{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,5,9]],"date-time":"2025-05-09T16:29:40Z","timestamp":1746808180546,"version":"3.40.5"},"publisher-location":"Berlin, Heidelberg","reference-count":27,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642358890"},{"type":"electronic","value":"9783642358906"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-35890-6_14","type":"book-chapter","created":{"date-parts":[[2013,1,11]],"date-time":"2013-01-11T03:45:00Z","timestamp":1357875900000},"page":"187-200","source":"Crossref","is-referenced-by-count":10,"title":["Analyzing HTTP User Agent Anomalies for Malware Detection"],"prefix":"10.1007","author":[{"given":"Nizar","family":"Kheir","sequence":"first","affiliation":[]}],"member":"297","reference":[{"key":"14_CR1","unstructured":"Symantec: Internet security threat report (istr) - 2011 trends (April 2012)"},{"key":"14_CR2","unstructured":"Falliere, N., Murchu, L.O., Chien, E.: W32.stuxnet dossier. Technical report, Symantec Response Team (2011)"},{"key":"14_CR3","unstructured":"sKyWIper Analysis\u00a0Team: skywiper (a.k.a. flame a.k.a. flamer): A complex malware for targeted attacks. Technical report, Laboratory of Cryptography and System Security (CrySyS Lab) (May 2012)"},{"key":"14_CR4","doi-asserted-by":"crossref","first-page":"41","DOI":"10.1109\/MSP.2011.98","volume":"9","author":"P.O. Kane","year":"2011","unstructured":"Kane, P.O., Sezer, S., McLaughlin, K.: Obfuscation: The hidden malware. IEEE Security & Privacy\u00a09, 41\u201347 (2011)","journal-title":"IEEE Security & Privacy"},{"key":"14_CR5","doi-asserted-by":"crossref","unstructured":"Dagon, D., Gu, G., Lee, C.P., Lee, W.: A taxonomy of botnet structures. In: Proceedings of the 23rd Annual Computer Security Applications Conference (2007)","DOI":"10.1109\/ACSAC.2007.44"},{"key":"14_CR6","unstructured":"Rajab, M.A., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement (2006)"},{"key":"14_CR7","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: Workshop on Building Analysis Datasets and Gathering Experience Returns for Security, Salzburg (2011)","DOI":"10.1145\/1978672.1978682"},{"key":"14_CR8","unstructured":"Gu, G., Zhang, J., Lee, W.: Botsniffer: Detecting botnet command and control channels in network traffic. In: Proceedings of the 15th Annual Network and Distributed System Security Symposium (2008)"},{"key":"14_CR9","unstructured":"Gu, G., Porras, P., Yegneswaran, V., Fong, M., Lee, W.: Bothunter: Detecting malware infection through ids-driven dialog correlation. In: Proceedings of the 16th USENIX Security Symposium (2007)"},{"key":"14_CR10","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In: Proceedings of the 17th USENIX Security Symposium (2008)"},{"key":"14_CR11","unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: USENIX Symposium on Networked Systems Design and Implementation (2010)"},{"key":"14_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"232","DOI":"10.1007\/978-3-642-04444-1_15","volume-title":"Computer Security \u2013 ESORICS 2009","author":"P. Wurzinger","year":"2009","unstructured":"Wurzinger, P., Bilge, L., Holz, T., Goebel, J., Kruegel, C., Kirda, E.: Automatically Generating Models for Botnet Detection. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.\u00a05789, pp. 232\u2013249. Springer, Heidelberg (2009)"},{"key":"14_CR13","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Dagon, D., Lee, W., Fogla, P., Sharif, M.: Misleading worm signature generators using deliberate noise injection. In: Proceedings of the IEEE Symposium on Security and Privacy (SSP) (2006)","DOI":"10.1109\/SP.2006.26"},{"key":"14_CR14","unstructured":"abuse.ch: Kelihos back in town using fast flux. Malware & Virus Analysing (March 2012)"},{"key":"14_CR15","unstructured":"Arbor Networks: Anatomy of a botnet - how the arbor security engineering & response team discovers, analyzes and mitigates ddos attacks. White paper"},{"key":"14_CR16","doi-asserted-by":"crossref","unstructured":"Fielding, R., Irvine, U., Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext transfer protocol. Request for Comments: 2616 (1999)","DOI":"10.17487\/rfc2616"},{"key":"14_CR17","unstructured":"Manners, D.: The user agent field: Analyzing and detecting the abnormal or malicious in your organization. In: SANS Institute Reading Room Site (2012)"},{"key":"14_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated Classification and Analysis of Internet Malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"14_CR19","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: Network and Distributed System System Security Symposium (2009)"},{"key":"14_CR20","unstructured":"Jacob, G., Hund, R., Kruegel, C., Holz, T.: Jackstraws: Picking command and control connections from bot traffic. In: 20th USENIX Security Symposium (2011)"},{"key":"14_CR21","unstructured":"Li, Z., Sanghi, M., Chen, Y., Yang Kao, M., Chavez, B.: Hamsa: fast signature generation for zero-day polymorphic worms with provable attack resilience. In: IEEE Symposium on Security and Privacy (2006)"},{"key":"14_CR22","doi-asserted-by":"crossref","unstructured":"Yegneswaran, V., Giffin, J.T., Barford, P., Jha, S.: An architecture for generating semantic-aware signatures. In: USENIX Security Symposium (2005)","DOI":"10.21236\/ADA449063"},{"key":"14_CR23","unstructured":"Newsome, J., Karp, B., Song, D.: Polygraph: Automatically generating signatures for polymorphic worms. In: IEEE Symposium on Security and Privacy (2005)"},{"key":"14_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"287","DOI":"10.1007\/11815921_31","volume-title":"Structural, Syntactic, and Statistical Pattern Recognition","author":"B. Spillmann","year":"2006","unstructured":"Spillmann, B., Neuhaus, M., Bunke, H., P\u0119kalska, E.Z., Duin, R.P.W.: Transforming Strings to Vector Spaces Using Prototype Selection. In: Yeung, D.-Y., Kwok, J.T., Fred, A., Roli, F., de Ridder, D. (eds.) SSPR&SPR 2006. LNCS, vol.\u00a04109, pp. 287\u2013296. Springer, Heidelberg (2006)"},{"key":"14_CR25","doi-asserted-by":"crossref","unstructured":"Bieganski, P., Ned, J., Cadis, J.V.: Generalized suffix trees for biological sequence data: applications and implementation. In: Proceedings of the Twenty-Seventh Hawaii International Conference on System Sciences, vol.\u00a05, pp. 35\u201344 (1994)","DOI":"10.1109\/HICSS.1994.323593"},{"key":"14_CR26","unstructured":"Brumley, D., Hartwig, C., Liang, Z., Newsome, J., Song, D., Yin, H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection. Springer (2008)"},{"key":"14_CR27","unstructured":"Microsoft: Forefront threat management gateway, \n                      http:\/\/www.microsoft.com\/en-us\/server-cloud\/forefront\/threat-management-gateway.aspx"}],"container-title":["Lecture Notes in Computer Science","Data Privacy Management and Autonomous Spontaneous Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-35890-6_14","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,1,25]],"date-time":"2024-01-25T15:23:20Z","timestamp":1706196200000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-35890-6_14"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642358890","9783642358906"],"references-count":27,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-35890-6_14","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}