{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,9,6]],"date-time":"2024-09-06T10:49:42Z","timestamp":1725619782663},"reference-count":35,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2014,8]]},"DOI":"10.1109\/iri.2014.7051865","type":"proceedings-article","created":{"date-parts":[[2015,3,3]],"date-time":"2015-03-03T20:16:47Z","timestamp":1425413807000},"page":"8-15","source":"Crossref","is-referenced-by-count":4,"title":["Stream computing for large-scale, multi-channel cyber threat analytics"],"prefix":"10.1109","author":[{"given":"Douglas L.","family":"Schales","sequence":"first","affiliation":[]},{"given":"Mihai","family":"Christodorescu","sequence":"additional","affiliation":[]},{"given":"Xin","family":"Hu","sequence":"additional","affiliation":[]},{"given":"Jiyong","family":"Jang","sequence":"additional","affiliation":[]},{"given":"Josyula R.","family":"Rao","sequence":"additional","affiliation":[]},{"given":"Reiner","family":"Sailer","sequence":"additional","affiliation":[]},{"given":"Marc Ph.","family":"Stoecklin","sequence":"additional","affiliation":[]},{"given":"Wietse","family":"Venema","sequence":"additional","affiliation":[]},{"given":"Ting","family":"Wang","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref33","article-title":"Global intrusion detection in the DOMINO overlay system","author":"yegneswaran","year":"2004","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-35515-3_18"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/65.484228"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1998.738566"},{"key":"ref35","doi-asserted-by":"crossref","DOI":"10.1007\/978-3-540-70542-0_11","article-title":"Traffic aggregation for malware detection","author":"yen","year":"2008","journal-title":"Proceedings of the 2nd International Conference on Intrusion and Malware Detection and Vulnerability Assessment"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523670"},{"key":"ref10","article-title":"Rishi: Identify bot contaminated hosts by IRC nickname evaluation","author":"goebel","year":"2007","journal-title":"Proceedings of Hot Topics in Understanding Botnet"},{"key":"ref11","article-title":"BotMiner: clustering analysis of network traffic for protocol-and structure-independent botnet detection","author":"gu","year":"2008","journal-title":"Proc Usenix Security Symp"},{"key":"ref12","article-title":"BotHunter: detecting malware infection through ids-driven dialog correlation","author":"gu","year":"2007","journal-title":"Proc Usenix Security Symp"},{"key":"ref13","article-title":"BotSniffer: Detecting botnet command and control channels in network traffic","author":"gu","year":"2008","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref14","article-title":"SPL stream processing language specification","author":"hirzel","year":"2009","journal-title":"Technical Report IBM Research"},{"key":"ref15","article-title":"Measuring and detecting fast-flux service networks","author":"holz","year":"2008","journal-title":"Proc Symp Network and Distributed System Security"},{"journal-title":"HP Corp ArcSight","year":"2014","key":"ref16"},{"journal-title":"IBM Corp InfoSphere Streams","year":"2014","key":"ref17"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOMW.2009.5072151"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00136-5"},{"journal-title":"Data Breach Investigations Report","year":"2010","author":"baker","key":"ref4"},{"key":"ref27","article-title":"DIDS (distributed intrusion detection system) - motivation, architecture, and an early prototype","author":"snapp","year":"1991","journal-title":"Proc National Computer Security Conf"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/SITIS.2008.115"},{"key":"ref6","article-title":"EXPOSURE: Finding malicious domains using passive DNS analysis","author":"bilge","year":"2011","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref29","article-title":"GrIDS - a graph-based intrusion detection system for large networks","author":"staniford-chen","year":"1996","journal-title":"Proc National Information Systems Security Conf"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/CSAC.1998.738563"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327492"},{"key":"ref7","article-title":"Defending a computer system using autonomous agents","author":"crosbie","year":"1995","journal-title":"Technical Report"},{"key":"ref2","article-title":"Building a dynamic reputation system for DNS","author":"antonakakis","year":"2010","journal-title":"Proc Usenix Security Symp"},{"journal-title":"W32 stuxnet Dossier","year":"2010","author":"falliere","key":"ref9"},{"journal-title":"Nfdump","year":"2014","key":"ref1"},{"key":"ref20","article-title":"Wide-scale botnet detection and characterization","author":"karasaridis","year":"2007","journal-title":"Proceedings of Hot Topics in Understanding Botnet"},{"key":"ref22","article-title":"Bot-Grep: Finding P2P bots with structured graph analysis","author":"nagaraja","year":"2010","journal-title":"Proc Usenix Security Symp"},{"key":"ref21","article-title":"The M4 macro processor","author":"kernighan","year":"1977","journal-title":"Technical Report Bell Laboratories"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2008.4690854"},{"journal-title":"RSA Corp NetWitness","year":"2014","key":"ref26"},{"key":"ref25","article-title":"Snort - lightweight intrusion detection for networks","author":"roesch","year":"1999","journal-title":"Proc USENIX Conference on System Administration"}],"event":{"name":"2014 IEEE International Conference on Information Reuse and Integration (IRI)","start":{"date-parts":[[2014,8,13]]},"location":"Redwood City, CA, USA","end":{"date-parts":[[2014,8,15]]}},"container-title":["Proceedings of the 2014 IEEE 15th International Conference on Information Reuse and Integration (IEEE IRI 2014)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7036233\/7051718\/07051865.pdf?arnumber=7051865","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,23]],"date-time":"2017-06-23T06:38:22Z","timestamp":1498199902000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7051865\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,8]]},"references-count":35,"URL":"https:\/\/doi.org\/10.1109\/iri.2014.7051865","relation":{},"subject":[],"published":{"date-parts":[[2014,8]]}}}