{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,2]],"date-time":"2026-01-02T07:47:34Z","timestamp":1767340054233,"version":"3.28.0"},"reference-count":45,"publisher":"IEEE","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,10]]},"DOI":"10.1109\/malware.2015.7413691","type":"proceedings-article","created":{"date-parts":[[2016,2,25]],"date-time":"2016-02-25T16:20:24Z","timestamp":1456417224000},"page":"110-116","source":"Crossref","is-referenced-by-count":13,"title":["Stealthy malware traffic - Not as innocent as it looks"],"prefix":"10.1109","author":[{"given":"Xingsi","family":"Zhong","sequence":"first","affiliation":[]},{"given":"Yu","family":"Fu","sequence":"additional","affiliation":[]},{"given":"Lu","family":"Yu","sequence":"additional","affiliation":[]},{"given":"Richard","family":"Brooks","sequence":"additional","affiliation":[]},{"given":"G. Kumar","family":"Venayagamoorthy","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"article-title":"Trend micro incorporated research paper 2012 - russian underground 101","year":"2011","author":"goncharov","key":"ref39"},{"article-title":"Zeus: God of diy botnets","year":"2009","author":"manky","key":"ref38"},{"article-title":"Bro","year":"0","author":"monitor","key":"ref33"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2012.2216872"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2012.93"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2009.06.008"},{"year":"0","key":"ref37","article-title":"Tor"},{"article-title":"fteproxy","year":"2013","author":"dyer","key":"ref36"},{"article-title":"LibFTE 0.1.0","year":"2015","author":"dyer","key":"ref35"},{"article-title":"Application layer packet classifier for linux: L7-filter","year":"2009","author":"foundation","key":"ref34"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/PSC.2015.7101704"},{"article-title":"Zeus source code leak means even more banking malware to hit the web","year":"2011","author":"rashid","key":"ref40"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516657"},{"article-title":"Zeus 2.0.8.9 source code","year":"0","author":"skeloru","key":"ref12"},{"article-title":"Synchrophasor security practices","year":"2010","author":"stewart","key":"ref13"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1109\/ISGTEurope.2014.7028738"},{"article-title":"Buggy smart meters open door to power-grid bot-net","year":"2009","author":"goodin","key":"ref15"},{"article-title":"Financial malware focuses on hiding malicious traffic, locafization","year":"2014","author":"blevins","key":"ref16"},{"article-title":"Hackers turning to tor network to hide evolved malware, warns kaspersky lab","year":"2014","author":"stevenson","key":"ref17"},{"article-title":"How pushdo malware hides c&c traffic","year":"2013","author":"prince","key":"ref18"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/49.668972"},{"article-title":"Traffic analysis of anonymity systems","year":"2010","author":"craven","key":"ref28"},{"key":"ref4","doi-asserted-by":"publisher","DOI":"10.1145\/2179298.2179332"},{"key":"ref27","first-page":"43","article-title":"An algorithm for anomaly-based botnet detection","author":"binkley","year":"2006","journal-title":"Proceedings of USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI)"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593240"},{"key":"ref6","article-title":"Cryptography for mobile malware obfuscation","author":"apvrille","year":"2011","journal-title":"RSA Conference Europe"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/2746266.2746269"},{"year":"0","key":"ref5","article-title":"Snort"},{"article-title":"Network Traffic Analysis Using Stochastic Grammars","year":"2012","author":"lu","key":"ref8"},{"article-title":"China tries to block encrypted traffic","year":"0","author":"mike","key":"ref7"},{"article-title":"Steganography and malware: Concealing code and c&c traffic","year":"0","author":"sancho","key":"ref2"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.35"},{"key":"ref1","first-page":"139","article-title":"Botminer: Clustering analysis of network traffic for protocol-and structure-independent botnet detection","volume":"5","author":"gu","year":"2008","journal-title":"USENIX Security Symposium"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31680-7_13"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2009.2019732"},{"article-title":"obfsproxy","year":"2015","author":"project","key":"ref22"},{"key":"ref21","article-title":"How china is blocking tor","author":"winter","year":"2012","journal-title":"arXiv preprint arXiv 1204 0447"},{"first-page":"1","article-title":"C37.118.2&#x2013;2011 - IEEE standard for synchrophasor data transfer for power systems","year":"2011","key":"ref42"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382210"},{"article-title":"openpdc","year":"0","author":"alliance","key":"ref41"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2517840.2517856"},{"year":"0","key":"ref26","article-title":"Bothunter: A network-based botnet diagnosis system"},{"year":"0","key":"ref44","article-title":"Real-Time Power and Intelligence Systems (RTPIS) Laboratory"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382211"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1109\/5.18626"}],"event":{"name":"2015 10th International Conference on Malicious and Unwanted Software (MALWARE)","start":{"date-parts":[[2015,10,20]]},"location":"Fajardo, PR, USA","end":{"date-parts":[[2015,10,22]]}},"container-title":["2015 10th International Conference on Malicious and Unwanted Software (MALWARE)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/7405773\/7413673\/07413691.pdf?arnumber=7413691","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2017,3,21]],"date-time":"2017-03-21T09:15:07Z","timestamp":1490087707000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/7413691\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,10]]},"references-count":45,"URL":"https:\/\/doi.org\/10.1109\/malware.2015.7413691","relation":{},"subject":[],"published":{"date-parts":[[2015,10]]}}}