{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2022,4,29]],"date-time":"2022-04-29T17:47:54Z","timestamp":1651254474047},"reference-count":36,"publisher":"Springer Science and Business Media LLC","issue":"4","license":[{"start":{"date-parts":[[2014,10,19]],"date-time":"2014-10-19T00:00:00Z","timestamp":1413676800000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["J Comput Virol Hack Tech"],"published-print":{"date-parts":[[2015,11]]},"DOI":"10.1007\/s11416-014-0228-5","type":"journal-article","created":{"date-parts":[[2014,10,18]],"date-time":"2014-10-18T10:35:10Z","timestamp":1413628510000},"page":"217-233","update-policy":"http:\/\/dx.doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Behavioral fine-grained detection and classification of P2P bots"],"prefix":"10.1007","volume":"11","author":[{"given":"Nizar","family":"Kheir","sequence":"first","affiliation":[]},{"given":"Xiao","family":"Han","sequence":"additional","affiliation":[]},{"given":"Chirine","family":"Wolley","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2014,10,19]]},"reference":[{"key":"228_CR1","unstructured":"Ollmann, G.: Botnet communication topologies: understanding the intricacies of botnet command-and-control. In: Damballa White Paper (2009)"},{"key":"228_CR2","unstructured":"Kapoor, A., Mathur, R.: Predicting the future of stealth attacks. In: Virus Bulletin, McAfee (2011)"},{"key":"228_CR3","doi-asserted-by":"crossref","unstructured":"Karagiannis, T., Broido, A., Brownlee, N., Claffy, K., Faloutsos, M.: Is p2p dying or just hiding? In: IEEE GLOBECOM, vol. 3, pp. 1532\u20131538 (2004)","DOI":"10.1109\/GLOCOM.2004.1378239"},{"key":"228_CR4","doi-asserted-by":"crossref","unstructured":"O\u2019Kane, P., Sezer, S., McLaughlin, K.: Obfuscation: the hidden malware. In: IEEE Security and Privacy, pp. 41\u201347 (2011)","DOI":"10.1109\/MSP.2011.98"},{"key":"228_CR5","doi-asserted-by":"crossref","unstructured":"Perdisci, R., Dagon, D., Lee, W., Fogla, P., Sharif, M.: Misleading worm signature generators using deliberate noise injection. In: Proc. SSP (2006)","DOI":"10.1109\/SP.2006.26"},{"key":"228_CR6","unstructured":"Trusteer. No silver bullet: 8 ways malware defeats strong security controls. Whitepaper accessible on http:\/\/www.trusteer.com\/resources\/white-papers (2012)"},{"key":"228_CR7","doi-asserted-by":"crossref","unstructured":"Rossowz, C., Andriessez, D., Werner, T., Stone-Grossy, B., Plohmannx, D., Dietrich, C.J., Bos, H.: Sok: P2pwned\u2014modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE Symposium on Security and Privacy (SSP) (2013)","DOI":"10.1109\/SP.2013.17"},{"key":"228_CR8","unstructured":"Grizzard, J.B., Sharma, V., Nunnery, C., Kang, B.B.: Peer-to-peer botnets: overview and case study. In: Proceedings of USENIX HotBots (2007)"},{"key":"228_CR9","unstructured":"Aberer, K., Hauswirth, M.: An overview on peer-to-peer information systems. In: Proceedings of the 4th Workshop on Distributed Data and Structures (2002)"},{"key":"228_CR10","doi-asserted-by":"crossref","unstructured":"Krishnamurthy, B., Wang, J.: Traffic classification for application specific peering. In: Proceedings of the 2nd SIGCOMM Workshop on Internet measurment, pp. 179\u2013180 (2002)","DOI":"10.1145\/637201.637229"},{"key":"228_CR11","doi-asserted-by":"crossref","unstructured":"Dittrich, D., Dietrich, S.: P2p as botnet command and control: a deeper insight. In: Proceedings of the 3rd International Conference On Malicious and Unwanted Software (2008)","DOI":"10.1109\/MALWARE.2008.4690856"},{"key":"228_CR12","doi-asserted-by":"crossref","unstructured":"Stutzbach, D., Rejaie, R.: Understanding churn in peer-to-peer networks. In: Proceedings of ACM SigComm Internet Measurement Conference (2006)","DOI":"10.1145\/1177080.1177105"},{"key":"228_CR13","unstructured":"Nagaraja, S., Mittal, P., Hong, C.-Y., Caesar, M., Borisov, N.: Botgrep: finding p2p bots with structured graph analysis. In: Proceedings of the 19th USENIX Security (2010)"},{"key":"228_CR14","unstructured":"Wu, C.-C., Chen, K.-T., Chang, Y.-C., Lei, C.-L.: Detecting peer-to-peer activity by signaling packet counting. In: Proceedings of ACM SIGCOMM (2008)"},{"key":"228_CR15","unstructured":"Karagiannis, T., Broido, A., Brownlee, N., Claffy, k, Faloutsos, M.: File-sharing in the internet: a characterization of p2p traffic in the backbone. In: UC Riverside Technical Report (2003)"},{"key":"228_CR16","unstructured":"Bilge, L., Kirda, E., Kruegel, C., Balduzzi, M.: Exposure: finding malicious domains using passive dns analysis. In: Proceedings of the 18th Network and Distributed System Security Symposium (NDSS) (2011)"},{"key":"228_CR17","doi-asserted-by":"crossref","unstructured":"Bilge, L., Balzarotti, D., Robertson, W., Kirda, E., Kruegel, C.: DISCLOSURE: detecting Botnet command and control servers through large-scale NetFlow analysis. In: Proceedings of the 28th Annual Computer Security Applications Conference Network and Distributed System (ACSAC) (2012)","DOI":"10.1145\/2420950.2420969"},{"key":"228_CR18","unstructured":"Antonakakis, M., Perdisci, R., Dagon, D., Lee, W., Feamster, N.: Building a dynamic reputation system for DNS. In: Usenix Security Symposium (2010)"},{"key":"228_CR19","doi-asserted-by":"crossref","unstructured":"Francois, J., Wang, S., State, R., Thomas, E.: Bottrack: tracking botnets using netflow and pagerank. In: IFIP Networking (2011)","DOI":"10.1007\/978-3-642-20757-0_1"},{"key":"228_CR20","unstructured":"Gu, G., Perdisci, R., Zhang, J., Lee, W.: Botminer: Clustering analysis of network traffic for protocol and structure independent botnet detection. In: Proceedings of the IEEE Symposium on Security and Privacy (SSP) (2008)"},{"key":"228_CR21","doi-asserted-by":"crossref","unstructured":"Yen, T.-F., Reiter, M.K.: Are your hosts trading or plotting? Telling p2p file-sharing and bots apart. In: 30th International Conference Distributed Computing Systems (2010)","DOI":"10.1109\/ICDCS.2010.76"},{"key":"228_CR22","doi-asserted-by":"crossref","unstructured":"Zhang, J., Perdisci, R., Lee, W., Sarfraz, U., Luo, X.: Detecting stealthy p2p botnet using statistical traffic fingerprints. In: Proceedings of the 41st DSN (2011)","DOI":"10.1109\/DSN.2011.5958212"},{"key":"228_CR23","doi-asserted-by":"crossref","unstructured":"Rahbarinia, B., Perdisci, R., Lanzi, A., Li, K.: Peerrush: mining for unwanted p2p traffic. In: 10th Conference on Detection of Intrusions and Malware and Vulnerability Assessment, DIMVA (2013)","DOI":"10.1007\/978-3-642-39235-1_4"},{"key":"228_CR24","doi-asserted-by":"crossref","unstructured":"Hu, Y., Chiu, D.-M., Lui, J.C.S.: Profiling and identification of p2p traffic. In: Computer Networks, vol. 53, pp. 849\u2013863 (2009)","DOI":"10.1016\/j.comnet.2008.11.005"},{"key":"228_CR25","doi-asserted-by":"crossref","unstructured":"Claise, B.: Cisco systems netflow services export version 9. RFC 3954 (2004)","DOI":"10.17487\/rfc3954"},{"key":"228_CR26","doi-asserted-by":"crossref","unstructured":"Kheir, N., Wolley, C.: Botsuer: Suing stealthy p2p bots in network traffic through netflow analysis. In: Proceedings of the 12th International Conference on Cryptology and Network Security (CANS) (2013)","DOI":"10.1007\/978-3-319-02937-5_9"},{"key":"228_CR27","doi-asserted-by":"crossref","unstructured":"Kheir, N., Han, X.: Peerviewer: behavioral tracking and classification of p2p malware. In: Proccedings of the 5th international symposium on Cyberspace Safety and Security (CSS) (2013)","DOI":"10.1007\/978-3-319-03584-0_21"},{"key":"228_CR28","unstructured":"Anubis. Analyzing unknown binaries. http:\/\/anubis.iseclab.org (2011)"},{"key":"228_CR29","doi-asserted-by":"crossref","unstructured":"Willems, C., Holz, T., Freiling, F.: Cwsandbox: towards automated dynamic binary analysis. In: IEEE Security and Privacy (2007)","DOI":"10.1109\/MSP.2007.45"},{"key":"228_CR30","doi-asserted-by":"crossref","unstructured":"Davies, D.I., Bouldin, D.W.: A cluster seperation measure. In: IEEE Transactions on Pattern Analysis and Machine Intelligence (1979)","DOI":"10.1109\/TPAMI.1979.4766909"},{"key":"228_CR31","doi-asserted-by":"crossref","unstructured":"Khan, S.S., Madden, M.G.: A survey of recent trends in one class classification. In: Artificial Intelligence and Cognitive Science, vol. 6206 of LNCS, pp. 188\u2013197 (2010)","DOI":"10.1007\/978-3-642-17080-5_21"},{"key":"228_CR32","doi-asserted-by":"crossref","unstructured":"Little, M.A., McSharry, P.E., Roberts, S.J., Costello, D.A., Moroz, I.M.: Exploiting nonlinear recurrence and fractal scaling properties for voice disorder detection. In: Biomedical Engineering Online, vol. 6 (2007)","DOI":"10.1186\/1475-925X-6-23"},{"key":"228_CR33","doi-asserted-by":"crossref","DOI":"10.1017\/CBO9780511801389","volume-title":"An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods","author":"N Cristianini","year":"2000","unstructured":"Cristianini, N., Shawe-Taylor, J.: An Introduction to Support Vector Machines and Other Kernel-Based Learning Methods. Cambridge University Press, Cambridge (2000)"},{"key":"228_CR34","volume-title":"C4.5: Programs for Machine Learning","author":"JR Quinlan","year":"1993","unstructured":"Quinlan, J.R.: C4.5: Programs for Machine Learning. Morgan Kaufmann Publishers, San Francisco (1993)"},{"key":"228_CR35","unstructured":"Falliere, N.: Sality: story of a peer-to-peer viral network. In: Symantec Security Response Version 1.0 (2011)"},{"key":"228_CR36","doi-asserted-by":"crossref","unstructured":"Neugschwandtner, M., Comparetti, P.M., Platzer, C.: Detecting malware\u2019s failover C&C strategies with squeeze. In: Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC) (2011)","DOI":"10.1145\/2076732.2076736"}],"container-title":["Journal of Computer Virology and Hacking Techniques"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-014-0228-5.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s11416-014-0228-5\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s11416-014-0228-5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,8,16]],"date-time":"2019-08-16T05:56:32Z","timestamp":1565934992000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s11416-014-0228-5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,10,19]]},"references-count":36,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2015,11]]}},"alternative-id":["228"],"URL":"https:\/\/doi.org\/10.1007\/s11416-014-0228-5","relation":{},"ISSN":["2263-8733"],"issn-type":[{"value":"2263-8733","type":"electronic"}],"subject":[],"published":{"date-parts":[[2014,10,19]]}}}