{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T03:53:38Z","timestamp":1776743618673,"version":"3.51.2"},"reference-count":56,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"5","license":[{"start":{"date-parts":[[2018,9,1]],"date-time":"2018-09-01T00:00:00Z","timestamp":1535760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"DOI":"10.13039\/501100002614","name":"Korea National University of Transportation","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002614","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Basic Science Research Program of the National Research Foundation of Korea","award":["NRF-2014R1A1A2053456"],"award-info":[{"award-number":["NRF-2014R1A1A2053456"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2018,9,1]]},"DOI":"10.1109\/tdsc.2016.2609907","type":"journal-article","created":{"date-parts":[[2016,9,15]],"date-time":"2016-09-15T18:13:34Z","timestamp":1473963214000},"page":"771-783","source":"Crossref","is-referenced-by-count":29,"title":["LARGen: Automatic Signature Generation for Malwares Using Latent Dirichlet Allocation"],"prefix":"10.1109","volume":"15","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6117-0770","authenticated-orcid":false,"given":"Suchul","family":"Lee","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sungho","family":"Kim","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Sungil","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4367-3913","authenticated-orcid":false,"given":"Jaehyuk","family":"Choi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hanjun","family":"Yoon","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dohoon","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jun-Rak","family":"Lee","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1023\/A:1007665907178"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1983.10478022"},{"key":"ref33","first-page":"1","article-title":"Detecting malware domains at the upper DNS hierarchy","volume":"11","author":"antonakakis","year":"0","journal-title":"20th USENIX Security Symp"},{"key":"ref32","first-page":"273","article-title":"Building a dynamic reputation system for DNS","author":"antonakakis","year":"0","journal-title":"Proc 19th USENIX Security Symp"},{"key":"ref31","article-title":"Recursive DNS architectures and vulnerability implications","author":"dagon","year":"0","journal-title":"Proc Symp Network and Distributed System Security"},{"key":"ref30","first-page":"139","article-title":"BotMiner: Clustering analysis of network traffic for\n protocol-and structure-independent botnet detection","volume":"5","author":"gu","year":"0","journal-title":"Proc 17th USENIX Security Symp"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/s10994-011-5272-5"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.1145\/2567948.2579359"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516749"},{"key":"ref34","article-title":"The core of the matter: Analyzing malicious traffic in cellular\n carriers","author":"lever","year":"0","journal-title":"Proc 20th Netw Distrib Syst Secur Symp"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1925861.1925865"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1145\/1544012.1544023"},{"key":"ref29","first-page":"1","article-title":"BotHunter: Detecting malware infection through IDS-driven dialog correlation","volume":"7","author":"gu","year":"0","journal-title":"Proc 16th USENIX Security Symp"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.1109\/ICNS.2007.126"},{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2004.2"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2008.4575130"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848073"},{"key":"ref21","first-page":"1","article-title":"SANTaClass: A self adaptive network traffic classification system","author":"tongaonkar","year":"0","journal-title":"Proc IFIP Netw Conf"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOMW.2010.5700198"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2015.7346820"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997496"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1109\/IAdCC.2014.6779336"},{"key":"ref50","article-title":"Parameter estimation for text analysis","author":"heinrich","year":"2004"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/1162678.1162679"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660378"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.1145\/988672.988742"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/1921168.1921180"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1016\/j.istr.2009.03.001"},{"key":"ref52","article-title":"Contagio exchange","author":"parkour","year":"2014"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-009-0119-3"},{"key":"ref11","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2010.2068544"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1093\/biomet\/81.3.541"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/1030194.1015489"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1851275.1851216"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/2664243.2664256"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.41"},{"key":"ref16","first-page":"993","article-title":"Latent\n Dirichlet allocation","volume":"3","author":"blei","year":"2003","journal-title":"J Mach Learn Res"},{"key":"ref17","article-title":"Capture files from Mid-Atlantic CCDC","year":"2014"},{"key":"ref18","article-title":"blog sobre compartici&#x00F3;n de malware, recurso en l&#x00ED;nea\n disponible","author":"parkour","year":"2014"},{"key":"ref19","first-page":"215","article-title":"Automatic generation of buffer overflow attack signatures: An approach based on program behavior\n models","author":"liang","year":"0","journal-title":"Proc 21st Annu Comput Secur Appl Conf"},{"key":"ref4","first-page":"386","article-title":"Intrusion\n prevention system design","author":"zhang","year":"0","journal-title":"Proc Int Conf Comput Inf Technol"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774480"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"ref5","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/ICNS.2010.45"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2008.4753178"},{"key":"ref49","article-title":"Caida data","year":"2014"},{"key":"ref9","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/978-3-642-04342-0_6","article-title":"Automatic generation of string signatures\n for malware detection","author":"griffin","year":"2009","journal-title":"Recent Advances in Intrusion Detection"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637244"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1109\/49.464717"},{"key":"ref48","first-page":"229","article-title":"Snort: Lightweight intrusion detection for networks","author":"roesch","year":"0","journal-title":"Proc USENIX System Administration Conf"},{"key":"ref47","article-title":"Symantec internet security threat report 2010","author":"fossi","year":"2011"},{"key":"ref42","doi-asserted-by":"crossref","first-page":"5228","DOI":"10.1073\/pnas.0307752101","article-title":"Finding scientific topics","volume":"101","author":"griffiths","year":"0","journal-title":"Proc Natl Acad Sci United States America"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1109\/79.543975"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2007.1001"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1367497.1367510"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/8452067\/07569096.pdf?arnumber=7569096","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,26]],"date-time":"2022-01-26T16:58:00Z","timestamp":1643216280000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/7569096\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,9,1]]},"references-count":56,"journal-issue":{"issue":"5"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2016.2609907","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"value":"1545-5971","type":"print"},{"value":"1941-0018","type":"electronic"},{"value":"2160-9209","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,9,1]]}}}