{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T23:14:20Z","timestamp":1763507660268,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2011,12,5]],"date-time":"2011-12-05T00:00:00Z","timestamp":1323043200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004955","name":"\u00d6sterreichische Forschungsf\u00f6rderungsgesellschaft","doi-asserted-by":"publisher","award":["820854 (TRUDIE)"],"award-info":[{"award-number":["820854 (TRUDIE)"]}],"id":[{"id":"10.13039\/501100004955","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004963","name":"Seventh Framework Programme","doi-asserted-by":"publisher","award":["257007 (SysSec)"],"award-info":[{"award-number":["257007 (SysSec)"]}],"id":[{"id":"10.13039\/501100004963","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2011,12,5]]},"DOI":"10.1145\/2076732.2076736","type":"proceedings-article","created":{"date-parts":[[2011,12,13]],"date-time":"2011-12-13T15:46:00Z","timestamp":1323791160000},"page":"21-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["Detecting malware's failover C&amp;C strategies with squeeze"],"prefix":"10.1145","author":[{"given":"Matthias","family":"Neugschwandtner","sequence":"first","affiliation":[{"name":"Vienna University of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Paolo Milani","family":"Comparetti","sequence":"additional","affiliation":[{"name":"Vienna University of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Platzer","sequence":"additional","affiliation":[{"name":"Vienna University of Technology"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2011,12,5]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_2_1","unstructured":"Decker A. Sancho D. Kharouni L. Goncharov M. McArdle R.: A study of the Pushdo\/Cutwail Botnet. http:\/\/us.trendmicro.com\/imperia\/md\/content\/us\/pdf\/threats\/securitylibrary\/Study_of_pushdo.pdf (2009)  Decker A. Sancho D. Kharouni L. Goncharov M. McArdle R.: A study of the Pushdo\/Cutwail Botnet. http:\/\/us.trendmicro.com\/imperia\/md\/content\/us\/pdf\/threats\/securitylibrary\/Study_of_pushdo.pdf (2009)"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"volume-title":"Proceedings of the First Workshop on Hot Topics in Understanding Botnets. (2007)","author":"Chiang K.","key":"e_1_3_2_1_4_1"},{"volume-title":"International Conference on Privacy, Security and Trust. (2010)","author":"Binsalleeh H.","key":"e_1_3_2_1_5_1"},{"volume-title":"D.: Peer-to-Peer Botnets: Overview and Case Study. In: Proceedings of the First Workshop on Hot Topics in Understanding Botnets table of contents. (2007)","author":"Grizzard J. B.","key":"e_1_3_2_1_6_1"},{"volume-title":"Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. (2008)","author":"Holz T.","key":"e_1_3_2_1_7_1"},{"volume-title":"3rd International Conference On Malicious and Unwanted Software (Malware). (2008)","author":"Dittrich D.","key":"e_1_3_2_1_8_1"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2009.10"},{"key":"e_1_3_2_1_10_1","unstructured":"Fitzgibbon N. Wood M.: Conficker. C: A technical analysis. http:\/\/www.sophos.com\/sophos\/docs\/eng\/marketing_material\/conficker-analysis.pdf (2009)  Fitzgibbon N. Wood M.: Conficker. C: A technical analysis. http:\/\/www.sophos.com\/sophos\/docs\/eng\/marketing_material\/conficker-analysis.pdf (2009)"},{"volume-title":"5th International Conference On Malicious and Unwanted Software (Malware). (2010)","author":"Thomas K.","key":"e_1_3_2_1_11_1"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533064"},{"volume-title":"USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). (2010)","author":"Cho C. Y.","key":"e_1_3_2_1_13_1"},{"volume-title":"USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET). (2011)","author":"Stone-Gross B.","key":"e_1_3_2_1_14_1"},{"key":"e_1_3_2_1_15_1","unstructured":"Mushtaq A.: Smashing the Mega-d\/Ozdok botnet in 24 hours. http:\/\/blog.fireeye.com\/research\/2009\/11\/smashing-the-ozdok.html (2009)  Mushtaq A.: Smashing the Mega-d\/Ozdok botnet in 24 hours. http:\/\/blog.fireeye.com\/research\/2009\/11\/smashing-the-ozdok.html (2009)"},{"key":"e_1_3_2_1_16_1","unstructured":"Krebs B.: Takedowns: The Shuns and Stuns That Take the Fight to the Enemy. McAfee Security Jouranl (6) (2010)  Krebs B.: Takedowns: The Shuns and Stuns That Take the Fight to the Enemy. McAfee Security Jouranl (6) (2010)"},{"key":"e_1_3_2_1_17_1","unstructured":"Cranton T.: Cracking Down on Botnets. http:\/\/blogs.technet.com\/b\/microsoft\\_blog\/archive\/2010\/02\/25\/cracking-down-on-botnets.aspx (2011)  Cranton T.: Cracking Down on Botnets. http:\/\/blogs.technet.com\/b\/microsoft\\_blog\/archive\/2010\/02\/25\/cracking-down-on-botnets.aspx (2011)"},{"key":"e_1_3_2_1_18_1","unstructured":"Krebs B.: Researchers Kneecap Pushdo Spam Botnet. http:\/\/krebsonsecurity.com\/2010\/08\/researchers-kneecap-pushdo-spam-botnet\/(2010)  Krebs B.: Researchers Kneecap Pushdo Spam Botnet. http:\/\/krebsonsecurity.com\/2010\/08\/researchers-kneecap-pushdo-spam-botnet\/(2010)"},{"key":"e_1_3_2_1_19_1","unstructured":"Boscovich R.: Taking Down Botnets: Microsoft and the Rustock Botnet. http:\/\/blogs.technet.com\/b\/microsoft\\_blog\/archive\/2011\/03\/17\/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx (2011)  Boscovich R.: Taking Down Botnets: Microsoft and the Rustock Botnet. http:\/\/blogs.technet.com\/b\/microsoft\\_blog\/archive\/2011\/03\/17\/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx (2011)"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.29"},{"volume-title":"E.: TTAnalyze: A Tool for Analyzing Malware. In: Proceedings of the 15th European Institute for Computer Antivirus Research (EICAR 2006) Annual Conference. (2006)","author":"Bayer U.","key":"e_1_3_2_1_21_1"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"volume-title":"Proceedings of the 14th European conference on Research in computer security (ESORICS). (2009)","author":"Wurzinger P.","key":"e_1_3_2_1_23_1"},{"volume-title":"N.: Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces. In: USENIX conference on Networked Systems Design and Implementation (NSDI). (2010)","author":"Perdisci R.","key":"e_1_3_2_1_24_1"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1774088.1774506"},{"volume-title":"USENIX Security Symposium. (2011)","author":"Jacob G.","key":"e_1_3_2_1_26_1"},{"key":"e_1_3_2_1_27_1","unstructured":"Bayer U. Milani Comparetti P. Kruegel C. Kirda E.: Scalable Behavior-Based Malware Clustering. In: Network and Distributed System Security (NDSS). (2009)  Bayer U. Milani Comparetti P. Kruegel C. Kirda E.: Scalable Behavior-Based Malware Clustering. In: Network and Distributed System Security (NDSS). (2009)"},{"volume-title":"USENIX Annual Technical Conference. (2005)","author":"Bellard F.","key":"e_1_3_2_1_28_1"},{"volume-title":"USENIX Systems Administration Conference (LISA). (1999)","author":"Roesch M.","key":"e_1_3_2_1_29_1"},{"key":"e_1_3_2_1_30_1","unstructured":"Mushtaq A.: World's Top Malware. http:\/\/blog.fireeye.com\/research\/2010\/07\/worlds_top_modern_malware.html (2010)  Mushtaq A.: World's Top Malware. http:\/\/blog.fireeye.com\/research\/2010\/07\/worlds_top_modern_malware.html (2010)"},{"key":"e_1_3_2_1_31_1","unstructured":"Williams J.: Bredolab Takedown Another Win for Collaboration. http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2010\/10\/26\/bredolab-takedown-another-win-for-collaboration.aspx (2010)  Williams J.: Bredolab Takedown Another Win for Collaboration. http:\/\/blogs.technet.com\/b\/mmpc\/archive\/2010\/10\/26\/bredolab-takedown-another-win-for-collaboration.aspx (2010)"},{"key":"e_1_3_2_1_32_1","unstructured":"Rashid F. Y.: Harnig Botnet Goes Offline After Rustock Raid. http:\/\/www.eweekeurope.co.uk\/news\/harnig-botnet-goes-offline-after-rustock-raid-25588 (2011)  Rashid F. Y.: Harnig Botnet Goes Offline After Rustock Raid. http:\/\/www.eweekeurope.co.uk\/news\/harnig-botnet-goes-offline-after-rustock-raid-25588 (2011)"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.2307\/3001968"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.10"},{"volume-title":"IEEE International Conference on Dependable Systems and Networks (DSN). (2008)","author":"Chen X.","key":"e_1_3_2_1_35_1"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/1655148.1655151"},{"volume-title":"G.: Efficient Detection of Split Personalities in Malware. In: Network and Distributed System Security Symposium (NDSS). (2010)","author":"Balzarotti D.","key":"e_1_3_2_1_38_1"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.41"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_18"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.40"},{"volume-title":"Proceedings of The 15th Annual Network and Distributed System Security Symposium (NDSS 2008","year":"2008","author":"Gu G.","key":"e_1_3_2_1_42_1"},{"key":"e_1_3_2_1_43_1","unstructured":"Krebs B.: Naming and Shaming 'Bad' ISPs. http:\/\/krebsonsecurity.com\/2010\/03\/naming-and-shaming-bad-isps\/(2010)  Krebs B.: Naming and Shaming 'Bad' ISPs. http:\/\/krebsonsecurity.com\/2010\/03\/naming-and-shaming-bad-isps\/(2010)"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180445"},{"volume-title":"Symp. on Recent Advances in Intrusion Detection (RAID). (2007)","author":"Wilhelm J.","key":"e_1_3_2_1_46_1"},{"key":"e_1_3_2_1_47_1","unstructured":"Brumley D. Hartwig C. Liang Z. Newsome J. Poosankam P. Song D. Yin H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection. (2008)  Brumley D. Hartwig C. Liang Z. Newsome J. Poosankam P. Song D. Yin H.: Automatically identifying trigger-based behavior in malware. In: Botnet Detection. (2008)"},{"key":"e_1_3_2_1_48_1","unstructured":"Sharif M. I. Lanzi A. Giffin J. T. Lee W.: Impeding malware analysis using conditional code obfuscation. In: Network and Distributed System Security (NDSS). (2008)  Sharif M. I. Lanzi A. Giffin J. T. Lee W.: Impeding malware analysis using conditional code obfuscation. In: Network and Distributed System Security (NDSS). (2008)"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.12"}],"event":{"name":"ACSAC '11: Annual Computer Security Applications Conference","sponsor":["ACSA Applied Computing Security Assoc"],"location":"Orlando Florida USA","acronym":"ACSAC '11"},"container-title":["Proceedings of the 27th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2076732.2076736","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2076732.2076736","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:54:45Z","timestamp":1750240485000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2076732.2076736"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2011,12,5]]},"references-count":49,"alternative-id":["10.1145\/2076732.2076736","10.1145\/2076732"],"URL":"https:\/\/doi.org\/10.1145\/2076732.2076736","relation":{},"subject":[],"published":{"date-parts":[[2011,12,5]]},"assertion":[{"value":"2011-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}