{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,10]],"date-time":"2026-03-10T22:52:58Z","timestamp":1773183178541,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":28,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642161605","type":"print"},{"value":"9783642161612","type":"electronic"}],"license":[{"start":{"date-parts":[[2010,1,1]],"date-time":"2010-01-01T00:00:00Z","timestamp":1262304000000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2010]]},"DOI":"10.1007\/978-3-642-16161-2_2","type":"book-chapter","created":{"date-parts":[[2010,11,26]],"date-time":"2010-11-26T22:17:14Z","timestamp":1290809834000},"page":"20-34","source":"Crossref","is-referenced-by-count":16,"title":["Analyzing and Exploiting Network Behaviors of Malware"],"prefix":"10.1007","author":[{"given":"Jose Andre","family":"Morales","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Areej","family":"Al-Bataineh","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Shouhuai","family":"Xu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ravi","family":"Sandhu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"2_CR1","unstructured":"http:\/\/anubis.iseclab.org\/"},{"key":"2_CR2","unstructured":"Balatzar, J., Costoya, J., Flores, R.: The real face of koobface: The largest web 2.0 botnet explained. Technical report, Trend Micro (2009)"},{"key":"2_CR3","unstructured":"Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., Kruegel, C.: A view on current malware behaviors. In: LEET 2009: Usenix Workshop on Large-scale Exploits and Emergent Threats (2009)"},{"key":"2_CR4","unstructured":"http:\/\/bitblaze.cs.berkeley.edu\/"},{"key":"2_CR5","unstructured":"http:\/\/tools.ietf.org\/html\/rfc1034"},{"key":"2_CR6","doi-asserted-by":"publisher","first-page":"43","DOI":"10.1145\/1029618.1029625","volume-title":"WORM 2004: Proceedings of the 2004 ACM workshop on Rapid malcode","author":"D.R. Ellis","year":"2004","unstructured":"Ellis, D.R., Aiken, J.G., Attwood, K.S., Tenaglia, S.D.: A behavioral approach to worm detection. In: WORM 2004: Proceedings of the 2004 ACM workshop on Rapid malcode, pp. 43\u201353. ACM Press, New York (2004)"},{"key":"2_CR7","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium, Security 2008 (2008)"},{"key":"2_CR8","first-page":"356","volume-title":"COMSNETS 2009: Proceedings of the First international conference on COMmunication Systems And NETworks","author":"A. Gupta","year":"2009","unstructured":"Gupta, A., Kuppili, P., Akella, A., Barford, P.: An empirical study of malware evolution. In: COMSNETS 2009: Proceedings of the First international conference on COMmunication Systems And NETworks, pp. 356\u2013365. IEEE Press, Piscataway (2009)"},{"key":"2_CR9","first-page":"1","volume-title":"LEET 2008: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats","author":"T. Holz","year":"2008","unstructured":"Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET 2008: Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats, pp. 1\u20139. USENIX Association, Berkeley (2008)"},{"key":"2_CR10","unstructured":"http:\/\/tools.ietf.org\/html\/rfc792"},{"key":"2_CR11","first-page":"17","volume-title":"WORM 2006: Proceedings of the 4th ACM workshop on Recurring malcode","author":"X. Jiang","year":"2006","unstructured":"Jiang, X., Xu, D.: Profiling self-propagating worms via behavioral footprinting. In: WORM 2006: Proceedings of the 4th ACM workshop on Recurring malcode, pp. 17\u201324. ACM, New York (2006)"},{"key":"2_CR12","unstructured":"Kolbitsch, C., Comparetti, P.M., Kruegel, C., Kirda, E., Zhou, X., Wang, X.: Effective and efficient malware detection at the end host. In: 18th Usenix Security Symposium (2009)"},{"key":"2_CR13","unstructured":"http:\/\/www.mlsec.org\/malheur\/"},{"key":"2_CR14","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1145\/637201.637244","volume-title":"IMW 2002: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment","author":"D. Moore","year":"2002","unstructured":"Moore, D., Shannon, C., Claffy, K.: Code-red: a case study on the spread and victims of an internet worm. In: IMW 2002: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet measurment, pp. 273\u2013284. ACM, New York (2002)"},{"key":"2_CR15","doi-asserted-by":"crossref","unstructured":"Morales, J.A., Al-Bataineh, A., Xu, S., Sandhu, R.: Analyzing dns activities of bot processes. In: MALWARE 2009: Proceedings of the 4th International Conference on Malicious and Unwanted Software, pp. 98\u2013103 (2009)","DOI":"10.1109\/MALWARE.2009.5403014"},{"key":"2_CR16","doi-asserted-by":"crossref","unstructured":"Morales, J.A., Clarke, P.J., Deng, Y., Kibria, B.G.: Identification of file infecting viruses through detection of self-reference replication. Journal in Computer Virology Special EICAR conference invited paper issue (2008)","DOI":"10.1007\/s11416-008-0101-5"},{"issue":"9","key":"2_CR17","doi-asserted-by":"publisher","first-page":"4544","DOI":"10.1016\/j.csda.2008.01.028","volume":"52","author":"R. Moskovitch","year":"2008","unstructured":"Moskovitch, R., Elovici, Y., Rokach, L.: Detection of unknown computer worms based on behavioral classification of the host. Comput. Stat. Data Anal.\u00a052(9), 4544\u20134566 (2008)","journal-title":"Comput. Stat. Data Anal."},{"key":"2_CR18","doi-asserted-by":"crossref","unstructured":"Nazario, J., Holz, T.: As the net churns: Fast-flux botnet observations. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008, pp. 24\u201331 (2008)","DOI":"10.1109\/MALWARE.2008.4690854"},{"key":"2_CR19","unstructured":"http:\/\/tools.ietf.org\/html\/rfc1001ref-2"},{"key":"2_CR20","unstructured":"http:\/\/en.wikipedia.org\/wiki\/Ping"},{"key":"2_CR21","unstructured":"http:\/\/en.wikipedia.org\/wiki\/List_of_TCP_and_UDP_port_numbers"},{"key":"2_CR22","doi-asserted-by":"publisher","first-page":"76","DOI":"10.1145\/948187.948201","volume-title":"WORM 2003: Proceedings of the 2003 ACM workshop on Rapid malcode","author":"J.C. Rabek","year":"2003","unstructured":"Rabek, J.C., Khazan, R.I., Lewandowski, S.M., Cunningham, R.K.: Detection of injected, dynamically generated, and obfuscated malicious code. In: WORM 2003: Proceedings of the 2003 ACM workshop on Rapid malcode, pp. 76\u201382. ACM Press, New York (2003)"},{"key":"2_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"89","DOI":"10.1007\/978-3-540-73614-1_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"E. Stinson","year":"2007","unstructured":"Stinson, E., Mitchell, J.C.: Characterizing bots\u2019 remote control behavior. In: H\u00e4mmerli, B.M., Sommer, R. (eds.) DIMVA 2007. LNCS, vol.\u00a04579, pp. 89\u2013108. Springer, Heidelberg (2007)"},{"key":"2_CR24","unstructured":"http:\/\/www.sunbeltsoftware.com\/Malware-Research-Analysis-Tools\/Sunbelt-CWSandbox\/"},{"key":"2_CR25","unstructured":"http:\/\/tools.ietf.org\/html\/rfc768"},{"key":"2_CR26","volume-title":"Data Mining: Practical machine learning tools and techniques","author":"I.H. Witten","year":"2005","unstructured":"Witten, I.H., Frank, E.: Data Mining: Practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, San Francisco (2005)","edition":"2"},{"key":"2_CR27","first-page":"116","volume-title":"CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security","author":"H. Yin","year":"2007","unstructured":"Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: capturing system-wide information flow for malware detection and analysis. In: CCS 2007: Proceedings of the 14th ACM conference on Computer and communications security, pp. 116\u2013127. ACM, New York (2007)"},{"key":"2_CR28","doi-asserted-by":"crossref","unstructured":"Zhu, Z., Yegneswaran, V., Chen, Y.: Using failure information analysis to detect enterprise zombies. In: 5th International ICST Conference on Security and Privacy in Communication Networks, Securecomm 2009 (2009)","DOI":"10.1007\/978-3-642-05284-2_11"}],"container-title":["Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering","Security and Privacy in Communication Networks"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-16161-2_2","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,6]],"date-time":"2019-06-06T11:45:47Z","timestamp":1559821547000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-16161-2_2"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010]]},"ISBN":["9783642161605","9783642161612"],"references-count":28,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-16161-2_2","relation":{},"ISSN":["1867-8211","1867-822X"],"issn-type":[{"value":"1867-8211","type":"print"},{"value":"1867-822X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2010]]}}}