{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,19]],"date-time":"2026-02-19T07:15:32Z","timestamp":1771485332734,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":22,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,3,28]],"date-time":"2011-03-28T00:00:00Z","timestamp":1301270400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,3,28]]},"DOI":"10.1145\/1963405.1963435","type":"proceedings-article","created":{"date-parts":[[2011,3,29]],"date-time":"2011-03-29T12:02:18Z","timestamp":1301400138000},"page":"187-196","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":59,"title":["ARROW"],"prefix":"10.1145","author":[{"given":"Junjie","family":"Zhang","sequence":"first","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]},{"given":"Christian","family":"Seifert","sequence":"additional","affiliation":[{"name":"Microsoft Bing, Redmond, WA, USA"}]},{"given":"Jack W.","family":"Stokes","sequence":"additional","affiliation":[{"name":"Microsoft Research, Redmond, WA, USA"}]},{"given":"Wenke","family":"Lee","sequence":"additional","affiliation":[{"name":"Georgia Institute of Technology, Atlanta, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2011,3,28]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Hackers use twitter api to trigger malicious scripts. http:\/\/blog.unmaskparasites.com\/2009\/11\/11\/hackers-use-twitter-api-to-trigger-malicious-scripts\/ 2009.  Hackers use twitter api to trigger malicious scripts. http:\/\/blog.unmaskparasites.com\/2009\/11\/11\/hackers-use-twitter-api-to-trigger-malicious-scripts\/ 2009."},{"key":"e_1_3_2_1_2_1","volume-title":"Proc. NDSS","author":"Moshchuk A.","year":"2006"},{"key":"e_1_3_2_1_3_1","unstructured":"C. Seifert and R. Steenson. Capture - honeypot client (capture-hpc). https:\/\/projects.honeynet.org\/capture-hpc 2006.  C. Seifert and R. Steenson. Capture - honeypot client (capture-hpc). https:\/\/projects.honeynet.org\/capture-hpc 2006."},{"key":"e_1_3_2_1_4_1","volume-title":"Proc. NZCSRCS","author":"Seifert C.","year":"2007"},{"key":"e_1_3_2_1_5_1","unstructured":"C. Seifert R. Steenson T. Holz B. Yuan and M. A. Davis. Know your enemy: Malicious web servers. http:\/\/www.honeynet.org\/papers\/mws\/ 2007.  C. Seifert R. Steenson T. Holz B. Yuan and M. A. Davis. Know your enemy: Malicious web servers. http:\/\/www.honeynet.org\/papers\/mws\/ 2007."},{"key":"e_1_3_2_1_6_1","volume-title":"Proc. LEET","author":"Nazario J.","year":"2009"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2005.15"},{"key":"e_1_3_2_1_8_1","volume-title":"Proc. USENIX LEET","author":"Stokes J. W.","year":"2010"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866356"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. RAID","author":"Morley Mao Z.","year":"2007"},{"key":"e_1_3_2_1_12_1","volume-title":"Proc. USENIX SECURITY","author":"Provos N.","year":"2008"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.36"},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. NSDI","author":"Perdisci R.","year":"2010"},{"key":"e_1_3_2_1_15_1","volume-title":"Proc. USENIX OSDI","author":"Singh S.","year":"2004"},{"key":"e_1_3_2_1_16_1","volume-title":"Proc. NDSS","author":"Holz T.","year":"2008"},{"key":"e_1_3_2_1_17_1","unstructured":"The Honeynet Project. Know your enemy: Fast-flux service networks; an ever changing enemy. http:\/\/www.honeynet.org\/papers\/ff\/ 2007.  The Honeynet Project. Know your enemy: Fast-flux service networks; an ever changing enemy. http:\/\/www.honeynet.org\/papers\/ff\/ 2007."},{"key":"e_1_3_2_1_18_1","volume-title":"Proc. NDSS","author":"Bayer U.","year":"2009"},{"key":"e_1_3_2_1_19_1","volume-title":"Proc. USENIX SECURITY","author":"Yegneswaran V.","year":"2005"},{"key":"e_1_3_2_1_20_1","volume-title":"Proc. NDSS","author":"Wang Y.-M.","year":"2006"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402979"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.18"}],"event":{"name":"WWW '11: 20th International World Wide Web Conference","location":"Hyderabad India","acronym":"WWW '11","sponsor":["SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web","The International Institute of Information Technology Bangalore The International Institute of Information Technology Bangalore"]},"container-title":["Proceedings of the 20th international conference on World wide web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1963405.1963435","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1963405.1963435","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T10:52:18Z","timestamp":1750243938000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1963405.1963435"}},"subtitle":["GenerAting SignatuRes to Detect DRive-By DOWnloads"],"short-title":[],"issued":{"date-parts":[[2011,3,28]]},"references-count":22,"alternative-id":["10.1145\/1963405.1963435","10.1145\/1963405"],"URL":"https:\/\/doi.org\/10.1145\/1963405.1963435","relation":{},"subject":[],"published":{"date-parts":[[2011,3,28]]},"assertion":[{"value":"2011-03-28","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}