose","sequence":"additional","affiliation":[]},{"given":"Andreas","family":"Terzis","sequence":"additional","affiliation":[]},{"given":"Niels","family":"Provos","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"20 Quick Ways to Increase Your Alexa Rank (2007), http:\/\/www.doshdosh.com\/20-quick-ways-to-increase-your-alexa-rank"},{"key":"2_CR2","first-page":"1091","volume-title":"WWW 1999: Proceeding of the eighth international conference on World Wide Web","author":"V. Anupam","year":"1999","unstructured":"Anupam, V., Mayer, A., Nissim, K., Pinkas, B., Reiter, M.K.: On the security of pay-per-click and other web advertising schemes. In: WWW 1999: Proceeding of the eighth international conference on World Wide Web, pp. 1091\u20131100. Elsevier North-Holland, Inc., Amsterdam (1999)"},{"key":"2_CR3","unstructured":"Bailey, M., Cooke, E., Jahanian, F., Nazario, J., Watson, D.: Internet motion sensor: A distributed blackhole monitoring system. In: Proceedings of the ISOC Network and Distributed System Security Symposium (NDSS) (2005)"},{"key":"2_CR4","doi-asserted-by":"crossref","unstructured":"Bellovin, S.M.: A Technique for Counting NATted Hosts. In: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment (IMW), pp. 267\u2013272 (2002)","DOI":"10.1145\/637241.637243"},{"key":"2_CR5","unstructured":"Bethencourt, J., Franklin, J., Vernon, M.: Mapping Internet Sensors with Probe Response Attacks. In: Proceedings of the 14 th USENIX Security Symposium, August 2005, pp. 193\u2013212 (2005)"},{"key":"2_CR6","doi-asserted-by":"publisher","first-page":"641","DOI":"10.1145\/568760.568871","volume-title":"SEKE 2002: Proceedings of the 14th international conference on Software engineering and knowledge engineering","author":"C. Blundo","year":"2002","unstructured":"Blundo, C., Cimato, S.: Sawm: a tool for secure and authenticated web metering. In: SEKE 2002: Proceedings of the 14th international conference on Software engineering and knowledge engineering, pp. 641\u2013648. ACM Press, New York (2002)"},{"key":"2_CR7","unstructured":"Casado, M., Freedman, M.: Peering through the shroud: The effect of edge opacity on IP-based client authentication. In: Proceedings of 4th USENIX Symposium on Networked Systems Design and Implementation (NDSI) (April 2007)"},{"key":"2_CR8","unstructured":"Casado, M., Garfinkel, T., Cui, W., Paxson, V., Savage, S.: Opportunistic Measurement: Extracting Insight from Spurious Traffic. In: Proceedings of the 4th ACM Workshop on Hot Topics in Networks (HotNets-IV), College Park, MD (November 2005)"},{"key":"2_CR9","doi-asserted-by":"crossref","unstructured":"Chen, Z., Ji, C.: A Self-Learning Worm Using Importance Scanning. In: Proceedings of ACM Workshop On Rapid Malcode (WORM) (November 2005)","DOI":"10.1145\/1103626.1103632"},{"key":"2_CR10","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The Zombie Roundup: Understanding, Detecting, and Disturbing Botnets. In: Proceedings of the first Workshop on Steps to Reducing Unwanted Traffic on the Internet (July 2005)"},{"key":"2_CR11","unstructured":"Dagon, D., Zou, C., Lee, W.: Modeling Botnet Propagation Using Time Zones. In: Proceedings of the 13th Network and Distributed System Security Symposium NDSS (February 2006)"},{"key":"2_CR12","unstructured":"Daswani, N., Stoppelman, M.: The Google Click\u00a0Quality, and Security Teams. The Anatomy of Clickbot.A. In: Proceedings of the first USENIX workshop on hot topics in Botnets (HotBots 2007) (April 2007)"},{"key":"2_CR13","unstructured":"IP2Location Database, http:\/\/www.ip2location.com\/"},{"key":"2_CR14","unstructured":"DNS Cache Snooping or Snooping the Cache for Fun and Profit, http:\/\/www.sysvalue.com\/papers\/DNS-Cache-Snooping\/files\/DNS_Cache_Snooping_1.1.pdf"},{"key":"2_CR15","first-page":"375","volume-title":"CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security","author":"J. Franklin","year":"2007","unstructured":"Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 375\u2013388. ACM Press, New York (2007)"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Franklin, M.K., Malkhi, D.: Auditable metering with lightweight security. In: Financial Cryptography, pp. 151\u2013160 (1997)","DOI":"10.1007\/3-540-63594-7_75"},{"key":"2_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"319","DOI":"10.1007\/11555827_19","volume-title":"Computer Security \u2013 ESORICS 2005","author":"F. Freiling","year":"2005","unstructured":"Freiling, F., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a root-cause methodology to prevent denial-of-service attaks. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol.\u00a03679, pp. 319\u2013335. Springer, Heidelberg (2005)"},{"key":"2_CR18","unstructured":"Exploiting the Google\u00a0toolbar. GreyMagic Security\u00a0Advisory, http:\/\/www.greymagic.com\/security\/advisories\/gm001-mc\/"},{"key":"2_CR19","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In: Proceedings of the 16th USENIX Security Symposium, pp. 167\u2013182 (August 2007)"},{"key":"2_CR20","unstructured":"ComScore Inc., http:\/\/www.comscore.com"},{"key":"2_CR21","unstructured":"Jung, J., Burger, A., Balakrishnan, H.: Modeling TTL-based Internet Caches. In: Proceedings of IEEE INFOCOMM (2003)"},{"key":"2_CR22","unstructured":"How Many Site Hits? Depends on Who\u2019s Counting. New York Times\u00a0article. Louis\u00a0Story (2007), http:\/\/www.nytimes.com\/2007\/10\/22\/technology\/22click.html?_r=3&pagewanted=1&ref=technology&oref=slogin"},{"key":"2_CR23","first-page":"52","volume-title":"ICDCS 2007: Proceedings of the 27th International Conference on Distributed Computing Systems","author":"A. Metwally","year":"2007","unstructured":"Metwally, A., Agrawal, D., Abbad, A.E., Zheng, Q.: On hit inflation techniques and detection in streams of web advertising networks. In: ICDCS 2007: Proceedings of the 27th International Conference on Distributed Computing Systems, Washington, DC, USA, p. 52. IEEE Computer Society, Los Alamitos (2007)"},{"key":"2_CR24","unstructured":"Moore, D.: Network Telescopes: Observing Small or Distant Security Events. In: 11th USENIX Security Symposium, Invited Talk (August 2002)"},{"key":"2_CR25","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"576","DOI":"10.1007\/BFb0054155","volume-title":"Advances in Cryptology - EUROCRYPT \u201998","author":"M. Naor","year":"1998","unstructured":"Naor, M., Pinkas, B.: Secure and efficient metering. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol.\u00a01403, pp. 576\u2013591. Springer, Heidelberg (1998)"},{"key":"2_CR26","unstructured":"Nielsen\/NetRatings, http:\/\/www.nielsen-netrating.com"},{"key":"2_CR27","doi-asserted-by":"crossref","unstructured":"Ntoulas, A., Cho, J., Olston, C.: What\u2019s New on the Web? The Evolution of the Web from a Search Engine Perspective. In: Proceedings of the 13th International World Wide Web (WWW) Conference, pp. 1\u201312 (2004)","DOI":"10.1145\/988672.988674"},{"key":"2_CR28","unstructured":"Honeynet Project and Research Alliance. Know your enemy: Tracking Botnets (March 2005), http:\/\/www.honeynet.org\/papers\/bots\/"},{"key":"2_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"206","DOI":"10.1007\/11856214_11","volume-title":"Recent Advances in Intrusion Detection","author":"M.A. Rajab","year":"2006","unstructured":"Rajab, M.A., Monrose, F., Terzis, A.: Fast and Evasive Attacks: Highlighting the challenges ahead. In: Zamboni, D., Kr\u00fcgel, C. (eds.) RAID 2006. LNCS, vol.\u00a04219, pp. 206\u2013225. Springer, Heidelberg (2006)"},{"key":"2_CR30","unstructured":"Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: My Botnet is Bigger than Yours (Maybe, better than yours): Why Size estimates remain challenging. In: Proceedings of the first USENIX workshop on hot topics in Botnets (HotBots 2007) (April 2007)"},{"key":"2_CR31","doi-asserted-by":"crossref","unstructured":"Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A Multifaceted Approach to Understanding the Botnet Phenomenon. In: Proceedings of ACM SIGCOMM\/USENIX Internet Measurement Conference (IMC), pp. 41\u201352 (October 2006)","DOI":"10.1145\/1177080.1177086"},{"key":"2_CR32","unstructured":"FBI Botnet Cyber\u00a0Crime Report (June 2007), http:\/\/www.fbi.gov\/pressrel\/pressrel07\/botnet061307.htm"},{"key":"2_CR33","volume-title":"Introduction to Probability Models","author":"S.M. Ross","year":"1993","unstructured":"Ross, S.M.: Introduction to Probability Models. Academic Press, London (1993)"},{"key":"2_CR34","unstructured":"Naraine, R.: Unpatched Google Toolbar Flaw Presents ID Theft\u00a0Risk, http:\/\/www.eweek.com\/c\/a\/Security\/Unpatched-Google-Toolbar-Flaw-Presents-ID-Theft-Risk\/"},{"key":"2_CR35","doi-asserted-by":"crossref","unstructured":"Shaikh, A., Tewari, R., Agrawal, M.: On the Effectiveness of DNS-based Server Selection. In: Proceedings of IEEE INFOCOM 2001, vol.\u00a03, pp. 1801\u20131810 (2001)","DOI":"10.1109\/INFCOM.2001.916678"},{"key":"2_CR36","unstructured":"Shinoda, Y., Ikai, K., Itoh, M.: Vulnerabilities of Passive Internet Threat Monitors. In: Proceedings of the 14th USENIX Security Symposium, August 2005, pp. 209\u2013224 (2005)"},{"key":"2_CR37","unstructured":"FBI Computer\u00a0Crime Survey (2006), http:\/\/www.fbi.gov\/page2\/jan06\/computer_crime_survey011806.htm"},{"key":"2_CR38","unstructured":"Alexa: the web\u00a0information company, http:\/\/www.alexa.com"}],"container-title":["Lecture Notes in Computer Science","Applied Cryptography and Network Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-68914-0_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,1,30]],"date-time":"2025-01-30T12:20:31Z","timestamp":1738239631000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-68914-0_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540689133","9783540689140"],"references-count":38,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-68914-0_2","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2008]]}}}