{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:51:14Z","timestamp":1771699874790,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":39,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642207563","type":"print"},{"value":"9783642207570","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2011]]},"DOI":"10.1007\/978-3-642-20757-0_1","type":"book-chapter","created":{"date-parts":[[2011,4,28]],"date-time":"2011-04-28T01:49:00Z","timestamp":1303955340000},"page":"1-14","source":"Crossref","is-referenced-by-count":69,"title":["BotTrack: Tracking Botnets Using NetFlow and PageRank"],"prefix":"10.1007","author":[{"given":"J\u00e9r\u00f4me","family":"Fran\u00e7ois","sequence":"first","affiliation":[]},{"given":"Shaonan","family":"Wang","sequence":"additional","affiliation":[]},{"given":"Radu","family":"State","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Engel","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"1_CR1","doi-asserted-by":"crossref","unstructured":"Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: ACM SIGCOMM Conference on Internet Measurement (IMC), pp. 41\u201352 (2006)","DOI":"10.1145\/1177080.1177086"},{"key":"1_CR2","doi-asserted-by":"crossref","unstructured":"Aguilera, M., Mogul, J., Wiener, J., Reynolds, P., Muthitacharoen, A.: Performance debugging for distributed systems of black boxes. In: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 74\u201389 (2003)","DOI":"10.1145\/1165389.945454"},{"issue":"1","key":"1_CR3","doi-asserted-by":"publisher","first-page":"82","DOI":"10.1109\/MSECP.2003.1177002","volume":"1","author":"I. Arce","year":"2003","unstructured":"Arce, I., Levy, E.: An analysis of the slapper worm. IEEE Security and Privacy\u00a01(1), 82\u201387 (2003)","journal-title":"IEEE Security and Privacy"},{"key":"1_CR4","doi-asserted-by":"publisher","first-page":"25","DOI":"10.1007\/3-540-28349-8_2","volume-title":"Grouping Multidimensional Data","author":"P. Berkhin","year":"2006","unstructured":"Berkhin, P.: A survey of clustering data mining techniques. In: Grouping Multidimensional Data, pp. 25\u201371. Springer, Heidelberg (2006)"},{"key":"1_CR5","unstructured":"Buxbaum, P.: The fog of cyberwar \u2013 to defend... and attack?, \n                    \n                      http:\/\/www.isn.ethz.ch\/isn\/Current-Affairs\/Special-Reports\/The-Fog-of-Cyberwar\/Botnets\/\n                    \n                    \n                   (accessed on 08\/30\/10)"},{"key":"1_CR6","unstructured":"Chen, X., Zhang, M., Mao, Z.M., Bahl, P.: Automating network application dependency discovery: Experiences, limitations, and new solutions. In: Proceedings of OSDI (2008)"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Claise, B.: Cisco Systems NetFlow Services Export Version 9. RFC 3954 (Informational) (October 2004)","DOI":"10.17487\/rfc3954"},{"key":"1_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"276","DOI":"10.1007\/978-3-540-74320-0_15","volume-title":"Recent Advances in Intrusion Detection","author":"M.P. Collins","year":"2007","unstructured":"Collins, M.P., Reiter, M.K.: Hit-list worm detection and bot identification in large networks using protocol graphs. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 276\u2013295. Springer, Heidelberg (2007)"},{"issue":"8","key":"1_CR9","doi-asserted-by":"publisher","first-page":"861","DOI":"10.1016\/j.patrec.2005.10.010","volume":"27","author":"T. Fawcett","year":"2006","unstructured":"Fawcett, T.: An introduction to roc analysis. Pattern Recogn. Lett.\u00a027(8), 861\u2013874 (2006)","journal-title":"Pattern Recogn. Lett."},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Fran\u00e7ois, J., State, R., Festor, O.: Towards malware inspired management frameworks. In: IEEE\/IFIP Network Operations and Management Symposium (NOMS), pp. 105\u2013112 (2008)","DOI":"10.1109\/NOMS.2008.4575123"},{"key":"1_CR11","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: USENIX Security Symposium (SS), July 2008, pp. 139\u2013154. San Jose, CA (2008)"},{"key":"1_CR12","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: detecting malware infection through ids-driven dialog correlation. In: USENIX Security Symposium (SS) (August 2007)"},{"key":"1_CR13","unstructured":"Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: Workshop on Large-Scale Exploits and Emergent Threats (LEET). USENIX (2008)"},{"key":"1_CR14","doi-asserted-by":"publisher","first-page":"33","DOI":"10.1109\/EC2ND.2008.11","volume-title":"EC2ND: European Conference on Computer Network Defense","author":"R. Hund","year":"2008","unstructured":"Hund, R., Hamann, M., Holz, T.: Towards next-generation botnets. In: EC2ND: European Conference on Computer Network Defense, pp. 33\u201340. IEEE Computer Society, Los Alamitos (2008)"},{"key":"1_CR15","doi-asserted-by":"crossref","unstructured":"Iliofotou, M., Faloutsos, M., Mitzenmacher, M.: Exploiting dynamicity in graph-based traffic analysis: techniques and applications. In: ACM International Conference on Emerging Networking Experiments and Technologies, CoNEXT (2009)","DOI":"10.1145\/1658939.1658967"},{"key":"1_CR16","unstructured":"Jian-Guang, L., Qiang, F., Wang, J.Y.: Mining dependency in distributed systems through unstructured logs analysis. research.microsoft.com \n                    \n                      http:\/\/research.microsoft.com\/pubs\/101994\/Dependency\/252520Camera\/Ready.pdf"},{"key":"1_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","DOI":"10.1007\/b11823","volume-title":"Peer-to-Peer Systems II","author":"M.F. Kaashoek","year":"2003","unstructured":"Kaashoek, M.F., Karger, D.R.: Koorde: A simple degree-optimal distributed hash table. In: Kaashoek, M.F., Stoica, I. (eds.) IPTPS 2003. LNCS, vol.\u00a02735. Springer, Heidelberg (2003)"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Kandula, S., Chandra, R., Katabi, D.: What\u2019s going on?: learning communication rules in edge networks. In: Proceedings of the ACM SIGCOMM 2008 Conference on Data Communication, pp. 87\u201398 (2008)","DOI":"10.1145\/1402958.1402970"},{"key":"1_CR19","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Papagiannaki, K., Faloutsos, M.: BLINC: multilevel traffic classification in the dark. In: ACM Conference on Applications, Technologies, Architectures, and Protocols for Computer Communications, SIGCOMM (2005)","DOI":"10.1145\/1080091.1080119"},{"key":"1_CR20","unstructured":"Karasaridis, A., Rexroad, B., Hoeflin, D.: Wide-scale botnet detection and characterization. In: First Workshop on Hot Topics in Understanding Botnets (HotBots). USENIX (2007)"},{"key":"1_CR21","doi-asserted-by":"crossref","unstructured":"Kim, H., Claffy, K., Fomenkov, M., Barman, D., Faloutsos, M., Lee, K.: Internet traffic classification demystified: myths, caveats, and the best practices. In: ACM CoNEXT (2008)","DOI":"10.1145\/1544012.1544023"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Kryszkiewicz, M., Skonieczny, \u0141.: Faster clustering with dbscan. Intelligent Information Processing and Web Mining, pp. 605\u2013614 (2005)","DOI":"10.1007\/3-540-32392-9_73"},{"key":"1_CR23","first-page":"53","volume-title":"IPTPS 2001: International Workshop on Peer-to-Peer Systems","author":"P. Maymounkov","year":"2002","unstructured":"Maymounkov, P., Mazi\u00e8res, D.: Kademlia: A peer-to-peer information system based on the XOR metric. In: IPTPS 2001: International Workshop on Peer-to-Peer Systems, pp. 53\u201365. Springer, Heidelberg (2002)"},{"key":"1_CR24","doi-asserted-by":"crossref","unstructured":"McLaughlin, L.: Bot software spreads, causes new worries. IEEE Distributed Systems Online\u00a05(6) (2004)","DOI":"10.1109\/MDSO.2004.7"},{"key":"1_CR25","unstructured":"Nagaraja, S., Mittal, P., Hong, C., Caesar, M., Borisov, N.: BotGrep: Finding p2p bots with structured graph analysis. In: Security Symposium. USENIX (2010)"},{"key":"1_CR26","doi-asserted-by":"crossref","unstructured":"Oikarinen, J., Reed, D.: rfc 1459: Internet relay chat protocol (1993)","DOI":"10.17487\/rfc1459"},{"key":"1_CR27","unstructured":"Page, L., Brin, S., Motwani, R., Winograd, T.: The pagerank citation ranking: Bringing order to the web (1998)"},{"key":"1_CR28","unstructured":"Porras, P., Sadi, H., Yegneswaran, V.: A Multi-perspective Analysis of the Storm (Peacomm) Worm, \n                    \n                      http:\/\/www.cyber-ta.org\/pubs\/StormWorm\/SRITechnical-Report-10-01-Storm-Analysis.pdf"},{"key":"1_CR29","doi-asserted-by":"crossref","unstructured":"Quittek, J., Zseby, T., Claise, B., Zander, S.: Requirements for IP Flow Information Export (IPFIX) (2004), \n                    \n                      http:\/\/www.ietf.org\/rfc\/rfc3917.txt","DOI":"10.17487\/rfc3917"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Reynolds, P., Wiener, J.L., Mogul, J.C., Aguilera, M.K., Vahdat, A.: Wap5: black-box performance debugging for wide-area systems. In: Proceedings of the 15th International Conference on World Wide Web, pp. 347\u2013356 (2006)","DOI":"10.1145\/1135777.1135830"},{"key":"1_CR31","doi-asserted-by":"crossref","unstructured":"Sperotto, A., Sadre, R., de Boer, P., Pras, A.: Hidden markov model modeling of ssh brute-force attacks. In: Integrated Management of Systems, Services, Processes and People in IT, pp. 164\u2013176.","DOI":"10.1007\/978-3-642-04989-7_13"},{"key":"1_CR32","doi-asserted-by":"crossref","unstructured":"Sperotto, A., Sadre, R., Pras, A.: Anomaly characterization in flow-based traffic time series. IP Operations and Management, 15\u201327","DOI":"10.1007\/978-3-540-87357-0_2"},{"key":"1_CR33","doi-asserted-by":"crossref","unstructured":"Stoica, I., Morris, R., Karger, D., Kaashoek, F., Balakrishnan, H.: Chord: A scalable Peer-To-Peer lookup service for internet applications. In: Proceedings of the 2001 ACM SIGCOMM Conference, pp. 149\u2013160 (2001)","DOI":"10.1145\/964723.383071"},{"key":"1_CR34","volume-title":"Networks Security, Wireless Communications and Trusted Computing (NSWCTC)","author":"B. Wang","year":"2009","unstructured":"Wang, B., Li, Z., Tu, H., Hu, Z., Hu, J.: Actively measuring bots in peer-to-peer networks. In: Networks Security, Wireless Communications and Trusted Computing (NSWCTC). IEEE, Wuhan (2009)"},{"key":"1_CR35","doi-asserted-by":"crossref","unstructured":"Wang, S., State, R., Ourdane, M., Engel, T.: FlowRank: Ranking netflow records. In: Proceedings of the 6th International Wireless Communications and Mobile Computing Conference (2010)","DOI":"10.1145\/1815396.1815508"},{"key":"1_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"135","DOI":"10.1007\/978-3-642-13986-4_20","volume-title":"Mechanisms for Autonomous Management of Networks and Services","author":"S. Wang","year":"2010","unstructured":"Wang, S., State, R., Ourdane, M., Engel, T.: Mining netFlow records for critical network activities. In: Stiller, B., De Turck, F. (eds.) AIMS 2010. LNCS, vol.\u00a06155, pp. 135\u2013146. Springer, Heidelberg (2010)"},{"key":"1_CR37","doi-asserted-by":"crossref","unstructured":"Wang, S., State, R., Ourdane, M., Engel, T.: Riskrank: Security risk ranking for ip flow records. In: Proceedings of the 6th International Conference on Network and Services Management, CNSM 2010 (2010) (to appear)","DOI":"10.1109\/CNSM.2010.5691334"},{"issue":"4","key":"1_CR38","doi-asserted-by":"publisher","first-page":"171","DOI":"10.1145\/1402946.1402979","volume":"38","author":"Y. Xie","year":"2008","unstructured":"Xie, Y., Yu, F., Achan, K., Panigrahy, R., Hulten, G., Osipkov, I.: Spamming botnets: signatures and characteristics. SIGCOMM Comput. Commun. Rev.\u00a038(4), 171\u2013182 (2008)","journal-title":"SIGCOMM Comput. Commun. Rev."},{"issue":"3","key":"1_CR39","doi-asserted-by":"publisher","first-page":"263","DOI":"10.1023\/A:1009884809343","volume":"3","author":"X. Xu","year":"1999","unstructured":"Xu, X., J\u00e4ger, J., Kriegel, H.P.: A fast parallel clustering algorithm for large spatial databases. Data Min. Knowl. Discov.\u00a03(3), 263\u2013290 (1999)","journal-title":"Data Min. Knowl. Discov."}],"container-title":["Lecture Notes in Computer Science","NETWORKING 2011"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-20757-0_1.pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2020,11,24]],"date-time":"2020-11-24T03:00:11Z","timestamp":1606186811000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-20757-0_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011]]},"ISBN":["9783642207563","9783642207570"],"references-count":39,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-20757-0_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011]]}}}