{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,24]],"date-time":"2026-02-24T07:02:42Z","timestamp":1771916562442,"version":"3.50.1"},"reference-count":41,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2017,5]]},"DOI":"10.1109\/infocom.2017.8057064","type":"proceedings-article","created":{"date-parts":[[2017,10,5]],"date-time":"2017-10-05T20:28:21Z","timestamp":1507235301000},"page":"1-9","source":"Crossref","is-referenced-by-count":14,"title":["Botnet protocol inference in the presence of encrypted traffic"],"prefix":"10.1109","author":[{"given":"Lorenzo","family":"De Carli","sequence":"first","affiliation":[]},{"given":"Ruben","family":"Torres","sequence":"additional","affiliation":[]},{"given":"Gaspar","family":"Modelo-Howard","sequence":"additional","affiliation":[]},{"given":"Alok","family":"Tongaonkar","sequence":"additional","affiliation":[]},{"given":"Somesh","family":"Jha","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","article-title":"Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces","author":"perdisci","year":"2010","journal-title":"NSDI"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"ref33","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653737"},{"key":"ref32","article-title":"Automatic Network Protocol Analysis","author":"wondracek","year":"2008","journal-title":"NDSS"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.2005.49"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866355"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.06.019"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774506"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2009.14"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04444-1_13"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1017\/CBO9781107341005"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23218"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/SFFCS.1999.814634"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714639"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/IFIPNetworking.2015.7145307"},{"key":"ref14","article-title":"Detecting Subverted Cryptographic Protocols by Entropy Checking","author":"goubault-larrecq","year":"2006","journal-title":"ENS-Cachan Tech Rep LSV-06–13"},{"key":"ref15","article-title":"Discoverer: Automatic protocol reverse engineering from network traces","author":"cui","year":"2007","journal-title":"USENIX"},{"key":"ref16","author":"beddoe","year":"2004","journal-title":"Network Protocol Analysis Using Bioinformatics Algorithms"},{"key":"ref17","article-title":"Sality: Story of a peer-to-peer viral network","author":"falliere","year":"2011","journal-title":"Symantec Tech Rep"},{"key":"ref18","article-title":"W.32 Ramnit Analysis","year":"2015","journal-title":"Symantec Tech Rep"},{"key":"ref19","year":"0","journal-title":"Europol cracks down on botnet | Ars Technica"},{"key":"ref28","author":"chen","year":"2012","journal-title":"Virus Bulletin Ramnit bot"},{"key":"ref4","author":"mitchell","year":"1996","journal-title":"Foundations of Programming Languages"},{"key":"ref27","year":"2016","journal-title":"M57-Patents Scenario"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39235-1_2"},{"key":"ref6","article-title":"The ZeroAccess Botnet — Mining and Fraud for Massive Financial Gain","author":"wyke","year":"2012","journal-title":"Sophos Tech Rep Sen"},{"key":"ref29","article-title":"Malware analysis report — botnet: ZeroAccess\/Sirefef","author":"mcnamee","year":"2014","journal-title":"Kindsight Tech Rep"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382217"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-24861-0_13"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1016\/0022-2836(70)90057-4"},{"key":"ref2","article-title":"Safeguarding The Internet: Level 3 Botnet Research Report","year":"2015","journal-title":"Level 3 Communications Tech Rep"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_3"},{"key":"ref1","article-title":"Internet Security Threat Report, Volume 20","year":"2015","journal-title":"Symantec Tech Rep"},{"key":"ref20","year":"0","journal-title":"ZeroAccess botnet resumes click-fraud activity after six-month break | Dell SecureWorks Blog"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065034"},{"key":"ref21","year":"0","journal-title":"Cuckoo Sandbox"},{"key":"ref24","year":"2016","journal-title":"Snort IDS"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660352"},{"key":"ref23","year":"2016","journal-title":"Aligot source code"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-39945-3_11"},{"key":"ref25","year":"0","journal-title":"Malware-Traffic-Analysis net"}],"event":{"name":"IEEE INFOCOM 2017 - IEEE Conference on Computer Communications","location":"Atlanta, GA, USA","start":{"date-parts":[[2017,5,1]]},"end":{"date-parts":[[2017,5,4]]}},"container-title":["IEEE INFOCOM 2017 - IEEE Conference on Computer Communications"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8049192\/8056940\/08057064.pdf?arnumber=8057064","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,10,28]],"date-time":"2017-10-28T03:30:38Z","timestamp":1509161438000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/8057064\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,5]]},"references-count":41,"URL":"https:\/\/doi.org\/10.1109\/infocom.2017.8057064","relation":{},"subject":[],"published":{"date-parts":[[2017,5]]}}}