{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,20]],"date-time":"2026-02-20T18:39:05Z","timestamp":1771612745780,"version":"3.50.1"},"reference-count":28,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2011,3,17]],"date-time":"2011-03-17T00:00:00Z","timestamp":1300320000000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Inf Syst E-Bus Manage"],"published-print":{"date-parts":[[2012,12]]},"DOI":"10.1007\/s10257-011-0171-7","type":"journal-article","created":{"date-parts":[[2011,3,16]],"date-time":"2011-03-16T08:25:15Z","timestamp":1300263915000},"page":"491-519","source":"Crossref","is-referenced-by-count":18,"title":["Behavioral analysis of botnets for threat intelligence"],"prefix":"10.1007","volume":"10","author":[{"given":"Alper","family":"Caglayan","sequence":"first","affiliation":[]},{"given":"Mike","family":"Toothaker","sequence":"additional","affiliation":[]},{"given":"Dan","family":"Drapeau","sequence":"additional","affiliation":[]},{"given":"Dustin","family":"Burke","sequence":"additional","affiliation":[]},{"given":"Gerry","family":"Eaton","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2011,3,17]]},"reference":[{"key":"171_CR1","unstructured":"Anti-Phishing Working Group (APWG) (2009) An APWG industry advisory\u2014global phishing survey: trends and domain name use in 1H2009, October 2009"},{"key":"171_CR2","unstructured":"Caglayan A, Toothaker M (2010) FastFluxMonitor vs. Darknet traffic, SIE Workshop, 3 October 2010. Atlanta, GA"},{"key":"171_CR3","doi-asserted-by":"crossref","unstructured":"Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2009) Behavioral analysis of fast-flux service networks. Cyber security and information intelligence research workshop (CSIIRW-09), 13\u201315 April 2009, Oak Ridge, TN","DOI":"10.1145\/1558607.1558662"},{"key":"171_CR4","doi-asserted-by":"crossref","unstructured":"Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2009) Real-time detection and classification of fast-flux service networks. Cybersecurity Applications and Technology Conference for Homeland Security (CATCH), 3\u20134 March 2009, Washington, DC","DOI":"10.1109\/CATCH.2009.44"},{"key":"171_CR5","doi-asserted-by":"crossref","unstructured":"Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton G (2010) Behavioral patterns of fast-flux service networks. Hawaii international conference on system sciences (HICSS-43) cyber security and information intelligence research Minitrack. Koloa, Kauai, Hawaii, 5\u20138 Jan 2010","DOI":"10.1109\/HICSS.2010.81"},{"key":"171_CR6","unstructured":"Cox A, Golomb G (2010) The Kneber botnet. NetWitness Corporation, Herndon, VA, 17 Feb 2010"},{"key":"171_CR7","unstructured":"Caglayan A, Toothaker M, Drapeau D, Burke D, Eaton, G (2010) Guilt-by-association based discovery of botnet footprints NATO research and technology organization workshop on information security and defense. Antalya, Turkey, 26\u201330 Apr"},{"key":"171_CR111","unstructured":"Gartner (2010) Gartner survey shows phishing attacks escalated in 2007; more than $3 billion lost to these attacks. Available at: http:\/\/www.gartner.com\/it\/page.jsp?id=565125 , accessed 3 Mar 2011"},{"key":"171_CR8","unstructured":"Holz T, Gorecki C, Rieck C, Freiling F (2008) Measuring and detecting fast-flux service networks. Presented at NDSS Symposium"},{"key":"171_CR9","unstructured":"ICANN (2008) GNSO issues report on fast-flux hosting, March 2008"},{"key":"171_CR10","unstructured":"ICANN (2008) Security and stability advisory committee. SAC 025: SSA advisory on fast-flux hosting and DNS, March 2008"},{"key":"171_CR11","unstructured":"ICANN Situation Awareness Note 2009-10-06"},{"key":"171_CR12","unstructured":"iDefense (2008) An iDefense topical research report: 2009 cyber threats and trends. 12 Dec 2008"},{"key":"171_CR13","doi-asserted-by":"crossref","unstructured":"Kanich C, Kreibich C, Levchenko K, Enright B, Voelker G, Paxson V, Savage S (2008) Spamalytics: an empirical analysis of spam marketing conversion. In: Proceedings of 15th ACM conference on computer and communication security","DOI":"10.1145\/1455770.1455774"},{"key":"171_CR14","doi-asserted-by":"crossref","unstructured":"Konte M, Feamster N, Jung J (2009) Dynamics of online scam hosting infrastructure. Proceedings of passive and active measurement conference (PAM), Seoul, Korea, April 2009","DOI":"10.1007\/978-3-642-00975-4_22"},{"key":"171_CR16","doi-asserted-by":"crossref","unstructured":"Liu J, Xiao Y, Ghaboosi K, Deng H, Zhang J (2009) Botnet: classification, attacks, detection, tracing, and preventive measures. EURASIP J Wirel Commun Netw 9 (February 2009)","DOI":"10.1155\/2009\/692654"},{"key":"171_CR17","unstructured":"McGrath DK, Gupta M (2008) Behind phishing: an examination of phisher modi operandi. In: Proceedings of the USENIX workshop on large-scale exploits and emergent threats"},{"key":"171_CR18","doi-asserted-by":"crossref","unstructured":"McGrath DK, Kalafut A, Gupta M (2009) Phishing infrastructure fluxes all the way. IEEE Security and Privacy Magazine Special Issue on Securing the Domain Name System, September\/October 2009","DOI":"10.1109\/MSP.2009.130"},{"key":"171_CR19","doi-asserted-by":"crossref","unstructured":"Moore T, Clayton R (2007) Examining the impact of website take-down on phishing. In: Proceedings of anti-phishing working group ecrime researcher\u2019s summit (APWG eCrime), ACM","DOI":"10.1145\/1299015.1299016"},{"key":"171_CR20","unstructured":"Namestnikov Y (2009) The economics of botnets, Kapersky Labs"},{"key":"171_CR21","unstructured":"National Research Council of the National Academies (2009) Technology, policy, law, and ethics regarding U.S. acquisition and use of cyberattack capabilities. Oct 2009, pp 117\u2013121 (154\u2013155, 230\u2013231)"},{"key":"171_CR22","doi-asserted-by":"crossref","unstructured":"Passerini E, Paleari R, Martignoni L, Bruschi D (2008) FluXOR: detecting and monitoring fast-flux service networks. Detection of intrusions and malware, and vulnerability assessment, pp 186\u2013206","DOI":"10.1007\/978-3-540-70542-0_10"},{"key":"171_CR23","unstructured":"Ramachandran A, Feamster N, Dagon D (2006) Revealing botnet membership using DNSBL counter-intelligence. In: USENIX 2nd workshop on steps to reducing unwanted traffic on the internet (SRUTI \u201806), July 2006"},{"key":"171_CR24","unstructured":"Stamos A (2010) Aurora response recommendations, iSEC Partners, 17 Feb 2010"},{"key":"171_CR100","unstructured":"Tufte ER (2006) Beautiful Evidence. Graphics Press, Cheshire"},{"key":"171_CR25","unstructured":"WOMBAT (Worldwide Observatory of Malicious Behaviors and Attack Threats) (2010) D15 (D4.5) intermediate report on contextual features. Eur Commun Seventh Frame Prog, 13, 32 (9 Feb 2010)"},{"key":"171_CR26","first-page":"129","volume-title":"DIMVA 2007. LNCS, vol. 4579","author":"B Zdrnja","year":"2007","unstructured":"Zdrnja B, Brownlee N, Wessels D (2007) Passive monitoring of DNS anomalies. In: Hammerli BM, Sommer R (eds) DIMVA 2007. LNCS, vol. 4579. Springer, Heidelberg, pp 129\u2013139"},{"key":"171_CR27","doi-asserted-by":"crossref","unstructured":"Zhou CV, Leckie C, Karunasekera S (2009) Collaborative detection of fast flux phishing domains. J Netw 4(1)","DOI":"10.4304\/jnw.4.1.75-84"}],"container-title":["Information Systems and e-Business Management"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-011-0171-7.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s10257-011-0171-7\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s10257-011-0171-7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,9]],"date-time":"2019-06-09T04:32:22Z","timestamp":1560054742000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s10257-011-0171-7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,3,17]]},"references-count":28,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2012,12]]}},"alternative-id":["171"],"URL":"https:\/\/doi.org\/10.1007\/s10257-011-0171-7","relation":{},"ISSN":["1617-9846","1617-9854"],"issn-type":[{"value":"1617-9846","type":"print"},{"value":"1617-9854","type":"electronic"}],"subject":[],"published":{"date-parts":[[2011,3,17]]}}}