{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,3]],"date-time":"2026-03-03T13:02:51Z","timestamp":1772542971619,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":34,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783540874027","type":"print"},{"value":"9783540874034","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-87403-4_4","type":"book-chapter","created":{"date-parts":[[2008,9,17]],"date-time":"2008-09-17T11:42:05Z","timestamp":1221651725000},"page":"59-77","source":"Crossref","is-referenced-by-count":35,"title":["A First Step towards Live Botmaster Traceback"],"prefix":"10.1007","author":[{"given":"Daniel","family":"Ramsbrock","sequence":"first","affiliation":[]},{"given":"Xinyuan","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Xuxian","family":"Jiang","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"4_CR1","unstructured":"B\u00e4cher, P., Holz, T., K\u00f6tter, M., Wicherski, G.: Know Your Enemy: Tracking Botnets, March 13 (2005), http:\/\/www.honeynet.org\/papers\/bots\/"},{"key":"4_CR2","volume-title":"Proc. Special Workshop on Malware Detection, Advances in Info. Security","author":"P. Barford","year":"2006","unstructured":"Barford, P., Yegneswaran, V.: An Inside Look at Botnets. In: Proc. Special Workshop on Malware Detection, Advances in Info. Security, Springer, Heidelberg (2006)"},{"key":"4_CR3","unstructured":"Binkley, J., Singh, S.: An Algorithm for Anomaly-based Botnet Detection. In: Proc. 2nd Workshop on Steps to Reducing Unwanted Traffic on the Internet (SRUTI), San Jose, CA, July 7, 2006, pp. 43\u201348 (2006)"},{"key":"4_CR4","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"258","DOI":"10.1007\/978-3-540-30143-1_14","volume-title":"Recent Advances in Intrusion Detection","author":"A. Blum","year":"2004","unstructured":"Blum, A., Song, D., Venkataraman, S.: Detection of Interactive Stepping Stones: Algorithms and Confidence Bounds. In: Jonsson, E., Valdes, A., Almgren, M. (eds.) RAID 2004. LNCS, vol.\u00a03224, pp. 258\u2013277. Springer, Heidelberg (2004)"},{"key":"4_CR5","doi-asserted-by":"crossref","unstructured":"Chi, Z., Zhao, Z.: Detecting and Blocking Malicious Traffic Caused by IRC Protocol Based Botnets. In: Proc. Network and Parallel Computing (NPC 2007). Dalian, China, pp. 485\u2013489 (September 2007)","DOI":"10.1109\/NPC.2007.77"},{"key":"4_CR6","unstructured":"Cooke, E., Jahanian, F., McPherson, D.: The Zombie Roundup: Understanding, Detecting, and Disturbing Botnets. In: Proc. Steps to Reducing Unwanted Traffic on the Internet (SRUTI), Cambridge, MA, July 7, 2005, pp. 39\u201344 (2005)"},{"key":"4_CR7","unstructured":"Dagon, D., Gu, G., Zou, C., Grizzard, J., Dwivedi, S., Lee, W., Lipton, R.: A Taxonomy of Botnets (unpublished paper, 2005)"},{"key":"4_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"17","DOI":"10.1007\/3-540-36084-0_2","volume-title":"Recent Advances in Intrusion Detection","author":"D.L. Donoho","year":"2002","unstructured":"Donoho, D.L., Flesia, A.G., Shankar, U., Paxson, V., Coit, J., Staniford, S.: Multiscale Stepping Stone Detection: Detecting Pairs of Jittered Interactive Streams by Exploiting Maximum Tolerable Delay. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol.\u00a02516, pp. 17\u201335. Springer, Heidelberg (2002)"},{"key":"4_CR9","unstructured":"Evers, J.: \u2018Bot herders\u2019 may have controlled 1.5 million PCs. http:\/\/news.com.com\/2102-7350_3-5906896.html?tag=st.util.print"},{"key":"4_CR10","doi-asserted-by":"crossref","unstructured":"Freiling, F., Holz, T., Wicherski, G.: Botnet Tracking: Exploring a Root-Cause Methodology to Prevent DoS Attacks. In: Proc. 10th European Symposium on Research in Computer Security (ESORICS), Milan, Italy (September 2005)","DOI":"10.1007\/11555827_19"},{"key":"4_CR11","unstructured":"Goebel, J., Holz, T.: Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation. In: Proc. First Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 10 (2007)"},{"key":"4_CR12","doi-asserted-by":"publisher","first-page":"117","DOI":"10.1145\/586110.586128","volume-title":"Proc. 9th ACM Conference on Computer and Communications Security (CCS 2002)","author":"M.T. Goodrich","year":"2002","unstructured":"Goodrich, M.T.: Efficient Packet Marking for Large-scale IP Traceback. In: Proc. 9th ACM Conference on Computer and Communications Security (CCS 2002), October 2002, pp. 117\u2013126. ACM, New York (2002)"},{"key":"4_CR13","unstructured":"Grizzard, J., Sharma, V., Nunnery, C., Kang, B., Dagon, D.: Peer-to-Peer Botnets: Overview and Case Study. In: Proc. First Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA (April 2007)"},{"key":"4_CR14","unstructured":"Gu, G., Zhang, J., Lee, W.: BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In: Proc. 15th Network and Distributed System Security Symposium (NDSS), San Diego, CA (February 2008)"},{"key":"4_CR15","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In: Proc. 16th USENIX Security Symposium, Boston, MA (August 2007)"},{"issue":"3","key":"4_CR16","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1109\/MSP.2005.58","volume":"3","author":"T. Holz","year":"2005","unstructured":"Holz, T.: A Short Visit to the Bot Zoo. Sec. and Privacy\u00a03(3), 76\u201379 (2005)","journal-title":"Sec. and Privacy"},{"key":"4_CR17","doi-asserted-by":"crossref","unstructured":"Ianelli, N., Hackworth, A.: Botnets as a Vehicle for Online Crime. In: Proc. 18th Annual Forum of Incident Response and Security Teams (FIRST), Baltimore, MD, June 25-30 (2006)","DOI":"10.5769\/C2006003"},{"key":"4_CR18","unstructured":"Karasaridis, A., Rexroad, B., Hoein, D.: Wide-Scale Botnet Detection and Characterization. In: Proc. First Workshop on Hot Topics in Understanding Botnets (HotBots), Cambridge, MA, April 10 (2007)"},{"key":"4_CR19","volume-title":"Proc. 2004 IEEE Symposium on Security and Privacy","author":"J. Li","year":"2004","unstructured":"Li, J., Sung, M., Xu, J., Li, L.: Large Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation. In: Proc. 2004 IEEE Symposium on Security and Privacy. IEEE, Los Alamitos (2004)"},{"key":"4_CR20","unstructured":"Naraine, R.: Is the Botnet Battle Already Lost? http:\/\/www.eweek.com\/article2\/0,1895,2029720,00.asp"},{"key":"4_CR21","volume-title":"Proc. 6th ACM SIGCOMM on Internet Measurement","author":"M. Rajab","year":"2006","unstructured":"Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proc. 6th ACM SIGCOMM on Internet Measurement, October 25-27, 2006. Rio de Janeiro, Brazil (2006)"},{"key":"4_CR22","unstructured":"Roberts, P.F.: California Man Charged with Botnet Offenses, http:\/\/www.eweek.com\/article2\/0,1759,1881621,00.asp"},{"key":"4_CR23","unstructured":"Roberts, P.F.: Botnet Operator Pleads Guilty, http:\/\/www.eweek.com\/article2\/0,1759,1914833,00.asp"},{"key":"4_CR24","unstructured":"Roberts, P.F.: DOJ Indicts Hacker for Hospital Botnet Attack, http:\/\/www.eweek.com\/article2\/0,1759,1925456,00.asp"},{"key":"4_CR25","doi-asserted-by":"crossref","unstructured":"Savage, S., Wetherall, D., Karlin, A., Anderson, T.: Practical Network Support for IP Traceback. In: Proc. ACM SIGCOMM 2000, September 2000, pp. 295\u2013306 (2000)","DOI":"10.1145\/347059.347560"},{"key":"4_CR26","first-page":"3","volume-title":"Proc. ACM SIGCOMM 2001","author":"A. Snoeren","year":"2001","unstructured":"Snoeren, A., Patridge, C., Sanchez, L.A., Jones, C.E., Tchakountio, F., Kent, S.T., Strayer, W.T.: Hash-based IP Traceback. In: Proc. ACM SIGCOMM 2001, September 2001, pp. 3\u201314. ACM Press, New York (2001)"},{"key":"4_CR27","unstructured":"Symantec. Symantec Internet Security Threat Report \u2013 Trends for January 06 - June 06. Volume X (September 2006)"},{"key":"4_CR28","unstructured":"Micro, T.: Taxonomy of Botnet Threats. Trend Micro Enterprise Security Library (November 2006)"},{"key":"4_CR29","doi-asserted-by":"crossref","unstructured":"Wang, X., Chen, S., Jajodia, S.: Tracking Anonymous, Peer-to-Peer VoIP Calls on the Internet. In: Proc. 12th ACM Conference on Computer and Communications Security (CCS 2005) (October 2007)","DOI":"10.1145\/1102120.1102133"},{"key":"4_CR30","doi-asserted-by":"crossref","unstructured":"Wang, X., Chen, S., Jajodia, S.: Network Flow Watermarking Attack on Low-Latency Anonymous Communication Systems. In: Proc. 2007 IEEE Symposium on Security and Privacy (S&P 2007) (May 2007)","DOI":"10.1109\/SP.2007.30"},{"key":"4_CR31","doi-asserted-by":"publisher","first-page":"20","DOI":"10.1145\/948109.948115","volume-title":"Proc. 10th ACM Conference on Computer and Communications Security (CCS 2003)","author":"X. Wang","year":"2003","unstructured":"Wang, X., Reeves, D.: Robust Correlation of Encrypted Attack Traffic Through Stepping Stones by Manipulation of Interpacket Delays. In: Proc. 10th ACM Conference on Computer and Communications Security (CCS 2003), October 2003, pp. 20\u201329. ACM, New York (2003)"},{"key":"4_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"244","DOI":"10.1007\/3-540-45853-0_15","volume-title":"Computer Security - ESORICS 2002","author":"X. Wang","year":"2002","unstructured":"Wang, X., Reeves, D., Wu, S.: Inter-packet Delay Based Correlation for Tracing Encrypted Connections Through Stepping Stones. In: Gollmann, D., Karjoth, G., Waidner, M. (eds.) ESORICS 2002. LNCS, vol.\u00a02502, pp. 244\u2013263. Springer, Heidelberg (2002)"},{"key":"4_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"191","DOI":"10.1007\/10722599_12","volume-title":"Computer Security - ESORICS 2000","author":"K. Yoda","year":"2000","unstructured":"Yoda, K., Etoh, H.: Finding a Connection Chain for Tracing Intruders. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol.\u00a01895, pp. 191\u2013205. Springer, Heidelberg (2000)"},{"key":"4_CR34","unstructured":"Zhang, Y., Paxson, V.: Detecting Stepping Stones. In: Proc. 9th USENIX Security Symposium, pp. 171\u2013184. USENIX (2000)"}],"container-title":["Lecture Notes in Computer Science","Recent Advances in Intrusion Detection"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-87403-4_4.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T02:37:29Z","timestamp":1606185449000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-87403-4_4"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540874027","9783540874034"],"references-count":34,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-87403-4_4","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[]}}