{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:51:08Z","timestamp":1771699868951,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":53,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540736134","type":"print"},{"value":"9783540736141","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-73614-1_6","type":"book-chapter","created":{"date-parts":[[2007,9,13]],"date-time":"2007-09-13T03:09:45Z","timestamp":1189652985000},"page":"89-108","source":"Crossref","is-referenced-by-count":74,"title":["Characterizing Bots\u2019 Remote Control Behavior"],"prefix":"10.1007","author":[{"given":"Elizabeth","family":"Stinson","sequence":"first","affiliation":[]},{"given":"John C.","family":"Mitchell","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"6_CR1","unstructured":"Turoff, A.: Defensive CGI Programming with Taint Mode and CGI:: UNTAINT"},{"key":"6_CR2","unstructured":"Schneier, B.: How Bot Those Nets? In Wired Magazine (July 27, 2006)"},{"key":"6_CR3","unstructured":"Dagon, D.: Botnet Detection and Response: The Network Is the Infection. In: Operations, Analysis, and Research Center Workshop (July 2005)"},{"key":"6_CR4","unstructured":"Ilett, D.: Most spam generated by botnets, says expert. ZDNet UK (September 22, 2004)"},{"key":"6_CR5","doi-asserted-by":"crossref","unstructured":"Wagner, D., Dean, D.: Intrusion Detection via Static Analysis. In: IEEE Symposium on Security and Privacy (May 2001)","DOI":"10.1109\/SECPRI.2001.924296"},{"key":"6_CR6","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. In Steps to Reducing Unwanted Traffic on the Internet (July 2005)"},{"key":"6_CR7","unstructured":"Kirda, E., Kruegel, C., Banks, G., Vigna, G., Kemmerer, R.: Behavior-based Spyware Detection. In: Proc. 15th USENIX Security Symposium (August 2006)"},{"key":"6_CR8","volume-title":"Rootkits: Subverting the Windows Kernel","author":"G. Hoglund","year":"2006","unstructured":"Hoglund, G., Butler, J.: Rootkits: Subverting the Windows Kernel. Addison-Wesley, Upper Saddle River, NJ (2006)"},{"key":"6_CR9","unstructured":"Hunt, G., Brubacher, B.: Detours: Binary Interception of Win32 Functions. In: 3rd USENIX Windows NT Symposium (July 1999)"},{"key":"6_CR10","unstructured":"Butler, J.: Bypassing 3rd Party Windows Buffer Overflow Protection. In: phrack Volume 0x0b, Issue 0x3e, Phile #0x0, 7\/13\/2004"},{"key":"6_CR11","doi-asserted-by":"crossref","unstructured":"Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding Data Lifetime via Whole System Simulation. In: Proc. of the USENIX 13th Security Symposium (August 2004)","DOI":"10.1145\/1133572.1133599"},{"key":"6_CR12","unstructured":"Newsome, J., Song, D.: Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software. In: Network and Distributed Systems Symposium (February 2005)"},{"key":"6_CR13","doi-asserted-by":"crossref","unstructured":"Rabek, J., Khazan, R., Lewandowski, S., Cunningham, R.: Detection of Injected, Dynamically Generated, and Obfuscated Malicious Code. In: Proc. of the ACM Workshop on Rapid Malcode (October 2003)","DOI":"10.1145\/948187.948201"},{"key":"6_CR14","doi-asserted-by":"crossref","unstructured":"Ashcraft, K., Engler, D.: Using programmer-written compiler extensions to catch security holes. In: IEEE Symposium on Security and Privacy (May 2002)","DOI":"10.1109\/SECPRI.2002.1004368"},{"key":"6_CR15","unstructured":"Locking Ruby in the Safe http:\/\/www.rubycentral.com\/book\/taint.html"},{"key":"6_CR16","unstructured":"LURHQ. Phatbot Trojan Analysis. http:\/\/www.lurhq.com\/phatbot.html"},{"key":"6_CR17","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-Aware Malware Detection. In: IEEE Symposium on Security and Privacy (May 2005)","DOI":"10.1109\/SP.2005.20"},{"key":"6_CR18","unstructured":"Overton, M.: Bots and Botnets: Risks, Issues, and Prevention. In: Virus Bulletin Conference, Dublin, Ireland (October 2005)"},{"key":"6_CR19","doi-asserted-by":"crossref","unstructured":"Ianelli, N., Hackworth, A.: Botnets as a Vehicle for Online Crime. CERT Coordination Center (December 2005)","DOI":"10.5769\/C2006003"},{"key":"6_CR20","unstructured":"perlsec http:\/\/perldoc.perl.org\/perlsec.html"},{"key":"6_CR21","doi-asserted-by":"crossref","unstructured":"Forrest, S., Hofmeyr, S., Somayaji, A., Longstaff, T.: A Sense of Self for Unix Processes. In: IEEE Symposium on Security and Privacy (May 1996)","DOI":"10.1109\/SECPRI.1996.502675"},{"key":"6_CR22","unstructured":"Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-Sale: Surviving Organized DDoS Attacks That Mimic Flash Crowds. In: Network and Distributed System Security Symposium (May 2005)"},{"key":"6_CR23","unstructured":"Strider GhostBuster Rootkit Detection http:\/\/research.microsoft.com\/rootkit\/"},{"key":"6_CR24","unstructured":"Garfinkel, T., Rosenblum, M.: A Virtual Machine Introspection Based Architecture for Intrusion Detection. In: Network & Distributed Systems Security (February 2003)"},{"key":"6_CR25","unstructured":"Honeynet Project & Research Alliance. Know your Enemy: Tracking Botnets"},{"key":"6_CR26","unstructured":"The majority of bot code was obtained from: http:\/\/tinyurl.com\/3y4cfd"},{"key":"6_CR27","unstructured":"Shankar, U., Talwar, K., Foster, J., Wagner, D.: Detecting format string vulnerabilities with type qualifiers. In: Proc. 10th USENIX Security Symp. (August 2001)"},{"key":"6_CR28","unstructured":"Kiriansky, V., Bruening, D., Amarasinghe, S.: Secure execution via program shepherding. In: Proc. 11th USENIX Security Symposium (August 2002)"},{"key":"6_CR29","unstructured":"Parizo, E.: s New bots, worm threaten AIM network. SearchSecurity (December 2005)"},{"key":"6_CR30","unstructured":"Naraine, R.: Money Bots: Hackers Cas. In: on Hijacked PCs. eWeek (September 2006)"},{"key":"6_CR31","unstructured":"Cui, W., Katz, R., Tan, W.: BINDER: An Extrusion-based Break-in Detector for Personal Computers. In: Proc. of the 21st Annual Computer Security Applications Conference (December 2005)"},{"key":"6_CR32","unstructured":"Martin, K.: Stop the bots. In: The Register (April 2006)"},{"key":"6_CR33","unstructured":"Keizer, G.: Bot Networks Behind Big Boos. In: Phishing Attacks. TechWeb (November 2004)"},{"key":"6_CR34","doi-asserted-by":"crossref","unstructured":"Christodorescu, M., Jha, S.: Testing Malware Detectors. In: Proc. of the International Symposium on Software Testing and Analysis (July 2004)","DOI":"10.1145\/1007512.1007518"},{"key":"6_CR35","unstructured":"MSDN Library. Using Messages and Message Queues http:\/\/tinyurl.com\/27hc37"},{"key":"6_CR36","unstructured":"Symantec Internet Security Threat Report, Trends for July 2005, December 2005. vol. IX, Published (March 2006)"},{"key":"6_CR37","unstructured":"Sturgeon, W.: Net pioneer predicts overwhelming botnet surge. ZDNet News (January 29, 2007)"},{"key":"6_CR38","unstructured":"Symantec Internet Security Threat Report, Trends for January 2006-June 2006, vol. X. Published (September 2006)"},{"key":"6_CR39","volume-title":"Advances in Information Security","author":"P. Barford","year":"2006","unstructured":"Barford, P., Yegneswaran, V.: An Inside Look at Botnets. In: Advances in Information Security. Special Workshop on Malware Detection, Springer, Heidelberg (2006)"},{"key":"6_CR40","doi-asserted-by":"crossref","unstructured":"Freiling, F., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent Distributed Denial-of-Service Attacks. In: European Symposium On Research In Computer Security (September 2006)","DOI":"10.1007\/11555827_19"},{"key":"6_CR41","doi-asserted-by":"crossref","unstructured":"Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A Multifaceted Approach to Understanding the Botnet Phenomenon. In: Proc. of ACM SIGCOMM\/USENIX Internet Measurement Conference (October 2006)","DOI":"10.1145\/1177080.1177086"},{"key":"6_CR42","unstructured":"Jevans, D.: The Latest Trends in Phishing, Crimeware and Cash-Out Schemes. Private correspondence"},{"key":"6_CR43","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation (manuscript)"},{"key":"6_CR44","unstructured":"Goebel, J., Holz, T.: Rishi: Identify Bot-Contaminated Hosts by IRC Nickname Evaluation. In: 1st Workshop on Hot Topics in Understanding Botnets (April 2007)"},{"key":"6_CR45","unstructured":"Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-Scale Botnet Detection and Characterization. In: 1st Workshop on Hot Topics in Understanding Botnets (April 2007)"},{"key":"6_CR46","unstructured":"Kristoff, J.: Botnets. NANOG32 (October 2004)"},{"key":"6_CR47","unstructured":"Ramachandran, A., Feamster, N., Dagon, D.: Revealing botnet membership using DNSBL counter-intelligence. In: 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (July 2006)"},{"key":"6_CR48","unstructured":"Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-Peer Botnets: Overview and Case Study. In: 1st Workshop on Hot Topics in Understanding Botnets (April 2007)"},{"key":"6_CR49","unstructured":"Wang, Y., Beck, D., Vo, B., Roussev, R., Verbowski, C.: Detecting Stealth Software with Strider GhostBuster. Microsoft Technical Report MSR-TR-2005-25"},{"key":"6_CR50","doi-asserted-by":"crossref","unstructured":"Lam, V., Antonatos, S., Akritidis, P., Anagnostakis, K.: Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure. In: 13th ACM Conference on Computer and Communications Security (October 2006)","DOI":"10.1145\/1180405.1180434"},{"key":"6_CR51","unstructured":"Schneier, B.: Semantic Attacks: The Third Wave of Network Attacks. In: the Cryptogram newsletter (October 15, 2000)"},{"key":"6_CR52","unstructured":"Stinson, E., Mitchell, J.: Characterizing the Remote Control Behavior of Bots. Manuscript. http:\/\/www.stanford.edu\/~stinson\/pub\/botswat_long.pdf"},{"key":"6_CR53","unstructured":"mIRC Help, Viruses, Trojans, and Worms. http:\/\/www.mirc.co.uk\/help\/virus.html"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-73614-1_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,3]],"date-time":"2019-05-03T01:31:06Z","timestamp":1556847066000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-73614-1_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540736134","9783540736141"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-73614-1_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2007]]}}}