{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,25]],"date-time":"2026-06-25T22:34:01Z","timestamp":1782426841418,"version":"3.54.5"},"reference-count":58,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","license":[{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-029"},{"start":{"date-parts":[[2021,1,1]],"date-time":"2021-01-01T00:00:00Z","timestamp":1609459200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-037"}],"funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61672543"],"award-info":[{"award-number":["61672543"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["61772559"],"award-info":[{"award-number":["61772559"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100001809","name":"NSFC","doi-asserted-by":"publisher","award":["U1836211"],"award-info":[{"award-number":["U1836211"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004826","name":"Beijing Natural Science Foundation","doi-asserted-by":"publisher","award":["JQ18011"],"award-info":[{"award-number":["JQ18011"]}],"id":[{"id":"10.13039\/501100004826","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002367","name":"Youth Innovation Promotion Association, CAS","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002367","id-type":"DOI","asserted-by":"publisher"}]},{"name":"Beijing Academy of Artificial Intelligence"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE Trans.Inform.Forensic Secur."],"published-print":{"date-parts":[[2021]]},"DOI":"10.1109\/tifs.2021.3080082","type":"journal-article","created":{"date-parts":[[2021,5,13]],"date-time":"2021-05-13T19:25:58Z","timestamp":1620933958000},"page":"3387-3400","source":"Crossref","is-referenced-by-count":14,"title":["An Exploit Kits Detection Approach Based on HTTP Message Graph"],"prefix":"10.1109","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9166-1482","authenticated-orcid":false,"given":"Yan","family":"Qin","sequence":"first","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5255-5639","authenticated-orcid":false,"given":"Weiping","family":"Wang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5351-7239","authenticated-orcid":false,"given":"Shigeng","family":"Zhang","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5624-2987","authenticated-orcid":false,"given":"Kai","family":"Chen","sequence":"additional","affiliation":[],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2017.105"},{"key":"ref38","doi-asserted-by":"publisher","DOI":"10.1016\/j.jocs.2017.05.027"},{"key":"ref33","first-page":"33","article-title":"Zozzle: Fast and precise in-browser JavaScript malware detection","author":"curtsinger","year":"2011","journal-title":"Proc Usenix Secur Symp"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM41043.2020.9155278"},{"key":"ref31","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23204"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.3906\/elk-1810-199"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857718"},{"key":"ref36","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"ref35","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_31"},{"key":"ref34","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"ref28","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"ref27","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23237"},{"key":"ref29","doi-asserted-by":"publisher","DOI":"10.1145\/1961189.1961202"},{"key":"ref2","year":"2019","journal-title":"A Close Look at Fallout Exploit Kit and Raccoon Stealer"},{"key":"ref1","year":"2019","journal-title":"Exploit Kits Spring 2019 Review"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2018.8548327"},{"key":"ref22","first-page":"1165","article-title":"Fanci: Feature-based automated nxdomain classification and intelligence","author":"sch\u00fcppen","year":"2018","journal-title":"Proc 27th USENIX Secur Symp (USENIX)"},{"key":"ref21","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23243"},{"key":"ref24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-01701-9_24"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/3339252.3339258"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101719"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-13057-2_6"},{"key":"ref50","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"ref51","doi-asserted-by":"publisher","DOI":"10.1145\/2771783.2771814"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2016.7524582"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0248-7"},{"key":"ref56","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23427"},{"key":"ref55","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23319"},{"key":"ref54","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813656"},{"key":"ref53","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2017.21"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.48"},{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516682"},{"key":"ref11","first-page":"1025","article-title":"Webwitness: Investigating, categorizing, and mitigating malware download paths","author":"nelms","year":"2015","journal-title":"Proc Usenix Secur Symp"},{"key":"ref40","first-page":"1147","article-title":"Sad thug: Structural anomaly detection for transmissions of high-value information using graphics","author":"chapman","year":"2018","journal-title":"Proc 27th USENIX Secur Symp (USENIX)"},{"key":"ref12","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046762"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848047"},{"key":"ref14","year":"2020","journal-title":"Malware Traffic Analysis"},{"key":"ref15","year":"2020","journal-title":"Threatglass"},{"key":"ref16","year":"2020","journal-title":"VirusTotal"},{"key":"ref17","first-page":"165","article-title":"A proposal of malicious urls detection based on features generated by exploit kits","author":"sato","year":"2016","journal-title":"Proc Int Workshop Infomatics"},{"key":"ref18","year":"2014","journal-title":"Internet Engineering Task Force"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/3372297.3417253"},{"key":"ref4","year":"2019","journal-title":"Midyear Security Roundup Evasive Threats Pervasive Effects"},{"key":"ref3","year":"2019","journal-title":"Exploring a Recent Magnitude Exploit Kit Sample"},{"key":"ref6","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.01.003"},{"key":"ref5","year":"2019","journal-title":"Kaspersky Security Bulletin 2018"},{"key":"ref8","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2017.54"},{"key":"ref7","doi-asserted-by":"publisher","DOI":"10.1587\/transinf.2016ICP0011"},{"key":"ref49","doi-asserted-by":"publisher","DOI":"10.1587\/transinf.2015ICP0013"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813724"},{"key":"ref46","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2021.102215"},{"key":"ref45","doi-asserted-by":"publisher","DOI":"10.1016\/j.eswa.2018.04.004"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1109\/AsiaJCIS.2015.17"},{"key":"ref47","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.33"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2020.2967746"},{"key":"ref41","first-page":"24","article-title":"Know your EK: A content and workflow analysis approach for exploit kits","volume":"9","author":"suren","year":"2019","journal-title":"J Internet Serv Inf Secur"},{"key":"ref44","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2008.09.010"},{"key":"ref43","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030100"}],"container-title":["IEEE Transactions on Information Forensics and Security"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10206\/9151439\/09430543.pdf?arnumber=9430543","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,10]],"date-time":"2022-05-10T14:52:39Z","timestamp":1652194359000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/9430543\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021]]},"references-count":58,"URL":"https:\/\/doi.org\/10.1109\/tifs.2021.3080082","relation":{},"ISSN":["1556-6013","1556-6021"],"issn-type":[{"value":"1556-6013","type":"print"},{"value":"1556-6021","type":"electronic"}],"subject":[],"published":{"date-parts":[[2021]]}}}