{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T07:17:57Z","timestamp":1725520677695},"publisher-location":"Berlin, Heidelberg","reference-count":26,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540881803"},{"type":"electronic","value":"9783540881810"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"DOI":"10.1007\/978-3-540-88181-0_24","type":"book-chapter","created":{"date-parts":[[2008,10,20]],"date-time":"2008-10-20T07:31:09Z","timestamp":1224487869000},"page":"186-194","source":"Crossref","is-referenced-by-count":3,"title":["Flow Level Data Mining of DNS Query Streams for Email Worm Detection"],"prefix":"10.1007","author":[{"given":"Nikolaos","family":"Chatzis","sequence":"first","affiliation":[]},{"given":"Radu","family":"Popescu-Zeletin","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"unstructured":"Messaging Anti-Abuse Working Group: Email Metrics Report, http:\/\/www.maawg.org","key":"24_CR1"},{"unstructured":"Symantec: Internet Security Threat Report Trends (January-June 2007), http:\/\/www.symantec.com","key":"24_CR2"},{"unstructured":"ESET Virus Radar, http:\/\/www.virus-radar.com","key":"24_CR3"},{"unstructured":"Kaspersky Lab Viruslist, http:\/\/www.viruslist.com","key":"24_CR4"},{"unstructured":"Roesch, M.: Snort - Lightweight Intrusion Detection for Networks. In: LISA 1999, 13th USENIX Systems Administration Conference, pp. 229\u2013238. USENIX (1999)","key":"24_CR5"},{"unstructured":"Paxson, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: 7th Conference on USENIX Security Symposium. USENIX (1998)","key":"24_CR6"},{"unstructured":"Singh, S., Estan, C., Varghese, G., Savage, S.: The Earlybird System for Real-time Detection of Unknown Worms. Tech. Report CS2003-0761, University of California (2003)","key":"24_CR7"},{"key":"24_CR8","volume-title":"Virtual Honeypots: From Botnet Tracking to Intrusion Detection","author":"N. Provos","year":"2007","unstructured":"Provos, N., Holz, T.: Virtual Honeypots: From Botnet Tracking to Intrusion Detection. Addison Wesley Professional, Reading (2007)"},{"doi-asserted-by":"crossref","unstructured":"Whyte, D., van Oorschot, P., Kranakis, E.: Addressing Malicious SMTP-based Mass Mailing Activity within an Enterprise Network. Technical Report TR-05-06, Carleton University, School of Computer Science (2005)","key":"24_CR9","DOI":"10.1109\/ACSAC.2006.11"},{"key":"24_CR10","doi-asserted-by":"publisher","first-page":"159","DOI":"10.1145\/1080173.1080175","volume-title":"MineNet 2005 ACM SIGCOMM Workshop","author":"K. Ishibashi","year":"2005","unstructured":"Ishibashi, K., Toyono, T., Toyama, K., Ishino, M., Ohshima, H., Mizukoshi, I.: Detecting Mass-Mailing Worm Infected Hosts by Mining DNS Traffic Data. In: MineNet 2005 ACM SIGCOMM Workshop, pp. 159\u2013164. ACM Press, New York (2005)"},{"key":"24_CR11","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1029618.1029620","volume-title":"WORM 2004 ACM Workshop","author":"C. Wong","year":"2004","unstructured":"Wong, C., Bielski, S., McCune, J., Wang, C.: A Study of Mass-Mailing Worms. In: WORM 2004 ACM Workshop, pp. 1\u201310. ACM Press, New York (2004)"},{"unstructured":"Musashi, Y., Matsuba, R., Sugitani, K.: Indirect Detection of Mass Mailing Worm-Infected PC Terminals for Learners. In: 3rd International Conference on Emerging Telecommunications Technologies and Applications, pp. 233\u2013237 (2004)","key":"24_CR12"},{"unstructured":"Musashi, Y., Rannenberg, K.: Detection of Mass Mailing Worm-Infected PC Terminals by Observing DNS Query Access. IPSJ SIG Notes, pp. 39\u201344 (2004)","key":"24_CR13"},{"key":"24_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"155","DOI":"10.1007\/978-3-540-45248-5_9","volume-title":"Recent Advances in Intrusion Detection, 6th International Symposium, RAID","author":"L. Schaelicke","year":"2003","unstructured":"Schaelicke, L., Slabach, T., Moore, B., Freeland, C.: Characterizing the Performance of Network Intrusion Detection Sensors. In: Recent Advances in Intrusion Detection, 6th International Symposium, RAID. LNCS, pp. 155\u2013172. Springer, Heidelberg (2003)"},{"key":"24_CR15","doi-asserted-by":"publisher","first-page":"36","DOI":"10.1109\/SECUREWARE.2007.4385307","volume-title":"International Conference on Emerging Security Information Systems, and Technologies","author":"N. Chatzis","year":"2007","unstructured":"Chatzis, N.: Motivation for Behaviour-Based DNS Security: A Taxonomy of DNS-related Internet Threats. In: International Conference on Emerging Security Information Systems, and Technologies, pp. 36\u201341. IEEE, Los Alamitos (2007)"},{"key":"24_CR16","first-page":"1","volume-title":"Global Telecommunications Conference, GLOBECOM 2006","author":"A. Dainotti","year":"2006","unstructured":"Dainotti, A., Pescape, A., Ventre, G.: Wavelet-based Detection of DoS Attacks. In: Global Telecommunications Conference, GLOBECOM 2006, pp. 1\u20136. IEEE, Los Alamitos (2006)"},{"key":"24_CR17","first-page":"421","volume-title":"12th International Conference on Computer Communications and Networks, ICCCN 2003","author":"L. Li","year":"2003","unstructured":"Li, L., Lee, G.: DDoS Attack Detection and Wavelets. In: 12th International Conference on Computer Communications and Networks, ICCCN 2003, pp. 421\u2013427. IEEE, Los Alamitos (2003)"},{"key":"24_CR18","first-page":"703","volume-title":"Int. Conference on Computational Science","author":"K. Chong","year":"2003","unstructured":"Chong, K., Song, H., Noh, S.: Traffic Characterization of the Web Server Attacks of Worm Viruses. In: Int. Conference on Computational Science, pp. 703\u2013712. Springer, Heidelberg (2003)"},{"key":"24_CR19","doi-asserted-by":"publisher","first-page":"1435","DOI":"10.1109\/ICC.2007.241","volume-title":"International Conference on Communications, ICC 2007","author":"A. Dainotti","year":"2007","unstructured":"Dainotti, A., Pescape, A., Ventre, G.: Worm Traffic Analysis and Characterization. In: International Conference on Communications, ICC 2007, pp. 1435\u20131442. IEEE, Los Alamitos (2007)"},{"key":"24_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"420","DOI":"10.1007\/3-540-44503-X_27","volume-title":"8th Int. Conf. on Database Theory","author":"C. Aggarwal","year":"2001","unstructured":"Aggarwal, C., Hinneburg, A., Keim, D.: On the Surprising Behavior of Distance Metrics in High Dimensional Space. In: 8th Int. Conf. on Database Theory. LNCS, pp. 420\u2013434. Springer, Heidelberg (2001)"},{"issue":"1","key":"24_CR21","doi-asserted-by":"publisher","first-page":"11","DOI":"10.1007\/s10618-005-0028-0","volume":"13","author":"A. Bagnall","year":"2006","unstructured":"Bagnall, A., Ratanamahatana, C., Keogh, E., Lonardi, S., Janacek, G.: A Bit Level Representation for Time Series Data Mining with Shape Based Similarity. Data Min. and Knowl. Discovery\u00a013(1), 11\u201340 (2006)","journal-title":"Data Min. and Knowl. Discovery"},{"issue":"7","key":"24_CR22","doi-asserted-by":"publisher","first-page":"674","DOI":"10.1109\/34.192463","volume":"11","author":"S. Mallat","year":"1989","unstructured":"Mallat, S.: A Theory for Multiresolution Signal Decomposition: The Wavelet Representation. IEEE Transactions on Pattern Analysis and Machine Intelligence\u00a011(7), 674\u2013693 (1989)","journal-title":"IEEE Transactions on Pattern Analysis and Machine Intelligence"},{"unstructured":"M\u00f6rchen, F.: Time Series Feature Extraction for Data Mining Using DWT and DFT. Technical Report No. 33, Dept. of Maths and CS, Philipps-U. Marburg (2003)","key":"24_CR23"},{"issue":"4","key":"24_CR24","doi-asserted-by":"publisher","first-page":"349","DOI":"10.1023\/A:1024988512476","volume":"7","author":"E. Keogh","year":"2003","unstructured":"Keogh, E., Kasetty, S.: On the Need for Time Series Data Mining Benchmarks: A survey and empirical demonstration. Data Min. and Knowl. Discovery\u00a07(4), 349\u2013371 (2003)","journal-title":"Data Min. and Knowl. Discovery"},{"key":"24_CR25","doi-asserted-by":"crossref","DOI":"10.1002\/9780470316801","volume-title":"Finding Groups in Data: An Introduction to Cluster Analysis","author":"L. Kaufman","year":"1990","unstructured":"Kaufman, L., Rousseeuw, P.: Finding Groups in Data: An Introduction to Cluster Analysis. Wiley, Chichester (1990)"},{"key":"24_CR26","first-page":"419","volume-title":"ACM SIGMOD International Conference on Management of Data","author":"C. Faloutsos","year":"1994","unstructured":"Faloutsos, C., Ranganathan, M., Manolopoulos, Y.: Fast Subsequence Matching in Time Series Databases. In: ACM SIGMOD International Conference on Management of Data, pp. 419\u2013429. ACM Press, New York (1994)"}],"container-title":["Advances in Soft Computing","Proceedings of the International Workshop on Computational Intelligence in Security for Information Systems CISIS\u201908"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-88181-0_24.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,4,27]],"date-time":"2021-04-27T07:57:02Z","timestamp":1619510222000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-88181-0_24"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[null]]},"ISBN":["9783540881803","9783540881810"],"references-count":26,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-88181-0_24","relation":{},"ISSN":["1867-5662","1860-0794"],"issn-type":[{"type":"print","value":"1867-5662"},{"type":"electronic","value":"1860-0794"}],"subject":[]}}