{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,30]],"date-time":"2025-10-30T07:03:09Z","timestamp":1761807789331},"reference-count":27,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2012,10]]},"DOI":"10.1109\/malware.2012.6461004","type":"proceedings-article","created":{"date-parts":[[2013,2,21]],"date-time":"2013-02-21T19:11:54Z","timestamp":1361473914000},"page":"26-31","source":"Crossref","is-referenced-by-count":26,"title":["Analysis and detection of malicious data exfiltration in web traffic"],"prefix":"10.1109","author":[{"given":"Areej","family":"Al-Bataineh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gregory","family":"White","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"19","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2011.12"},{"key":"17","article-title":"Behavioral clustering of http-based malware and signature generation using malicious network traces","author":"perdisci","year":"0","journal-title":"Proceedings of the 7th USENIX Conference on Networked Systems Design and Implementation (NSDI'10) San Jose California 2010"},{"journal-title":"Applied Cryptography Protocols Algorithms and Source Code in C","year":"1995","author":"schneier","key":"18"},{"journal-title":"The Kneber Botnet","year":"2010","key":"15"},{"key":"16","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2008.06.016"},{"key":"13","first-page":"510","article-title":"Iustitia: An information theoretical approach to high-speed flow nature identification","author":"khakpour","year":"2009","journal-title":"Proceedings of the 29th International Conference on Distributed Computing Systems (ICDCS)"},{"key":"14","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2010.04.007"},{"key":"11","article-title":"Botsniffer: Detecting botnet command and control channels in network traffic","author":"gu","year":"0","journal-title":"15th Annual Network and Distributed System Security Symposium San Diego CA 10-13 February 2008"},{"key":"12","doi-asserted-by":"publisher","DOI":"10.1145\/1656274.1656278"},{"key":"21","doi-asserted-by":"publisher","DOI":"10.1002\/j.1538-7305.1948.tb00917.x"},{"journal-title":"Zeus Banking Trojan Reports","year":"2010","key":"20"},{"key":"22","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"journal-title":"Spyeye Bot Versus Zeus Bot","year":"2010","key":"23"},{"key":"24","doi-asserted-by":"crossref","first-page":"203","DOI":"10.1007\/978-3-540-30143-1_11","article-title":"Anomalous payload-based network intrusion detection (payl)","author":"wang","year":"2004","journal-title":"Lecture Notes in Computer Science"},{"key":"25","doi-asserted-by":"publisher","DOI":"10.1109\/IAW.2005.1495935"},{"key":"26","article-title":"My bots are not yours! a case study of 600+ real-world living botnets","author":"wu","year":"2009","journal-title":"Virus Bulletin (VB2009)"},{"key":"27","first-page":"232","article-title":"Automatically generating models for botnet detection","author":"wurzinger","year":"2009","journal-title":"Computer Security (ESORICS'09)"},{"year":"0","key":"3"},{"year":"0","key":"2"},{"key":"10","article-title":"Bothunter: Detecting malware infection through ids-driven dialog correlation","author":"gu","year":"2007","journal-title":"Proceedings of 16th USENIX Security Symposium"},{"year":"0","key":"1"},{"key":"7","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-20305-3_14"},{"key":"6","article-title":"Massive botnet may have snared some agency systems","author":"bain","year":"2010","journal-title":"Federal Computer Week"},{"journal-title":"The Mumba Botnet Disclosed","year":"2010","key":"5"},{"key":"4","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0156-6"},{"journal-title":"International Cooperation Disrupts Multi-country Cyber Theft Ring","year":"2010","key":"9"},{"key":"8","article-title":"Covertly probing underground economy marketplaces","author":"fallmann","year":"0","journal-title":"Proceedings of the 7th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA'10) 2010"}],"event":{"name":"2012 7th International Conference on Malicious and Unwanted Software (MALWARE)","start":{"date-parts":[[2012,10,16]]},"location":"Fajardo, PR, USA","end":{"date-parts":[[2012,10,18]]}},"container-title":["2012 7th International Conference on Malicious and Unwanted Software"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx5\/6449416\/6460999\/06461004.pdf?arnumber=6461004","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,6,21]],"date-time":"2017-06-21T04:01:35Z","timestamp":1498017695000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6461004\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2012,10]]},"references-count":27,"URL":"https:\/\/doi.org\/10.1109\/malware.2012.6461004","relation":{},"subject":[],"published":{"date-parts":[[2012,10]]}}}