{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T16:10:36Z","timestamp":1770221436451,"version":"3.49.0"},"publisher-location":"Berlin, Heidelberg","reference-count":36,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"value":"9783642412837","type":"print"},{"value":"9783642412844","type":"electronic"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-41284-4_20","type":"book-chapter","created":{"date-parts":[[2013,10,22]],"date-time":"2013-10-22T17:35:11Z","timestamp":1382463311000},"page":"390-410","source":"Crossref","is-referenced-by-count":14,"title":["Connected Colors: Unveiling the Structure of Criminal Networks"],"prefix":"10.1007","author":[{"given":"Yacin","family":"Nadji","sequence":"first","affiliation":[]},{"given":"Manos","family":"Antonakakis","sequence":"additional","affiliation":[]},{"given":"Roberto","family":"Perdisci","sequence":"additional","affiliation":[]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[]}],"member":"297","reference":[{"key":"20_CR1","doi-asserted-by":"crossref","unstructured":"Abu Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: A multifaceted approach to understanding the botnet phenomenon. In: Proceedings of the 6th ACM SIGCOMM Conference on Internet Measurement, pp. 41\u201352 (2006)","DOI":"10.1145\/1177080.1177086"},{"key":"20_CR2","doi-asserted-by":"crossref","unstructured":"Bastian, M., Heymann, S., Jacomy, M.: Gephi: An Open Source Software for Exploring and Manipulating Networks. In: International AAAI Conference on Weblogs and Social Media (2009)","DOI":"10.1609\/icwsm.v3i1.13937"},{"key":"20_CR3","unstructured":"T.\u00a0Bates, P.\u00a0Smith, and G.\u00a0Huston. CIDR report bogons"},{"key":"20_CR4","doi-asserted-by":"crossref","unstructured":"Blondel, V., Guillaume, J.L., Lambiotte, R., Lefebvre, E.: Fast unfolding of communities in large networks. Journal of Statistical Mechanics: Theory and Experiment (2008)","DOI":"10.1088\/1742-5468\/2008\/10\/P10008"},{"key":"20_CR5","doi-asserted-by":"crossref","unstructured":"Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. In: Proceedings of the Seventh International Conference on World Wide Web 7, WWW7, pp. 107\u2013117. Elsevier Science Publishers B. V., Amsterdam (1998)","DOI":"10.1016\/S0169-7552(98)00110-X"},{"key":"20_CR6","unstructured":"Caballero, J., Grier, C., Kreibich, C.: Measuring Pay-per-Install: The Commoditization of Malware Distribution. In: Proceedings of the USENIX Security Symposium (2011)"},{"key":"20_CR7","unstructured":"Cho, C., Caballero, J., Grier, C.: Insights from the inside: A view of botnet management from infiltration. In: Proceedings of the USENIX Workshop on Large-Scale Exploits and Emergent Threats, LEET (2010)"},{"key":"20_CR8","doi-asserted-by":"crossref","unstructured":"Christin, N., Yanagihara, S.S., Kamataki, K.: Dissecting one click frauds. In: Proceedings of the 17th ACM Conference on Computer and Communiations Security, CCS (2010)","DOI":"10.1145\/1866307.1866310"},{"key":"20_CR9","doi-asserted-by":"crossref","unstructured":"Collins, M., Shimeall, T., Faber, S., Janies, J., Weaver, R., Shon, M.D.: Predicting future botnet addresses with uncleanliness. In: Proc. of IMC, CERT Network Situational Awareness Group (2007)","DOI":"10.21236\/ADA633445"},{"key":"20_CR10","unstructured":"Correa, A.D.: Malware patrol"},{"key":"20_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"442","DOI":"10.1007\/978-3-642-15512-3_23","volume-title":"Recent Advances in Intrusion Detection","author":"M. Cova","year":"2010","unstructured":"Cova, M., Leita, C., Thonnard, O., Keromytis, A.D., Dacier, M.: An analysis of rogue AV campaigns. In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol.\u00a06307, pp. 442\u2013463. Springer, Heidelberg (2010)"},{"key":"20_CR12","unstructured":"dn1nj4. RBN \u201dRizing\u201d. Technical report, Shadowserver.org (2008)"},{"key":"20_CR13","unstructured":"DNS-BH. Malware prevention through DNS redirection"},{"key":"20_CR14","unstructured":"dnsbl.abuse.ch. dnsbl.abuse.ch"},{"key":"20_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1007\/978-3-642-04444-1_1","volume-title":"Computer Security \u2013 ESORICS 2009","author":"T. Holz","year":"2009","unstructured":"Holz, T., Engelberth, M., Freiling, F.: Learning more about the underground economy: A case-study of keyloggers and dropzones. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol.\u00a05789, pp. 1\u201318. Springer, Heidelberg (2009)"},{"key":"20_CR16","unstructured":"Internet Systems Consortium. Security Information Exchange Portal"},{"key":"20_CR17","unstructured":"Konte, M., Feamster, N., Jung, J.: Fast flux service networks: Dynamics and roles in hosting online scams. Technical report (2008)"},{"key":"20_CR18","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"219","DOI":"10.1007\/978-3-642-00975-4_22","volume-title":"Passive and Active Network Measurement","author":"M. Konte","year":"2009","unstructured":"Konte, M., Feamster, N., Jung, J.: Dynamics of online scam hosting infrastructure. In: Moon, S.B., Teixeira, R., Uhlig, S. (eds.) PAM 2009. LNCS, vol.\u00a05448, pp. 219\u2013228. Springer, Heidelberg (2009)"},{"key":"20_CR19","unstructured":"Leontiadis, N., Moore, T., Christin, N.: Measuring and analyzing search-redirection attacks in the illicit online prescription drug trade. In: Proceedings of the USENIX Security Symposium (August 2011)"},{"key":"20_CR20","doi-asserted-by":"crossref","unstructured":"Lu, L., Yegneswaran, V., Porras, P., Lee, W.: BLADE: an attack-agnostic approach for preventing drive-by malware infections. In: Proceedings of the 17th ACM Conference on Computer and Communiations Security, CCS 2010. Georgia Tech, SRI International (2010)","DOI":"10.1145\/1866307.1866356"},{"key":"20_CR21","unstructured":"Malc0de. Malc0de DNS blacklist"},{"key":"20_CR22","unstructured":"Malware Domain List. Malware domain list."},{"key":"20_CR23","unstructured":"McCoy, D., Pitsillidis, A., Jordan, G., Weaver, N., Kreibich, C., Krebs, B., Voelker, G.M., Savage, S., Levchenko, K.: Pharmaleaks: Understanding the business of online pharmaceutical affiliate programs. In: 21st Usenix Security Symposium, USENIX 2012 (2012)"},{"key":"20_CR24","unstructured":"McMillan, R.: After takedown, botnet-linked ISP Troyak resurfaces (2010)"},{"key":"20_CR25","doi-asserted-by":"crossref","unstructured":"Nagaraja, S., Anderson, R.: The topology of covert conflict. In: Workshop on the Economics of Information Security, WEIS (2006)","DOI":"10.1007\/978-3-540-77156-2_41"},{"key":"20_CR26","first-page":"7","volume-title":"Proceedings of the 19th USENIX Conference on Security, USENIX Security 2010","author":"S. Nagaraja","year":"2010","unstructured":"Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: Botgrep: finding p2p bots with structured graph analysis. In: Proceedings of the 19th USENIX Conference on Security, USENIX Security 2010, p. 7. USENIX Association, Berkeley (2010)"},{"key":"20_CR27","unstructured":"Newman, M.: Networks: An Introduction, 1st edn. Oxford University Press (May 2010)"},{"key":"20_CR28","doi-asserted-by":"crossref","unstructured":"Roveta, F., Mario, L.D., Maggi, F., Caviglia, G., Zanero, S., Ciuccarelli, P.: BURN: Baring Unknown Rogue Networks. In: VizSec. Politecnico di Milano (2011)","DOI":"10.1145\/2016904.2016910"},{"key":"20_CR29","unstructured":"Snort Labs. Snort DNS\/IP\/URL lists"},{"key":"20_CR30","unstructured":"SpamHaus. drop.lasso"},{"key":"20_CR31","unstructured":"SpyEye Tracker. SpyEye tracker"},{"key":"20_CR32","doi-asserted-by":"crossref","unstructured":"Stone-Gross, B., Kruegel, C., Almeroth, K., Moser, A., Kirda, E.: Fire: Finding rogue networks. In: ACSAC. UCSB, Technical University Vienna, Eurocom (2009)","DOI":"10.1109\/ACSAC.2009.29"},{"key":"20_CR33","unstructured":"Stranger, P., McQuaid, J., Burn, S., Glosser, D., Freezel, G., Thompson, B., Rogofsky, W.: Top 50 Bad Hosts and Networks. Tech Report"},{"key":"20_CR34","unstructured":"Team Cymru. Bogons"},{"key":"20_CR35","unstructured":"Weimer, F.: Passive DNS replication. In: 17th Annual FIRST Conference on Computer Security Incidents (2005)"},{"key":"20_CR36","unstructured":"West, D.B.: Introduction to Graph Theory, 2nd edn. Prentice Hall (2000)"}],"container-title":["Lecture Notes in Computer Science","Research in Attacks, Intrusions, and Defenses"],"original-title":[],"link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-41284-4_20","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,7,5]],"date-time":"2023-07-05T13:37:45Z","timestamp":1688564265000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-642-41284-4_20"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642412837","9783642412844"],"references-count":36,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-41284-4_20","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"value":"0302-9743","type":"print"},{"value":"1611-3349","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013]]}}}