{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T19:58:58Z","timestamp":1768420738149,"version":"3.49.0"},"reference-count":68,"publisher":"Institute of Electrical and Electronics Engineers (IEEE)","issue":"2","license":[{"start":{"date-parts":[[2015,4,1]],"date-time":"2015-04-01T00:00:00Z","timestamp":1427846400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/ieeexplore.ieee.org\/Xplorehelp\/downloads\/license-information\/IEEE.html"}],"funder":[{"name":"NSF CRI","award":["CNS-1059439"],"award-info":[{"award-number":["CNS-1059439"]}]},{"name":"DHS S&T NBCHC070133"},{"name":"UCSD"},{"name":"MIUR"},{"name":"Google Faculty Award for the UBICA project"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IEEE\/ACM Trans. Networking"],"published-print":{"date-parts":[[2015,4]]},"DOI":"10.1109\/tnet.2013.2297678","type":"journal-article","created":{"date-parts":[[2014,1,31]],"date-time":"2014-01-31T17:53:51Z","timestamp":1391190831000},"page":"341-354","source":"Crossref","is-referenced-by-count":50,"title":["Analysis of a \u201c\/0\u201d Stealth Scan From a Botnet"],"prefix":"10.1109","volume":"23","author":[{"given":"Alberto","family":"Dainotti","sequence":"first","affiliation":[]},{"given":"Alistair","family":"King","sequence":"additional","affiliation":[]},{"given":"Kimberly","family":"Claffy","sequence":"additional","affiliation":[]},{"given":"Ferdinando","family":"Papale","sequence":"additional","affiliation":[]},{"given":"Antonio","family":"Pescape","sequence":"additional","affiliation":[]}],"member":"263","reference":[{"key":"ref39","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879156"},{"key":"ref38","first-page":"4","article-title":"Spamcraft: an inside look at spam campaign orchestration","author":"kreibich","year":"2009","journal-title":"Proc 2nd USENIX LEET"},{"key":"ref33","first-page":"9:1","article-title":"Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm","author":"holz","year":"2008","journal-title":"Proc 1st USENIX LEET"},{"key":"ref32","doi-asserted-by":"publisher","DOI":"10.1145\/1452520.1452542"},{"key":"ref31","article-title":"Botsniffer: Detecting botnet command and control channels in network traffic","author":"gu","year":"2008","journal-title":"15th Annu NDSS"},{"key":"ref30","doi-asserted-by":"publisher","DOI":"10.1109\/PASSAT\/SocialCom.2011.46"},{"key":"ref37","doi-asserted-by":"publisher","DOI":"10.1007\/s00607-013-0288-2"},{"key":"ref36","author":"king","year":"2012","journal-title":"?Corsaro ?"},{"key":"ref35","first-page":"15","article-title":"Show me the money: characterizing spam-advertised revenue","author":"kanich","year":"2011","journal-title":"Proc 20th USENIX Conf SEC"},{"key":"ref34","year":"2012","journal-title":"?Dshield org Distributed intrusion detection system ?"},{"key":"ref60","first-page":"149","article-title":"How to own the Internet in your spare time","author":"staniford","year":"2002","journal-title":"Proc 11th Usenix Security Symp"},{"key":"ref62","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"ref61","author":"stewart","year":"2008","journal-title":"?Inside the storm Protocols and encryption of the storm botnet ?"},{"key":"ref63","year":"2005","journal-title":"?University of Oregon Route Views project ?"},{"key":"ref28","year":"1999","journal-title":"?Guidelines for protecting user privacy in wide traffic traces ?"},{"key":"ref64","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402979"},{"key":"ref27","year":"2010","journal-title":"?Conficker Working Group lessons learned ?"},{"key":"ref65","article-title":"Using honeynets for Internet situational awareness","author":"yegneswaran","year":"2005","journal-title":"Proc HotNets-I"},{"key":"ref66","author":"zalewski","year":"2012","journal-title":"?p0f v3 ?"},{"key":"ref29","year":"2012","journal-title":"?MAWI Working Group traffic archive ?"},{"key":"ref67","author":"zeltser","year":"2010","journal-title":"?Targeting VoIP Increase in SIP connections on UDP port 5060 ?"},{"key":"ref68","doi-asserted-by":"publisher","DOI":"10.1145\/948134.948136"},{"key":"ref2","year":"0","journal-title":"?Cuttlefish ?"},{"key":"ref1","year":"0","journal-title":"?AfriNIC The registry of Internet number resources for Africa ?"},{"key":"ref20","author":"davis","year":"2011","journal-title":"?Hackers take down the most wired country in Europe ?"},{"key":"ref22","author":"falliere","year":"2011","journal-title":"?A distributed cracker for VoIP ?"},{"key":"ref21","author":"duane","year":"2009","journal-title":"?Mapping the IPv4 address space ?"},{"key":"ref24","author":"gauci","year":"2010","journal-title":"?11 million Euro loss in VoIP fraud and my VoIP logs ?"},{"key":"ref23","author":"falliere","year":"2011","journal-title":"?Sality Story of a peer-to-peer viral network ?"},{"key":"ref26","author":"gauci","year":"2012","journal-title":"?SIPVicious Tools for auditing SIP based VoIP systems ?"},{"key":"ref25","author":"gauci","year":"2010","journal-title":"?Distributed SIP scanning during Halloween weekend ?"},{"key":"ref50","year":"2010","journal-title":"?SIP brute force attack originating from Amazon EC2 hosts ?"},{"key":"ref51","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1145\/1151659.1159947","article-title":"Understanding the network-level behavior of spammers","author":"ramachandran","year":"2006","journal-title":"Proc ACM Sigcomm"},{"key":"ref59","first-page":"2846","article-title":"EFFORT: Efficient and effective bot malware detection","author":"shin","year":"2012","journal-title":"Proc 31st Annu IEEE INFOCOM Mini-Conf"},{"key":"ref58","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2173486"},{"key":"ref57","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920285"},{"key":"ref56","author":"sheldon","year":"2010","journal-title":"?SIP brute force attacks escalate over Halloween weekend ?"},{"key":"ref55","author":"sheldon","year":"2010","journal-title":"?SIP brute force attack originating from Amazon EC2 hosts ?"},{"key":"ref54","author":"sarat","year":"2007","journal-title":"?Measuring the storm worm network ?"},{"key":"ref53","doi-asserted-by":"crossref","DOI":"10.1007\/978-1-4612-0871-6","author":"sagan","year":"1994","journal-title":"Space-Filling Curves"},{"key":"ref52","doi-asserted-by":"publisher","DOI":"10.17487\/rfc3261"},{"key":"ref10","author":"bacher","year":"2008","journal-title":"?Know your enemy Tracking botnets ?"},{"key":"ref11","volume":"27","author":"barford","year":"2006","journal-title":"Malware Detection"},{"key":"ref40","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2012.6195589"},{"key":"ref12","year":"2012","journal-title":"?Supplemental data Analysis of a ?\/0? stealth scan from a botnet ?"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/1644893.1644915"},{"key":"ref14","author":"cheng","year":"2012","journal-title":"?Symantec Flashback botnet could generate up to $10k per day in ad clicks ?"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866355"},{"key":"ref16","first-page":"6","article-title":"The zombie roundup: understanding, detecting, and disrupting botnets","author":"cooke","year":"2005","journal-title":"In Proc USENIX SRUTI"},{"key":"ref17","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.44"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2382416.2382423"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068818"},{"key":"ref4","author":"stewart","year":"2008","journal-title":"?Ozdok\/Mega-D trojan analysis ?"},{"key":"ref3","year":"0","journal-title":"?Routing information service (RIS) ?"},{"key":"ref6","year":"2010","journal-title":"?The asterisk-users mailing-list archives ?"},{"key":"ref5","year":"0","journal-title":"?Tcpdump ?"},{"key":"ref8","year":"2010","journal-title":"?The Voipsec mailing-list archives ?"},{"key":"ref49","author":"porras","year":"2009","journal-title":"?Conficker ?"},{"key":"ref7","year":"2010","journal-title":"?The UCSD Network Telescope ?"},{"key":"ref9","first-page":"41","article-title":"A multifaceted approach to understanding the botnet phenomenon","author":"abu","year":"2006","journal-title":"Proc 6th ACM SIGCOMM IMC"},{"key":"ref46","author":"munroe","year":"2006","journal-title":"?xkcd Map of the Internet ?"},{"key":"ref45","author":"mullaney","year":"2012","journal-title":"?Android Bmaster A million-dollar mobile botnet ?"},{"key":"ref48","doi-asserted-by":"publisher","DOI":"10.1145\/1555349.1555352"},{"key":"ref47","year":"2012","journal-title":"?Bind function ?"},{"key":"ref42","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2010.2086445"},{"key":"ref41","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-68768-1_2"},{"key":"ref44","year":"0","journal-title":"?MaxMind GeoLite country Open source IP address to country database ?"},{"key":"ref43","first-page":"1","article-title":"Automatic discovery of botnet communities on large-scale communication networks","author":"lu","year":"2009","journal-title":"Proc ACM ASIACCS"}],"container-title":["IEEE\/ACM Transactions on Networking"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/90\/7086110\/06717049.pdf?arnumber=6717049","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,1,12]],"date-time":"2022-01-12T16:41:52Z","timestamp":1642005712000},"score":1,"resource":{"primary":{"URL":"http:\/\/ieeexplore.ieee.org\/document\/6717049\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,4]]},"references-count":68,"journal-issue":{"issue":"2"},"URL":"https:\/\/doi.org\/10.1109\/tnet.2013.2297678","relation":{},"ISSN":["1063-6692","1558-2566"],"issn-type":[{"value":"1063-6692","type":"print"},{"value":"1558-2566","type":"electronic"}],"subject":[],"published":{"date-parts":[[2015,4]]}}}