{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,21]],"date-time":"2026-03-21T19:17:06Z","timestamp":1774120626350,"version":"3.50.1"},"publisher-location":"Berlin, Heidelberg","reference-count":49,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642392344","type":"print"},{"value":"9783642392351","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-39235-1_1","type":"book-chapter","created":{"date-parts":[[2013,7,13]],"date-time":"2013-07-13T04:07:36Z","timestamp":1373688456000},"page":"1-20","source":"Crossref","is-referenced-by-count":57,"title":["Driving in the Cloud: An Analysis of Drive-by Download Operations and Abuse Reporting"],"prefix":"10.1007","author":[{"given":"Antonio","family":"Nappa","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"M. Zubair","family":"Rafique","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Juan","family":"Caballero","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"1_CR1","unstructured":"Anderson, D.S., Fleizach, C., Savage, S., Voelker, G.M.: Spamscatter: Characterizing internet scam hosting infrastructure. In: USENIX Security (2007)"},{"key":"1_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/978-3-540-74320-0_10","volume-title":"Recent Advances in Intrusion Detection","author":"M. Bailey","year":"2007","unstructured":"Bailey, M., Oberheide, J., Andersen, J., Mao, Z.M., Jahanian, F., Nazario, J.: Automated classification and analysis of internet malware. In: Kruegel, C., Lippmann, R., Clark, A. (eds.) RAID 2007. LNCS, vol.\u00a04637, pp. 178\u2013197. Springer, Heidelberg (2007)"},{"key":"1_CR3","unstructured":"Bayer, U., Comparetti, P.M., Hlauschek, C., Kruegel, C., Kirda, E.: Scalable, behavior-based malware clustering. In: NDSS (2009)"},{"key":"1_CR4","doi-asserted-by":"crossref","unstructured":"Grier, C., et al.: Manufacturing compromise: The emergence of exploit-as-a-service. In: CCS (2012)","DOI":"10.1145\/2382196.2382283"},{"key":"1_CR5","unstructured":"Caballero, J., Grier, C., Kreibich, C., Paxson, V.: Measuring pay-per-install: The commoditization of malware distribution. In: USENIX Security (2011)"},{"key":"1_CR6","unstructured":"Caida. As ranking (2012), \n                    \n                      http:\/\/as-rank.caida.org"},{"key":"1_CR7","doi-asserted-by":"crossref","unstructured":"Canali, D., Balzarotti, D., Francillon, A.: The role of web hosting providers in detecting compromised websites. In: WWW (2013)","DOI":"10.1145\/2488388.2488405"},{"key":"1_CR8","unstructured":"Cho, C.Y., Caballero, J., Grier, C., Paxson, V., Song, D.: Insights from the inside: A view of botnet management from infiltration. In: LEET (2010)"},{"key":"1_CR9","doi-asserted-by":"crossref","unstructured":"Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious javascript code. In: WWW (2010)","DOI":"10.1145\/1772690.1772720"},{"key":"1_CR10","doi-asserted-by":"crossref","unstructured":"Crocker, D.: Mailbox names for common services, roles and functions. RFC 2142 (1997)","DOI":"10.17487\/rfc2142"},{"key":"1_CR11","unstructured":"Curtsinger, C., Livshits, B., Zorn, B., Seifert, C.: Zozzle: Low-overhead mostly static javascript malware detection. In: USENIX Security (2011)"},{"key":"1_CR12","doi-asserted-by":"crossref","unstructured":"Daigle, L.: Whois protocol specification. RFC 3912 (2004)","DOI":"10.17487\/rfc3912"},{"key":"1_CR13","unstructured":"Malicia project, \n                    \n                      http:\/\/malicia-project.com\/"},{"key":"1_CR14","doi-asserted-by":"crossref","unstructured":"Dunn, J.C.: Well-separated clusters and optimal fuzzy partitions. Journal of Cybernetics 4(1) (1974)","DOI":"10.1080\/01969727408546059"},{"key":"1_CR15","unstructured":"New dutch notice-and-take-down code raises questions (2008), \n                    \n                      http:\/\/www.edri.org\/book\/export\/html\/1619"},{"key":"1_CR16","doi-asserted-by":"crossref","unstructured":"Falk, J.: Complaint feedback loop operational recommendations. RFC 6449 (2011)","DOI":"10.17487\/rfc6449"},{"key":"1_CR17","doi-asserted-by":"crossref","unstructured":"Falk, J., Kucherawy, M.: Creation and use of email feedback reports: An applicability statement for the abuse reporting format (arf). RFC 6650 (2012)","DOI":"10.17487\/rfc6650"},{"key":"1_CR18","doi-asserted-by":"crossref","unstructured":"Jang, J., Brumley, D., Venkataraman, S.: Bitshred: Feature hashing malware for scalable triage and semantic analysis. In: CCS (2011)","DOI":"10.1145\/2046707.2046742"},{"key":"1_CR19","unstructured":"John, J.P., Moshchuk, A., Gribble, S.D., Krishnamurthy, A.: Studying spamming botnets using Botlab. In: NSDI (2009)"},{"key":"1_CR20","doi-asserted-by":"crossref","unstructured":"Kaufman, L., Rousseeuw, P.J.: Finding Groups in Data: An Introduction to Cluster Analysis, vol.\u00a04. Wiley-Interscience (1990)","DOI":"10.1002\/9780470316801"},{"key":"1_CR21","unstructured":"Krawetz, N.: Average perceptual hash (2011), \n                    \n                      http:\/\/www.hackerfactor.com\/blog\/index.php?\/archives\/432-Looks-Like-It.html"},{"key":"1_CR22","doi-asserted-by":"crossref","unstructured":"Kreibich, C., Weaver, N., Kanich, C., Cui, W., Paxson, V.: GQ: Practical containment for measuring modern malware systems. In: IMC (2011)","DOI":"10.1145\/2068816.2068854"},{"key":"1_CR23","unstructured":"Love vps, \n                    \n                      http:\/\/www.lovevps.com\/"},{"key":"1_CR24","unstructured":"Malware domain list, \n                    \n                      http:\/\/malwaredomainlist.com\/"},{"key":"1_CR25","unstructured":"Morrison, T.: How hosting providers can battle fraudulent sign-ups (2012), \n                    \n                      http:\/\/www.spamhaus.org\/news\/article\/687\/how-hosting-providers-can-battle-fraudulent-sign-ups"},{"key":"1_CR26","unstructured":"Moshchuk, A., Bragin, T., Gribble, S.D., Levy, H.M.: A crawler-based study of spyware on the web. In: NDSS (2006)"},{"key":"1_CR27","unstructured":"Bfk: Passive dns replication, \n                    \n                      http:\/\/www.bfk.de\/bfk_dnslogger.html"},{"key":"1_CR28","unstructured":"Ssdsandbox, \n                    \n                      http:\/\/xml.ssdsandbox.net\/dnslookup-dnsdb"},{"key":"1_CR29","unstructured":"Perdisci, R., Lee, W., Feamster, N.: Behavioral clustering of http-based malware and signature generation using malicious network traces. In: NSDI (2010)"},{"key":"1_CR30","doi-asserted-by":"crossref","unstructured":"Perdisci, R., U, M.: Vamo: Towards a fully automated malware clustering validity analysis. In: ACSAC (2012)","DOI":"10.1145\/2420950.2420999"},{"key":"1_CR31","unstructured":"Polychronakis, M., Mavrommatis, P., Provos, N.: Ghost turns zombie: Exploring the life cycle of web-based malware. In: LEET (2008)"},{"key":"1_CR32","unstructured":"Provos, N., Mavrommatis, P., Rajab, M.A., Monrose, F.: All your iframes point to us. In: USENIX Security (2008)"},{"key":"1_CR33","unstructured":"Provos, N., McNamee, D., Mavrommatis, P., Wang, K., Modadugu, N.: The ghost in the browser: Analysis of Web-based malware. In: HotBots (2007)"},{"key":"1_CR34","unstructured":"Cool exploit kit - a new browser exploit pack, \n                    \n                      http:\/\/malware.dontneedcoffee.com\/2012\/10\/newcoolek.html\/"},{"key":"1_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Holz, T., Willems, C., D\u00fcssel, P., Laskov, P.: Learning and classification of malware behavior. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol.\u00a05137, pp. 108\u2013125. Springer, Heidelberg (2008)"},{"key":"1_CR36","doi-asserted-by":"crossref","unstructured":"Rossow, C., Dietrich, C.J., Bos, H., Cavallaro, L., van Steen, M., Freiling, F.C., Pohlmann, N.: Sandnet: Network traffic analysis of malicious software. In: BADGERS (2011)","DOI":"10.1145\/1978672.1978682"},{"key":"1_CR37","doi-asserted-by":"crossref","unstructured":"Shafranovich, Y., Levine, J., Kucherawy, M.: An extensible format for email feedback reports. RFC 5965, Updated by RFC 6650 (2010)","DOI":"10.17487\/rfc5965"},{"key":"1_CR38","doi-asserted-by":"crossref","unstructured":"Shue, C., Kalafut, A.J., Gupta, M.: Abnormally malicious autonomous systems and their internet connectivity. IEEE\/ACM Transactions of Networking\u00a020(1) (2012)","DOI":"10.1109\/TNET.2011.2157699"},{"key":"1_CR39","unstructured":"The spamhaus project (2012), \n                    \n                      http:\/\/www.spamhaus.org\/"},{"key":"1_CR40","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Christopher, K., Almeroth, K., Moser, A., Kirda, E.: Fire: Finding rogue networks. In: ACSAC (2009)","DOI":"10.1109\/ACSAC.2009.29"},{"key":"1_CR41","unstructured":"urlquery, \n                    \n                      http:\/\/urlquery.net\/"},{"key":"1_CR42","unstructured":"Walls, R.J., Levine, B.N., Liberatore, M., Shields, C.: Effective digital forensics research is investigator-centric. In: HotSec (2011)"},{"key":"1_CR43","unstructured":"Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., King, S.: Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In: NDSS (2006)"},{"key":"1_CR44","unstructured":"Wyke, J.: The zeroaccess botnet: Mining and fraud for massive financial gain (2012), \n                    \n                      http:\/\/www.sophos.com\/en-us\/why-sophos\/our-people\/technical-papers\/zeroaccess-botnet.asp:x"},{"key":"1_CR45","unstructured":"X-arf: Network abuse reporting 2.0, \n                    \n                      http:\/\/x-arf.org\/"},{"key":"1_CR46","unstructured":"Xylitol. Blackhole exploit kits update to v2.0 (2011), \n                    \n                      http:\/\/malware.dontneedcoffee.com\/2012\/09\/blackhole2.0.html"},{"key":"1_CR47","unstructured":"Xylitol. Tracking cyber crime: Hands up affiliate (ransomware) (2011), \n                    \n                      http:\/\/www.xylibox.com\/2011\/12\/tracking-cyber-crime-affiliate.html"},{"key":"1_CR48","unstructured":"Zauner, C.: Implementation and benchmarking of perceptual image hash functions. Master\u2019s thesis, Upper Austria University of Applied Sciences (2010)"},{"key":"1_CR49","doi-asserted-by":"crossref","unstructured":"Zhang, J., Seifert, C., Stokes, J.W., Lee, W.: Arrow: Generating signatures to detect drive-by downloads. In: WWW (2011)","DOI":"10.1145\/1963405.1963435"}],"container-title":["Lecture Notes in Computer Science","Detection of Intrusions and Malware, and Vulnerability Assessment"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-39235-1_1","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,15]],"date-time":"2019-05-15T21:12:37Z","timestamp":1557954757000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-39235-1_1"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642392344","9783642392351"],"references-count":49,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-39235-1_1","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}