{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,21]],"date-time":"2026-02-21T18:51:13Z","timestamp":1771699873048,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":56,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,10,16]],"date-time":"2012-10-16T00:00:00Z","timestamp":1350345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,10,16]]},"DOI":"10.1145\/2382196.2382257","type":"proceedings-article","created":{"date-parts":[[2012,10,15]],"date-time":"2012-10-15T17:13:12Z","timestamp":1350321192000},"page":"581-592","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["PeerPress"],"prefix":"10.1145","author":[{"given":"Zhaoyan","family":"Xu","sequence":"first","affiliation":[{"name":"Texas A&M University, College Station, USA"}]},{"given":"Lingfeng","family":"Chen","sequence":"additional","affiliation":[{"name":"Texas A&M University, College Station, USA"}]},{"given":"Guofei","family":"Gu","sequence":"additional","affiliation":[{"name":"Texas A&M University, College Station, USA"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, USA"}]}],"member":"320","published-online":{"date-parts":[[2012,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Anubis: Analyzing Unknown Binaries. https:\/\/anubis.iseclab.org.  Anubis: Analyzing Unknown Binaries. https:\/\/anubis.iseclab.org."},{"key":"e_1_3_2_1_2_1","unstructured":"Conficker C Analysis Report . http:\/\/mtc.sri.com\/Conficker\/.  Conficker C Analysis Report . http:\/\/mtc.sri.com\/Conficker\/."},{"key":"e_1_3_2_1_3_1","unstructured":"DynamoRIO . http:\/\/dynamorio.org\/.  DynamoRIO . http:\/\/dynamorio.org\/."},{"key":"e_1_3_2_1_4_1","unstructured":"LibVex . http:\/\/http:\/\/valgrind.org\/.  LibVex . http:\/\/http:\/\/valgrind.org\/."},{"key":"e_1_3_2_1_5_1","unstructured":"OffensiveComputing. http:\/\/www.offensivecomputing.net\/.  OffensiveComputing. http:\/\/www.offensivecomputing.net\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Phabot. http:\/\/www.secureworks.com\/research\/threats\/phatbot\/?threat=phatbot.  Phabot. http:\/\/www.secureworks.com\/research\/threats\/phatbot\/?threat=phatbot."},{"key":"e_1_3_2_1_7_1","unstructured":"Sulley. http:\/\/code.google.com\/p\/sulley\/.  Sulley. http:\/\/code.google.com\/p\/sulley\/."},{"key":"e_1_3_2_1_8_1","unstructured":"Symantec Internet Security Threat Report. http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport.  Symantec Internet Security Threat Report. http:\/\/www.symantec.com\/business\/theme.jsp?themeid=threatreport."},{"key":"e_1_3_2_1_9_1","unstructured":"Temu . http:\/\/bitblaze.cs.berkeley.edu\/temu.html.  Temu . http:\/\/bitblaze.cs.berkeley.edu\/temu.html."},{"key":"e_1_3_2_1_10_1","unstructured":"Virustotal. https:\/\/www.virustotal.com\/.  Virustotal. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_1_11_1","unstructured":"Z3 EMT Solver . http:\/\/research.microsoft.com\/en-us\/um\/redmond\/projects\/z3\/.  Z3 EMT Solver . http:\/\/research.microsoft.com\/en-us\/um\/redmond\/projects\/z3\/."},{"key":"e_1_3_2_1_12_1","volume-title":"http:\/\/www.spamfighter.com\/Cybercriminals-Making\\\\-Sality-Virus-More-Complex-16068-News.htm","author":"Sality Virus More Complex Cybercriminals Making","year":"2011","unstructured":"Cybercriminals Making Sality Virus More Complex . http:\/\/www.spamfighter.com\/Cybercriminals-Making\\\\-Sality-Virus-More-Complex-16068-News.htm , 2011 . Cybercriminals Making Sality Virus More Complex. http:\/\/www.spamfighter.com\/Cybercriminals-Making\\\\-Sality-Virus-More-Complex-16068-News.htm, 2011."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.26"},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. of USENIX Security'07","author":"Brumley David","year":"2007","unstructured":"David Brumley , Juan Caballero , Zhenkai Liang , James Newsome , and Dawn Song . Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation . In Proc. of USENIX Security'07 , 2007 . David Brumley, Juan Caballero, Zhenkai Liang, James Newsome, and Dawn Song. Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation. In Proc. of USENIX Security'07, 2007."},{"key":"e_1_3_2_1_15_1","first-page":"65","volume-title":"Botnet Analysis and Defense","author":"Brumley David","year":"2008","unstructured":"David Brumley , Cody Hartwig , Zhenkai Liang , James Newsome , Pongsin Poosankam , Dawn Song , and Heng Yin . Automatically identifying trigger-based behavior in malware . In Wenke Lee, Cliff Wang, and David Dagon, editors, Botnet Analysis and Defense , volume 36 , pages 65 -- 88 . Springer , 2008 . David Brumley, Cody Hartwig, Zhenkai Liang, James Newsome, Pongsin Poosankam, Dawn Song, and Heng Yin. Automatically identifying trigger-based behavior in malware. In Wenke Lee, Cliff Wang, and David Dagon, editors, Botnet Analysis and Defense, volume 36, pages 65--88. Springer, 2008."},{"key":"e_1_3_2_1_16_1","volume-title":"Proc. of NDSS'10","author":"Caballero Juan","year":"2010","unstructured":"Juan Caballero , Noah M. Johnson , Stephen McCamant , and Dawn Song . Binary code extraction and interface identification for security applications . In Proc. of NDSS'10 , 2010 . Juan Caballero, Noah M. Johnson, Stephen McCamant, and Dawn Song. Binary code extraction and interface identification for security applications. In Proc. of NDSS'10, 2010."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653737"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866354"},{"key":"e_1_3_2_1_19_1","volume-title":"Proc. of NDSS'07","author":"Caballero Juan","year":"2007","unstructured":"Juan Caballero , Shobha Venkataraman , Pongsin Poosankam , Min Gyung Kang , Dawn Song , and Avrim Blum . FiG : Automatic fingerprint generation . In Proc. of NDSS'07 , 2007 . Juan Caballero, Shobha Venkataraman, Pongsin Poosankam, Min Gyung Kang, Dawn Song, and Avrim Blum. FiG: Automatic fingerprint generation. In Proc. of NDSS'07, 2007."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315286"},{"key":"e_1_3_2_1_21_1","volume-title":"Proc. of USENIX Security'11","author":"Cho Chia Yuan","year":"2011","unstructured":"Chia Yuan Cho , Domagoj Babic , Pongsin Poosankam , Kevin Zhijie Chen , Edward XueJun Wu , and Dawn Song . Mace : Model-inference-assisted concolic exploration for protocol and vulnerability discovery . In Proc. of USENIX Security'11 , 2011 . Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, and Dawn Song. Mace: Model-inference-assisted concolic exploration for protocol and vulnerability discovery. In Proc. of USENIX Security'11, 2011."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920283"},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of USENIX Security Symposium","author":"Cui W.","year":"2007","unstructured":"W. Cui , J. Kannan , and H. J. Wang . Discoverer: Automatic protocol description generation from network traces . In Proceedings of USENIX Security Symposium , Boston, MA , August 2007 . W. Cui, J. Kannan, and H. J. Wang. Discoverer: Automatic protocol description generation from network traces. In Proceedings of USENIX Security Symposium, Boston, MA, August 2007."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455820"},{"key":"e_1_3_2_1_25_1","volume-title":"Sality: Story of a peer-to-peer viral network. Technical report","author":"Falliere Nicolas","year":"2011","unstructured":"Nicolas Falliere . Sality: Story of a peer-to-peer viral network. Technical report , 2011 . Nicolas Falliere. Sality: Story of a peer-to-peer viral network. Technical report, 2011."},{"key":"e_1_3_2_1_26_1","unstructured":"Alexander Gostev. 2010: The year of the vulnerability . http:\/\/www.net-security.org\/article.php?id=1543 2010.  Alexander Gostev. 2010: The year of the vulnerability . http:\/\/www.net-security.org\/article.php?id=1543 2010."},{"key":"e_1_3_2_1_27_1","volume-title":"Proc. of USENIX HotBots'07","author":"Grizzard Julian B.","year":"2007","unstructured":"Julian B. Grizzard , Vikram Sharma , Chris Nunnery , Brent Kang , and David Dagon . Peer-to-peer botnets : Overview and case study . In Proc. of USENIX HotBots'07 , 2007 . Julian B. Grizzard, Vikram Sharma, Chris Nunnery, Brent Kang, and David Dagon. Peer-to-peer botnets: Overview and case study. In Proc. of USENIX HotBots'07, 2007."},{"key":"e_1_3_2_1_28_1","volume-title":"Automatic identification of cryptographic primitives in software. Master's thesis","author":"Grobert Flix","year":"2010","unstructured":"Flix Grobert . Automatic identification of cryptographic primitives in software. Master's thesis , Ruhr-University Bochum ,Germany, 2010 . Flix Grobert. Automatic identification of cryptographic primitives in software. Master's thesis, Ruhr-University Bochum,Germany, 2010."},{"key":"e_1_3_2_1_29_1","volume-title":"Wenke Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In Proc. of USENIX Security'08","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Roberto Perdisci , Junjie Zhang , and Wenke Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In Proc. of USENIX Security'08 , 2008 . Guofei Gu, Roberto Perdisci, Junjie Zhang, and Wenke Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In Proc. of USENIX Security'08, 2008."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.30"},{"key":"e_1_3_2_1_31_1","volume-title":"Wenke Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In Proceedings of USENIX Security'07","author":"Gu Guofei","year":"2007","unstructured":"Guofei Gu , Junjie Zhang , and Wenke Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In Proceedings of USENIX Security'07 , 2007 . Guofei Gu, Junjie Zhang, and Wenke Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In Proceedings of USENIX Security'07, 2007."},{"key":"e_1_3_2_1_32_1","volume-title":"Wenke Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In Proc. of NDSS'08","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Junjie Zhang , and Wenke Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In Proc. of NDSS'08 , 2008 . Guofei Gu, Junjie Zhang, and Wenke Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In Proc. of NDSS'08, 2008."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2009.5270322"},{"key":"e_1_3_2_1_34_1","volume-title":"Proc. of LEET'09","author":"Jelasity Mark","year":"2009","unstructured":"Mark Jelasity and Vilmos Bilicki . Towards automated detection of peer-to-peer botnets: on the limits of local approaches . In Proc. of LEET'09 , 2009 . Mark Jelasity and Vilmos Bilicki. Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In Proc. of LEET'09, 2009."},{"key":"e_1_3_2_1_35_1","volume-title":"Proc. of USENIX Security'06","author":"Kirda E.","year":"2006","unstructured":"E. Kirda , C. Kruegel , G. Banks , G. Vigna , and R. Kemmerer . Behavior-based spyware detection . In Proc. of USENIX Security'06 , 2006 . E. Kirda, C. Kruegel, G. Banks, G. Vigna, and R. Kemmerer. Behavior-based spyware detection. In Proc. of USENIX Security'06, 2006."},{"key":"e_1_3_2_1_36_1","volume-title":"Proc. of USENIX Security'09","author":"Kolbitsch Clemens","year":"2009","unstructured":"Clemens Kolbitsch , Paolo Milani Comparetti , Christopher Kruegel , Engin Kirda , Xiaoyong Zhou , and Xiaofeng Wang . Effective and efficient malware detection at the end host . In Proc. of USENIX Security'09 , 2009 . Clemens Kolbitsch, Paolo Milani Comparetti, Christopher Kruegel, Engin Kirda, Xiaoyong Zhou, and Xiaofeng Wang. Effective and efficient malware detection at the end host. In Proc. of USENIX Security'09, 2009."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.10"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866353"},{"key":"e_1_3_2_1_39_1","first-page":"307","volume-title":"SEC","author":"Leder Felix","year":"2009","unstructured":"Felix Leder and Peter Martini . Ngbpa : Next generation botnet protocol analysis . In SEC , pages 307 -- 317 , 2009 . Felix Leder and Peter Martini. Ngbpa: Next generation botnet protocol analysis. In SEC, pages 307--317, 2009."},{"key":"e_1_3_2_1_40_1","volume-title":"1st IEEE International Workshop on Source Code Analysis and Manipulation","author":"Lucia Andrea De","year":"2001","unstructured":"Andrea De Lucia . Program slicing : Methods and applications . In 1st IEEE International Workshop on Source Code Analysis and Manipulation , 2001 . Andrea De Lucia. Program slicing: Methods and applications. In 1st IEEE International Workshop on Source Code Analysis and Manipulation, 2001."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_11"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.17"},{"key":"e_1_3_2_1_43_1","volume-title":"Proc. of USENIX Security'10","author":"Nagaraja Shishir","year":"2010","unstructured":"Shishir Nagaraja , Prateek Mittal , Chi-Yao Hong , Matthew Caesar , and Nikita Borisov. Botgrep : finding p2p bots with structured graph analysis . In Proc. of USENIX Security'10 , 2010 . Shishir Nagaraja, Prateek Mittal, Chi-Yao Hong, Matthew Caesar, and Nikita Borisov. Botgrep: finding p2p bots with structured graph analysis. In Proc. of USENIX Security'10, 2010."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.12"},{"key":"e_1_3_2_1_45_1","unstructured":"Phillip Porras Hassen Saidi and Vinod Yegneswaran. An Analysis of Conficker's Logic and Rendezvous Points. http:\/\/mtc.sri.com\/Conficker\/ 2009.  Phillip Porras Hassen Saidi and Vinod Yegneswaran. An Analysis of Conficker's Logic and Rendezvous Points. http:\/\/mtc.sri.com\/Conficker\/ 2009."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.38"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572272.1572299"},{"key":"e_1_3_2_1_48_1","unstructured":"Joe Stewart. Inside the Storm. http:\/\/www.blackhat.com\/presentations\/bh-usa-08\/Stewart\/BH_US_08_Stewart_Protocols_of_the_Storm.pdf.  Joe Stewart. Inside the Storm. http:\/\/www.blackhat.com\/presentations\/bh-usa-08\/Stewart\/BH_US_08_Stewart_Protocols_of_the_Storm.pdf."},{"key":"e_1_3_2_1_49_1","volume-title":"WOOT'08","author":"Stinson Elizabeth","year":"2008","unstructured":"Elizabeth Stinson and John C. Mitchell . Towards systematic evaluation of the evadability of bot\/botnet detection methods . In WOOT'08 , 2008 . Elizabeth Stinson and John C. Mitchell. Towards systematic evaluation of the evadability of bot\/botnet detection methods. In WOOT'08, 2008."},{"key":"e_1_3_2_1_50_1","volume-title":"Analysis of the storm and nugache trojans: P2P is here. In ;login","author":"Stover S.","year":"2007","unstructured":"S. Stover , D. Dittrich , J. Hernandez , and S. Dietrich . Analysis of the storm and nugache trojans: P2P is here. In ;login , 2007 . S. Stover, D. Dittrich, J. Hernandez, and S. Dietrich. Analysis of the storm and nugache trojans: P2P is here. In ;login, 2007."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.37"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653696"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.5555\/1813084.1813102"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.5555\/1776434.1776451"},{"key":"e_1_3_2_1_55_1","first-page":"2","volume-title":"PeerPress: Fast and reliable detection of","author":"Xu Zhaoyan","year":"2012","unstructured":"Zhaoyan Xu , Lingfeng Chen , and Guofei Gu . PeerPress: Fast and reliable detection of p 2 p malware (and beyond). Technical report, Texas A&M University , 2012 . Zhaoyan Xu, Lingfeng Chen, and Guofei Gu. PeerPress: Fast and reliable detection of p2p malware (and beyond). Technical report, Texas A&M University, 2012."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"event":{"name":"CCS'12: the ACM Conference on Computer and Communications Security","location":"Raleigh North Carolina USA","acronym":"CCS'12","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2012 ACM conference on Computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382257","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2382196.2382257","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T09:34:48Z","timestamp":1750239288000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2382196.2382257"}},"subtitle":["utilizing enemies' P2P strength against them"],"short-title":[],"issued":{"date-parts":[[2012,10,16]]},"references-count":56,"alternative-id":["10.1145\/2382196.2382257","10.1145\/2382196"],"URL":"https:\/\/doi.org\/10.1145\/2382196.2382257","relation":{},"subject":[],"published":{"date-parts":[[2012,10,16]]},"assertion":[{"value":"2012-10-16","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}