{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:51:13Z","timestamp":1771699873103,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":32,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540858843","type":"print"},{"value":"9783540858867","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-85886-7_7","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T12:45:42Z","timestamp":1221655542000},"page":"97-113","source":"Crossref","is-referenced-by-count":42,"title":["BotTracer: Execution-Based Bot-Like Malware Detection"],"prefix":"10.1007","author":[{"given":"Lei","family":"Liu","sequence":"first","affiliation":[]},{"given":"Songqing","family":"Chen","sequence":"additional","affiliation":[]},{"given":"Guanhua","family":"Yan","sequence":"additional","affiliation":[]},{"given":"Zhao","family":"Zhang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"7_CR1","unstructured":"http:\/\/research.microsoft.com\/sn\/detours\/"},{"key":"7_CR2","unstructured":"http:\/\/www.technologynewsdaily.com\/node\/4859"},{"key":"7_CR3","unstructured":"Convert physical machines to virtual machines, \n                    \n                      http:\/\/www.vmware.com\/products\/converter\/"},{"key":"7_CR4","unstructured":"Enhance netstat - the code project, \n                    \n                      http:\/\/www.codeproject.com\/internet\/enetstatasp.asp"},{"key":"7_CR5","unstructured":"Malware immunization through deterrence and diversion, \n                    \n                      http:\/\/www.nsf.gov\/awardsearch\/showAward.do?AwardNumber=0650386"},{"key":"7_CR6","unstructured":"One of the most prolific pieces of windows malware has expired, \n                    \n                      http:\/\/news.softpedia.com\/news\/One-of-the-Most-Prolific-Piece-of-Window%s-Malware-Has-Expired-51466.shtml"},{"key":"7_CR7","unstructured":"Honeyd security advisory 2004-001: Remonte detection via simple probe packet (2004), \n                    \n                      http:\/\/www.honeyd.org\/adv.2004-01.asc"},{"key":"7_CR8","unstructured":"Taxonomy of botnet threats (November 2006) , \n                    \n                      http:\/\/us.trendmicro.com\/imperia\/md\/content\/us\/pdf\/threats\/securitylibr%ary\/botnettaxonomywhitepapernovember2006.pdf"},{"key":"7_CR9","unstructured":"Barford, P., Yagneswaran, V.: An inside look at botnets (2006)"},{"key":"7_CR10","doi-asserted-by":"crossref","unstructured":"Borders, K., Zhao, X., Prakash, A.: Siren: Catching evasive malware. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, CA (November 2006)","DOI":"10.1109\/SP.2006.37"},{"key":"7_CR11","unstructured":"Chen, Y.: High-performance network anomaly\/intrusion detection and mitigation system (hpnaidm). In: ARO-DARPA-DHS Special Workshop on Botnets, Arlington, VA (June 2006)"},{"key":"7_CR12","unstructured":"Chiang, K., Lloyd, L.: A case study of the rustock rootkit and spam bot. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR13","unstructured":"Cui, W., Katz, R.H., Tan, W.: Binder: An extrusion-based break-in detector for personal computers. In: Proceedings of USENIX (2005)"},{"key":"7_CR14","unstructured":"Dagon, D.: The network is the infection (2005), \n                    \n                      http:\/\/www.caida.org\/projects\/oarc\/200507\/slides\/oarc0507-Dagon.pdf"},{"key":"7_CR15","unstructured":"Dagon, D., Zhou, C., Lee, W.: Modeling botnet propagation using time zones. In: Proceedings of The 13th Annual Network and Distributed System Security Symposium, San Diego, CA (Febuary 2006)"},{"key":"7_CR16","unstructured":"Daswani, N., Stoppelman, M.: The Google Click\u00a0Quality, and Security Teams. The anatomy of clickbot.a. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR17","doi-asserted-by":"crossref","unstructured":"Freiling, F., Holz, T., Wicherski, G.: Botnet tracking: Exploring a root-cause methodology to prevent distributed denial-of-service attacks. In: Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS) (September 2005)","DOI":"10.1007\/11555827_19"},{"key":"7_CR18","unstructured":"Goebel, J., Holz, T.: Rishi: Identify bot contaminated hosts by irc nickname evaluation. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR19","unstructured":"Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-peer botnets: Overview and case study. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR20","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: Detecting malware infection through ids-driven dialog correlation. In: Proceedings of 16th USENIX Security Symposium, Santa Clara, CA (June 2007)"},{"key":"7_CR21","unstructured":"Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR22","unstructured":"Kawamoto, D.: Bots slim down to get tough. CNET News.com (November 2005)"},{"key":"7_CR23","doi-asserted-by":"crossref","unstructured":"Lam, V.T., Antonatos, S., Akritidis, P., Anagnostakis, K.G.: Puppetnets: Misusing web browsers as a distributed attack infrastructure. In: Proceedings of ACM CCS (2006)","DOI":"10.1145\/1180405.1180434"},{"key":"7_CR24","unstructured":"Moshchuk, A., Bragin, T., Deville, D., Gribble, S., Levy, H.: Spyproxy: Execution-based detection of malicious web content. In: Proceedings of the 16th USENIX Security Symposium, Boston, MA (August 2007)"},{"key":"7_CR25","unstructured":"The Honeynet Project. Know your enemy: Tracking botnets (March 2005), \n                    \n                      http:\/\/www.honeynet.org\/papers\/bots"},{"key":"7_CR26","unstructured":"Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser analysis of web-based malware. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR27","doi-asserted-by":"crossref","unstructured":"Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of Internet Measurement Conference (IMC), Rio de Janeiro, Brazil (October 2006)","DOI":"10.1145\/1177080.1177086"},{"key":"7_CR28","unstructured":"Schoof, R., Koning, R.: Detecting peer-to-peer botnets (Feburary 2007), \n                    \n                      http:\/\/staff.science.uva.nl\/~delaat\/sne-2006-2007\/p17\/report.pdf"},{"key":"7_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-73614-1_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E. Stinson","year":"2007","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing the remote control behavior of bots. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579. Springer, Heidelberg (2007)"},{"key":"7_CR30","unstructured":"Wang, P., Sparks, S., Zou, C.: An advanced hybrid peer-to-peer botnet. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets, Cambridge, MA (April 2007)"},{"key":"7_CR31","doi-asserted-by":"crossref","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and Communication Security, Alexandria, VA (October 2007)","DOI":"10.1145\/1315245.1315261"},{"key":"7_CR32","doi-asserted-by":"crossref","unstructured":"Zou, C., Cunningham, R.: Honeybot-aware advanced botnet construction and maintenance. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN) (June 2006)","DOI":"10.1109\/DSN.2006.38"}],"container-title":["Lecture Notes in Computer Science","Information Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-85886-7_7.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T11:53:55Z","timestamp":1619524435000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-85886-7_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540858843","9783540858867"],"references-count":32,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-85886-7_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}