{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:41:59Z","timestamp":1759092119341,"version":"3.28.0"},"reference-count":38,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2018,5]]},"DOI":"10.1109\/ecrime.2018.8376209","type":"proceedings-article","created":{"date-parts":[[2018,6,11]],"date-time":"2018-06-11T23:19:16Z","timestamp":1528759156000},"page":"1-13","source":"Crossref","is-referenced-by-count":25,"title":["MalClassifier: Malware family classification using network flow sequence behaviour"],"prefix":"10.1109","author":[{"given":"Bushra A.","family":"AlAhmadi","sequence":"first","affiliation":[]},{"given":"Ivan","family":"Martinovic","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1145\/2517312.2517316"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2013.07.106"},{"key":"ref32","first-page":"1","article-title":"Towards systematic evaluation of the evadability of bot\/botnet detection methods","volume":"8","author":"stinson","year":"2008","journal-title":"WOOT"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/1143844.1143951"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.5220\/0001863603170320"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/0169-7439(87)80084-9"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413217"},{"journal-title":"Internet Security Threat Report","year":"2016","key":"ref35"},{"journal-title":"Tech Rep","article-title":"Adaptive Behavior-Based Malware Protection","year":"0","key":"ref34"},{"key":"ref10","first-page":"139","article-title":"Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection","volume":"5","author":"gu","year":"2008","journal-title":"USENIX Security Symposium"},{"key":"ref11","first-page":"1","article-title":"Bothunter: Detecting malware infection through ids-driven dialog correlation","volume":"7","author":"gu","year":"2007","journal-title":"Usenix Security"},{"journal-title":"Botsniffer Detecting Botnet Command and Control Channels in Network Traffic","year":"2008","author":"gu","key":"ref12"},{"journal-title":"A closer look at the angler exploit kit","year":"2015","author":"howard","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/1014052.1014105"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1504\/IJKESDP.2009.021985"},{"key":"ref16","first-page":"707","article-title":"Binary codes capable of correcting deletions, insertions and reversals","volume":"10","author":"levenshtein","year":"1966","journal-title":"Soviet Physics Doklady"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346820"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997496"},{"key":"ref19","article-title":"Soc-as-a-service for midmarket and small enterprise organizations","author":"oltsik","year":"2015","journal-title":"The Enterprise Strategy Group Tech Rep"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2010-0410"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2015.7357464"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774506"},{"key":"ref3","first-page":"8","article-title":"Scalable, behavior-based malware clustering","volume":"9","author":"bayer","year":"2009","journal-title":"NDSS"},{"key":"ref6","first-page":"61","article-title":"Classification of malware using structured control flow","volume":"107","author":"cesare","year":"2010","journal-title":"Proceedings of the Eighth Australasian Symposium on Parallel and Distributed Computing"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978682"},{"key":"ref5","first-page":"129","article-title":"Disclo-sure: detecting botnet command and control servers through large-scale netflow analysis","author":"bilge","year":"2012","journal-title":"Proceedings of the 28th Annual Computer Security Applications Conference"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.4236\/jis.2014.52006"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_10"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1002\/sec.800"},{"key":"ref1","article-title":"Soni-fication in security operations centres: what do security practitioners think?","author":"axon","year":"2018","journal-title":"The Internet Society"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1852666.1852716"},{"key":"ref22","first-page":"391","article-title":"Behavioral clustering of http-based malware and signature generation using malicious network traces","author":"perdisci","year":"2010","journal-title":"NSDI"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2576768.2598238"},{"key":"ref23","first-page":"144","article-title":"Firma: Malware clustering and network signature generation with mixed network behaviors","author":"rafique","year":"2013","journal-title":"International Workshop on Recent Advances in Intrusion Detection"},{"key":"ref26","doi-asserted-by":"crossref","first-page":"108","DOI":"10.1007\/978-3-540-70542-0_6","author":"rieck","year":"2008","journal-title":"Detection of Intrusions and Malware and Vulnerability Assessment"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-006-0027-8"}],"event":{"name":"2018 APWG Symposium on Electronic Crime Research (eCrime)","start":{"date-parts":[[2018,5,15]]},"location":"San Diego, CA","end":{"date-parts":[[2018,5,17]]}},"container-title":["2018 APWG Symposium on Electronic Crime Research (eCrime)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8372143\/8376205\/08376209.pdf?arnumber=8376209","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T05:42:07Z","timestamp":1643175727000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/8376209\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5]]},"references-count":38,"URL":"https:\/\/doi.org\/10.1109\/ecrime.2018.8376209","relation":{},"subject":[],"published":{"date-parts":[[2018,5]]}}}