{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,7]],"date-time":"2024-09-07T22:34:33Z","timestamp":1725748473725},"publisher-location":"Berlin, Heidelberg","reference-count":23,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642408199"},{"type":"electronic","value":"9783642408205"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-40820-5_30","type":"book-chapter","created":{"date-parts":[[2013,9,12]],"date-time":"2013-09-12T07:19:38Z","timestamp":1378970378000},"page":"356-367","source":"Crossref","is-referenced-by-count":0,"title":["BotInfer: A Bot Inference Approach by Correlating Host and Network Information"],"prefix":"10.1007","author":[{"given":"Yukun","family":"He","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Qiang","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yuede","family":"Ji","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dong","family":"Guo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"30_CR1","doi-asserted-by":"crossref","unstructured":"Park, Y., Reeves, D.S.: Identification of bot commands by run-time execution monitoring. In: 2009 Annual Computer Security Applications Conference, pp. 321\u2013330 (2009)","DOI":"10.1109\/ACSAC.2009.37"},{"key":"30_CR2","doi-asserted-by":"crossref","unstructured":"Stinson, E., Mitchell, J.: Characterizing Bots Remote Control Behavior. In: 4th DIMVA Conference (July 2007)","DOI":"10.1007\/978-3-540-73614-1_6"},{"key":"30_CR3","unstructured":"Liu, L., Chen, S., Yan, G., Zhang, Z.: BotTracer: Execution-Based Bot-Like Malware Detection. In: International Conference on Information Security (2008)"},{"key":"30_CR4","doi-asserted-by":"crossref","unstructured":"Coskun, B., Dietrich, S., Memon, N.: Friends of An Enemy: Identifying Local Members of Peer-to-Peer Botnets Using Mutual Contacts. In: 2010 ACSAC Conference (2010)","DOI":"10.1145\/1920261.1920283"},{"key":"30_CR5","unstructured":"Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: BotGrep: Finding P2P bots with structured graph analysis. In: USENIX Security Conference (August 2010)"},{"key":"30_CR6","unstructured":"Zeng, Y., Hu, X., Shin, K.G.: Detection of Botnets Using Combined Host- and Network-Level Information. In: DSN (2010)"},{"key":"30_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"97","DOI":"10.1007\/978-3-540-85886-7_7","volume-title":"Information Security","author":"L. Liu","year":"2008","unstructured":"Liu, L., Chen, S., Yan, G., Zhang, Z.: BotTracer: Execution-Based Bot-Like Malware Detection. In: Wu, T.-C., Lei, C.-L., Rijmen, V., Lee, D.-T. (eds.) ISC 2008. LNCS, vol.\u00a05222, pp. 97\u2013113. Springer, Heidelberg (2008)"},{"key":"30_CR8","unstructured":"Jacob, G., Hund, R., Kruegel, C., Holz, T.: JACKSTRAWS: Picking Command and Control Connections from Bot Traffic. In: USENIX Security Symposium (2011)"},{"key":"30_CR9","doi-asserted-by":"crossref","unstructured":"Rieck, K., Trinius, P., Willems, C.: Automatic analysis of malware behavior using machine learning. Journal of Computer Security\u00a019(4) (2011)","DOI":"10.3233\/JCS-2010-0410"},{"key":"30_CR10","unstructured":"Karbalaie, F., Sami, A., Ahmadi, M.: Semantic Malware Detection by Deploying Graph Mining. International Journal of Computer Science Issues\u00a09(1(3)) (2012)"},{"key":"30_CR11","doi-asserted-by":"crossref","unstructured":"Tegeler, F., Fu, X., Vigna, G., Kruegel, C.: BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection. In: CoNEXT (2012)","DOI":"10.1145\/2413176.2413217"},{"key":"30_CR12","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W.: DISCLOSURE: Detecting Botnet Command and Control Servers Through Large-Scale NetFlow Analysis. ACM (2012)","DOI":"10.1145\/2420950.2420969"},{"key":"30_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-20757-0_1","volume-title":"NETWORKING 2011","author":"J. Fran\u00e7ois","year":"2011","unstructured":"Fran\u00e7ois, J., Wang, S., State, R., Engel, T.: Bottrack: Tracking Botnets Using Netflow and Pagerank. In: Domingo-Pascual, J., Manzoni, P., Palazzo, S., Pont, A., Scoglio, C. (eds.) NETWORKING 2011, Part I. LNCS, vol.\u00a06640, pp. 1\u201314. Springer, Heidelberg (2011)"},{"key":"30_CR14","unstructured":"Gu, G.: Correlation-based Botnet Detection in Enterprise Networks. Doctor Thesis, GIT (2008)"},{"key":"30_CR15","doi-asserted-by":"crossref","unstructured":"Park, Y.H., Zhang, Q., Douglas, S., Reeves, D.: AntiBot: Clustering Common Semantic Patterns for Bot Detection. In: COMPSAC (2010)","DOI":"10.1109\/COMPSAC.2010.33"},{"key":"30_CR16","unstructured":"Kwon, T., Su, Z.: Modeling High-Level Behavior Patterns for Precise Similarity analysis of Software. Technical Reports, University of California, CSE-2010-16 (2010)"},{"key":"30_CR17","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"166","DOI":"10.1007\/978-3-642-18178-8_15","volume-title":"Information Security","author":"X. Wang","year":"2011","unstructured":"Wang, X., Jiang, X.: Artificial Malware Immunization based on Dynamically Assigned Sense of Self. In: Burmester, M., Tsudik, G., Magliveras, S., Ili\u0107, I. (eds.) ISC 2010. LNCS, vol.\u00a06531, pp. 166\u2013180. Springer, Heidelberg (2011)"},{"issue":"2-3","key":"30_CR18","first-page":"107","volume":"17","author":"M. Halkidi","year":"2001","unstructured":"Halkidi, M., Batistakis, Y., Vazirgiannis, M.: On Clustering Validation Techniques. JIIS\u00a017(2-3), 107\u2013145 (2001)","journal-title":"JIIS"},{"key":"30_CR19","unstructured":"NetFlow probes: fprobe and fprobe-ulog, \n                    \n                      http:\/\/fprobe.sourceforge.net\/"},{"key":"30_CR20","unstructured":"flow-tools, \n                    \n                      http:\/\/www.splintered.net\/sw\/flow-tools\/docs\/flow-tools.html"},{"key":"30_CR21","unstructured":"Safe Browsing API - Google Developers, \n                    \n                      https:\/\/developers.google.com\/safe-browsing\/"},{"key":"30_CR22","unstructured":"Alexa Top 500 Global Sites, \n                    \n                      http:\/\/www.alexa.com\/topsites"},{"key":"30_CR23","unstructured":"R: Hierarchical Clustering, \n                    \n                      http:\/\/stat.ethz.ch\/R-manual\/R-patched\/library\/stats\/html\/hclust.html"}],"container-title":["Lecture Notes in Computer Science","Network and Parallel Computing"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-40820-5_30","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,5,17]],"date-time":"2019-05-17T02:37:35Z","timestamp":1558060655000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-40820-5_30"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642408199","9783642408205"],"references-count":23,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-40820-5_30","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]}}}