{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:51:10Z","timestamp":1771699870122,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":27,"publisher":"ACM","license":[{"start":{"date-parts":[[2010,3,22]],"date-time":"2010-03-22T00:00:00Z","timestamp":1269216000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004956","name":"Bundesministerium f\u00fcr Verkehr, Innovation und Technologie","doi-asserted-by":"publisher","award":["TRUDIE (P820854)"],"award-info":[{"award-number":["TRUDIE (P820854)"]}],"id":[{"id":"10.13039\/501100004956","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["WOMBATFORWARD"],"award-info":[{"award-number":["WOMBATFORWARD"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002347","name":"Bundesministerium f\u00fcr Bildung und Forschung","doi-asserted-by":"publisher","award":["ReMIND (FKZ 01-IS07007A)"],"award-info":[{"award-number":["ReMIND (FKZ 01-IS07007A)"]}],"id":[{"id":"10.13039\/501100002347","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2010,3,22]]},"DOI":"10.1145\/1774088.1774506","type":"proceedings-article","created":{"date-parts":[[2010,4,27]],"date-time":"2010-04-27T12:45:48Z","timestamp":1272372348000},"page":"1978-1984","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":45,"title":["Botzilla"],"prefix":"10.1145","author":[{"given":"Konrad","family":"Rieck","sequence":"first","affiliation":[{"name":"Berlin Institute of Technology, Berlin, Germany"}]},{"given":"Guido","family":"Schwenk","sequence":"additional","affiliation":[{"name":"Fraunhofer Institute FIRST, Berlin, Germany"}]},{"given":"Tobias","family":"Limmer","sequence":"additional","affiliation":[{"name":"University of Erlangen, Erlangen, Germany"}]},{"given":"Thorsten","family":"Holz","sequence":"additional","affiliation":[{"name":"Technical University of Vienna, Vienna, Austria"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[{"name":"University of T\u00fcbingen, T\u00fcbingen, Germany"}]}],"member":"320","published-online":{"date-parts":[[2010,3,22]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_9"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315292"},{"key":"e_1_3_2_1_3_1","volume-title":"Workshop on Hot Topics in Understanding Botnets","author":"Goebel J.","year":"2007","unstructured":"J. Goebel and T. Holz . Rishi: Identify bot contaminated hosts by IRC nickname evaluation . In Workshop on Hot Topics in Understanding Botnets , 2007 . J. Goebel and T. Holz. Rishi: Identify bot contaminated hosts by IRC nickname evaluation. In Workshop on Hot Topics in Understanding Botnets, 2007."},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. of USENIX Security Symposium","author":"Gu G.","year":"2008","unstructured":"G. Gu , R. Perdisci , J. Zhang , and W. Lee . BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection . In Proc. of USENIX Security Symposium , 2008 . G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In Proc. of USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_5_1","volume-title":"Proc. of USENIX Security Symposium","author":"Gu G.","year":"2007","unstructured":"G. Gu , P. Porras , V. Yegneswaran , M. Fong , and W. Lee . BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation . In Proc. of USENIX Security Symposium , 2007 . G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In Proc. of USENIX Security Symposium, 2007."},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. of Network and Distributed System Security Symposium (NDSS)","author":"Gu G.","year":"2008","unstructured":"G. Gu , J. Zhang , and W. Lee . BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic . In Proc. of Network and Distributed System Security Symposium (NDSS) , 2008 . G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In Proc. of Network and Distributed System Security Symposium (NDSS), 2008."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.5555\/262228"},{"key":"e_1_3_2_1_9_1","volume-title":"Proc. of USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Holz T.","year":"2008","unstructured":"T. Holz , M. Steiner , F. Dahl , E. Biersack , and F. Freiling . Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm worm . In Proc. of USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) , 2008 . T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling. Measurements and mitigation of peer-to-peer-based botnets: A case study on Storm worm. In Proc. of USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2008."},{"key":"e_1_3_2_1_10_1","volume-title":"Proc. of USENIX Security Symposium","author":"Kim H.-A.","year":"2004","unstructured":"H.-A. Kim and B. Karp . Autograph: Toward automated, distributed worm signature detection . In Proc. of USENIX Security Symposium , 2004 . H.-A. Kim and B. Karp. Autograph: Toward automated, distributed worm signature detection. In Proc. of USENIX Security Symposium, 2004."},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. of Workshop on Hot Topics in Networks","author":"Kreibich C.","year":"2003","unstructured":"C. Kreibich and J. Crowcroft . Honeycomb - creating intrusion detection signatures using honeypots . In Proc. of Workshop on Hot Topics in Networks , 2003 . C. Kreibich and J. Crowcroft. Honeycomb - creating intrusion detection signatures using honeypots. In Proc. of Workshop on Hot Topics in Networks, 2003."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.18"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-92666-5_15"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1219056"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/637201.637244"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/11856214_5"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. of USENIX Security Symposium","author":"Provos N.","year":"2008","unstructured":"N. Provos , P. Mavrommatis , M. A. Rajab , and F. Monrose . All Your iFRAMEs Point to Us . In Proc. of USENIX Security Symposium , 2008 . N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All Your iFRAMEs Point to Us. In Proc. of USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_11"},{"key":"e_1_3_2_1_22_1","first-page":"229","volume-title":"Proc. of USENIX Large Installation System Administration Conference LISA","author":"Roesch M.","year":"1999","unstructured":"M. Roesch . Snort : Lightweight intrusion detection for networks . In Proc. of USENIX Large Installation System Administration Conference LISA , pages 229 -- 238 , 1999 . M. Roesch. Snort: Lightweight intrusion detection for networks. In Proc. of USENIX Large Installation System Administration Conference LISA, pages 229--238, 1999."},{"key":"e_1_3_2_1_23_1","volume-title":"Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI)","author":"Singh S.","year":"2004","unstructured":"S. Singh , C. Estan , G. Varghese , and S. Savage . Automated worm fingerprinting . In Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI) , Dec. 2004 . S. Singh, C. Estan, G. Varghese, and S. Savage. Automated worm fingerprinting. In Proc. of USENIX Symposium on Operating Systems Design and Implementation (OSDI), Dec. 2004."},{"issue":"6","key":"e_1_3_2_1_24_1","first-page":"18","volume":"32","author":"Stover S.","year":"2007","unstructured":"S. Stover , D. Dittrich , J. Hernandez , and S. Dietrich . Analysis of the Storm and Nugache Trojans: P2P is here. USENIX; login :, 32 ( 6 ): 18 -- 27 , 2007 . S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich. Analysis of the Storm and Nugache Trojans: P2P is here. USENIX; login:, 32(6):18--27, 2007.","journal-title":"USENIX; login"},{"key":"e_1_3_2_1_25_1","volume-title":"April","year":"2008","unstructured":"Symantec. Global Internet Security Threat Report , April 2008 . Trends for July -- December 07. Symantec. Global Internet Security Threat Report, April 2008. Trends for July -- December 07."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_7"},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. of Network and Distributed System Security Symposium (NDSS)","author":"Wang Y.-M.","year":"2006","unstructured":"Y.-M. Wang , D. Beck , C. Verbowski , S. Chen , S. King , X. Jiang , and R. Roussev . Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities . In Proc. of Network and Distributed System Security Symposium (NDSS) , 2006 . Y.-M. Wang, D. Beck, C. Verbowski, S. Chen, S. King, X. Jiang, and R. Roussev. Automated web patrol with strider honeymonkeys: Finding web sites that exploit browser vulnerabilities. In Proc. of Network and Distributed System Security Symposium (NDSS), 2006."},{"key":"e_1_3_2_1_28_1","first-page":"7","volume-title":"Proc. of USENIX Security Symposium","author":"Yegneswaran V.","year":"2005","unstructured":"V. Yegneswaran , J. T. Giffin , P. Barford , and S. Jha . An architecture for generating semantics-aware signatures . In Proc. of USENIX Security Symposium , pages 7 -- 17 , 2005 . V. Yegneswaran, J. T. Giffin, P. Barford, and S. Jha. An architecture for generating semantics-aware signatures. In Proc. of USENIX Security Symposium, pages 7--17, 2005."}],"event":{"name":"SAC'10: The 2010 ACM Symposium on Applied Computing","location":"Sierre Switzerland","acronym":"SAC'10","sponsor":["SIGAPP ACM Special Interest Group on Applied Computing"]},"container-title":["Proceedings of the 2010 ACM Symposium on Applied Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1774088.1774506","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1774088.1774506","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T12:41:34Z","timestamp":1750250494000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1774088.1774506"}},"subtitle":["detecting the \"phoning home\" of malicious software"],"short-title":[],"issued":{"date-parts":[[2010,3,22]]},"references-count":27,"alternative-id":["10.1145\/1774088.1774506","10.1145\/1774088"],"URL":"https:\/\/doi.org\/10.1145\/1774088.1774506","relation":{},"subject":[],"published":{"date-parts":[[2010,3,22]]},"assertion":[{"value":"2010-03-22","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}