{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T15:59:52Z","timestamp":1769961592238,"version":"3.49.0"},"reference-count":23,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,5]]},"DOI":"10.1109\/inm.2015.7140486","type":"proceedings-article","created":{"date-parts":[[2015,7,6]],"date-time":"2015-07-06T21:19:27Z","timestamp":1436217567000},"page":"1304-1309","source":"Crossref","is-referenced-by-count":50,"title":["Detecting DGA malware using NetFlow"],"prefix":"10.1109","author":[{"given":"Martin","family":"Grill","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ivan","family":"Nikolaev","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Veronica","family":"Valeros","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Martin","family":"Rehak","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref10","author":"holz","year":"2008","journal-title":"Measuring and Detecting Fast-Flux Service Networks"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/1028788.1028804"},{"key":"ref12","first-page":"1245","article-title":"Beyond blacklists: learning to detect malicious web sites from suspicious urls","author":"justin","year":"2009","journal-title":"Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining"},{"key":"ref13","first-page":"1","article-title":"Behind phishing: An examination of phisher modi operandi","volume":"8","author":"mcgrath","year":"2008","journal-title":"LEET"},{"key":"ref14","article-title":"Conficker c analysis","author":"porras","year":"2009","journal-title":"SRI International"},{"key":"ref15","first-page":"5","article-title":"Intrusion detection with unlabeled data using clustering","author":"portnoy","year":"2001","journal-title":"Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001)"},{"key":"ref16","first-page":"1","article-title":"Differential privacy for collaborative security","author":"jason","year":"2010","journal-title":"Proceedings of the Third European Workshop on System Security"},{"key":"ref17","article-title":"Herbert Bos, FKIE Fraunhofer, and Dell SecureWorks","author":"rossow","year":"0","journal-title":"Sok P2pwnedmodeling and evaluating the resilience of peer-to-peer botnets"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/1851182.1851215"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"ref4","year":"2004","journal-title":"RFC 3954 Cisco Systems NetFlow Services Export Version 9 IETF"},{"key":"ref3","article-title":"From throw-away traffic to bots: detecting the rise of dga-based malware","author":"antonakakis","year":"2012","journal-title":"Proceedings of the 21st USENIX Security Symposium"},{"key":"ref6","article-title":"Nfsight: netflow-based network awareness tool","author":"berthier","year":"2010","journal-title":"Proceedings of the 24th USENIX LISA"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-44599-1_8"},{"key":"ref8","article-title":"Botnet detection and response","volume":"2005","author":"dagon","year":"2005","journal-title":"OARC Workshop"},{"key":"ref7","author":"claise","year":"2013","journal-title":"Rfc 7011 Specification of the ipfix protocol for the exchange of flow information"},{"key":"ref2","author":"amini","year":"2008","journal-title":"Kraken Botnet Infiltration"},{"key":"ref1","year":"2012","journal-title":"Lavasoft Alexander Adamov Backdoor Win32 Shiz"},{"key":"ref9","first-page":"325","article-title":"A taxonomy of botnet structures","author":"david","year":"2007","journal-title":"Computer Security Applications Conference 2007 ACSAC 2007 Twenty-Third Annual"},{"key":"ref20","first-page":"18","article-title":"Analysis of the storm and nugache trojans: P2p is here","volume":"32","author":"stover","year":"2007","journal-title":"USENIX login"},{"key":"ref22","first-page":"30","author":"zhang","year":"2005","journal-title":"Proceedings of the 5th ACM SIGCOMM Conference on Internet Measurement"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2012.2184552"},{"key":"ref23","first-page":"116","article-title":"Dga-based botnet detection using dns traffic","volume":"3","author":"yong-lin","year":"0","journal-title":"Journal of Internet Services and Information Security (JISIS)"}],"event":{"name":"2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM)","location":"Ottawa, ON, Canada","start":{"date-parts":[[2015,5,11]]},"end":{"date-parts":[[2015,5,15]]}},"container-title":["2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7121095\/7140257\/07140486.pdf?arnumber=7140486","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,24]],"date-time":"2017-03-24T18:44:52Z","timestamp":1490381092000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7140486\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,5]]},"references-count":23,"URL":"https:\/\/doi.org\/10.1109\/inm.2015.7140486","relation":{},"subject":[],"published":{"date-parts":[[2015,5]]}}}