{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T12:35:25Z","timestamp":1740141325185,"version":"3.37.3"},"reference-count":50,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"3","license":[{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"am","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2024,5,1]],"date-time":"2024-05-01T00:00:00Z","timestamp":1714521600000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"name":"LDRD Program"},{"DOI":"10.13039\/100006234","name":"Sandia National Laboratories","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006234","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006234","name":"Sandia National Laboratories","doi-asserted-by":"publisher","id":[{"id":"10.13039\/100006234","id-type":"DOI","asserted-by":"publisher"}]},{"name":"National Technology & Engineering Solutions of Sandia, LLC"},{"name":"U.S. Department of Energy's National Nuclear Security Administration","award":["DE-NA0003525"],"award-info":[{"award-number":["DE-NA0003525"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans. Dependable and Secure Comput."],"published-print":{"date-parts":[[2024,5]]},"DOI":"10.1109\/tdsc.2023.3266139","type":"journal-article","created":{"date-parts":[[2023,4,19]],"date-time":"2023-04-19T17:38:19Z","timestamp":1681925899000},"page":"1084-1097","source":"Crossref","is-referenced-by-count":1,"title":["Experimental Validation of a Command and Control Traffic Detection Model"],"prefix":"10.1109","volume":"21","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9665-5321","authenticated-orcid":false,"given":"Eric D.","family":"Vugrin","sequence":"first","affiliation":[{"name":"Sandia National Laboratories, Albuquerque, NM, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2331-2974","authenticated-orcid":false,"given":"Seth","family":"Hanson","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories, Albuquerque, NM, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3738-192X","authenticated-orcid":false,"given":"Jerry","family":"Cruz","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories, Albuquerque, NM, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-0081-2303","authenticated-orcid":false,"given":"Casey","family":"Glatter","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories, Albuquerque, NM, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7084-1225","authenticated-orcid":false,"given":"Thomas","family":"Tarman","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories, Albuquerque, NM, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0912-9623","authenticated-orcid":false,"given":"Ali","family":"Pinar","sequence":"additional","affiliation":[{"name":"Sandia National Laboratories, Albuquerque, NM, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"key":"ref1","doi-asserted-by":"publisher","DOI":"10.1109\/ICICIC.2009.127"},{"key":"ref2","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241275"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(19)30071-6"},{"article-title":"Meris botnet assaults krebsonsecurity: The botnet appears to be made up of compromised routers","year":"2021","author":"Osborne","key":"ref4"},{"article-title":"BotSniffer: Detecting botnet command and control channels in network traffic","volume-title":"Proc Netw. Distrib. Syst. Secur. Symp.","author":"Gu","key":"ref5"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1002\/sec.800"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSIT.2010.5563555"},{"key":"ref8","first-page":"26","volume-title":"Attack Modeling in Open Network Environments","author":"Serazzi","year":"2004"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2018.2819967"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/SAINTW.2005.1619988"},{"volume-title":"Operating Systems: Three Easy Pieces","year":"2015","author":"Arpaci-Dusseau","key":"ref11"},{"year":"2019","key":"ref12","article-title":"Snort intrusion detection and prevention system"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2009.56"},{"key":"ref14","doi-asserted-by":"publisher","DOI":"10.1145\/3014812.3014889"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"ref16","doi-asserted-by":"publisher","DOI":"10.1109\/ICCWS48432.2020.9292395"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1145\/3411508.3421379"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2018.2846740"},{"issue":"2","key":"ref19","article-title":"Botnet command and control traffic detection challenges: A correlation-based solution","volume":"7","author":"Ghafir","year":"2015","journal-title":"Int. J. Adv. Comput. Netw. Secur."},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(00)00139-0"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.1109\/IWIAS.2003.1192459"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1145\/2808691"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1016\/j.procs.2011.07.024"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1145\/2512209.2512216"},{"issue":"3","key":"ref25","article-title":"An effective evolution of packet loss with SNORT","volume":"4","author":"Naidu","year":"2013","journal-title":"Int. J. Clothing Sci. Technol."},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.jcss.2014.12.012"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.1109\/THS.2010.5655108"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/3384217.3385626"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/3474718.3474725"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2014.27"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076752"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/DISCEX.2001.932190"},{"issue":"1","key":"ref33","article-title":"Botnets as a vehicle for online crime","volume":"1","author":"Ianelli","year":"2005","journal-title":"CERT Coordination Center"},{"year":"2014","key":"ref34","article-title":"New banking malware uses network sniffing for data theft"},{"year":"2021","key":"ref35","article-title":"Emotet botnet disrupted in international cyber operation"},{"year":"2018","key":"ref36","article-title":"Sid 1\u201348402"},{"article-title":"Minimega, version 00","year":"2013","author":"Fritz","key":"ref37"},{"key":"ref38","first-page":"41","article-title":"QEMU, a fast and portable dynamic translator","volume-title":"Proc USENIX Annu. Tech. Conf.","author":"Bellard","year":"2005"},{"article-title":"Extending networking into the virtualization layer","volume-title":"Proc. 8th ACM Workshop Hot Top. Netw.","author":"Pfaff","key":"ref39"},{"key":"ref40","first-page":"4","article-title":"DEW: Distributed experiment workflows","volume-title":"Proc. 11th USENIX Workshop Cyber Secur. Experimentation Test","author":"Mirkovic"},{"year":"2019","key":"ref41","article-title":"Open vswitch basic configuration"},{"article-title":"Scapy","year":"2019","author":"Biondi","key":"ref46"},{"year":"2019","key":"ref47","article-title":"Three families in three days \u2013 revisiting prolific crimeware to improve network detection: Emotet"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.10.016"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1109\/ICICT50521.2020.00078"},{"year":"2022","key":"ref50","article-title":"Purple team: About beacons"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.03.013"},{"year":"2021","key":"ref52","article-title":"TrickBot brief: Creds and beacons"},{"year":"2018","key":"ref53","article-title":"The next paradigm shift: AI-driven cyber-attacks"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1615\/Int.J.UncertaintyQuantification.2021033774"}],"container-title":["IEEE Transactions on Dependable and Secure Computing"],"original-title":[],"link":[{"URL":"https:\/\/ieeexplore.ieee.org\/ielam\/8858\/10530496\/10105851-aam.pdf","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/8858\/10530496\/10105851.pdf?arnumber=10105851","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,5,15]],"date-time":"2024-05-15T05:23:04Z","timestamp":1715750584000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10105851\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,5]]},"references-count":50,"journal-issue":{"issue":"3"},"URL":"https:\/\/doi.org\/10.1109\/tdsc.2023.3266139","relation":{},"ISSN":["1545-5971","1941-0018","2160-9209"],"issn-type":[{"type":"print","value":"1545-5971"},{"type":"electronic","value":"1941-0018"},{"type":"electronic","value":"2160-9209"}],"subject":[],"published":{"date-parts":[[2024,5]]}}}