{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,2]],"date-time":"2026-05-02T14:58:39Z","timestamp":1777733919624,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":37,"publisher":"ACM","license":[{"start":{"date-parts":[[2012,12,10]],"date-time":"2012-12-10T00:00:00Z","timestamp":1355097600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2012,12,10]]},"DOI":"10.1145\/2413176.2413217","type":"proceedings-article","created":{"date-parts":[[2012,12,17]],"date-time":"2012-12-17T15:12:21Z","timestamp":1355757141000},"page":"349-360","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":127,"title":["BotFinder"],"prefix":"10.1145","author":[{"given":"Florian","family":"Tegeler","sequence":"first","affiliation":[{"name":"University of G\u00f6ttingen, G\u00f6ttingen, Germany"}]},{"given":"Xiaoming","family":"Fu","sequence":"additional","affiliation":[{"name":"University of G\u00f6ttingen, G\u00f6ttingen, Germany"}]},{"given":"Giovanni","family":"Vigna","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, CA, USA"}]},{"given":"Christopher","family":"Kruegel","sequence":"additional","affiliation":[{"name":"University of California, Santa Barbara, Santa Barbara, CA, USA"}]}],"member":"320","published-online":{"date-parts":[[2012,12,10]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Behavior-Based Malware Clustering. In NDSS","author":"Bayer U.","year":"2009","unstructured":"U. Bayer , P. M. Comparetti , C. Hlauschek , C. Kruegel , and E. Kirda . Scalable , Behavior-Based Malware Clustering. In NDSS , 2009 . U. Bayer, P. M. Comparetti, C. Hlauschek, C. Kruegel, and E. Kirda. Scalable, Behavior-Based Malware Clustering. In NDSS, 2009."},{"key":"e_1_3_2_1_2_1","volume-title":"Anubis: Analyzing Unknown Binaries. In http:\/\/anubis.iseclab.org\/","author":"Bayer U.","year":"2008","unstructured":"U. Bayer , C. Kruegel , and E. Kirda . Anubis: Analyzing Unknown Binaries. In http:\/\/anubis.iseclab.org\/ , 2008 . U. Bayer, C. Kruegel, and E. Kirda. Anubis: Analyzing Unknown Binaries. In http:\/\/anubis.iseclab.org\/, 2008."},{"key":"e_1_3_2_1_3_1","volume-title":"SRUTI","author":"Binkley J. R.","year":"2006","unstructured":"J. R. Binkley . An algorithm for anomaly-based botnet detection . In SRUTI , 2006 . J. R. Binkley. An algorithm for anomaly-based botnet detection. In SRUTI, 2006."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.18637\/jss.v033.i04"},{"key":"e_1_3_2_1_5_1","volume-title":"IETF","author":"Claise B.","year":"2004","unstructured":"B. Claise . Cisco systems netflow services export version 9. RFC 3954 , IETF , Oct. 2004 . B. Claise. Cisco systems netflow services export version 9. RFC 3954, IETF, Oct. 2004."},{"key":"e_1_3_2_1_6_1","volume-title":"SRUTI","author":"Cooke E.","year":"2005","unstructured":"E. Cooke , F. Jahanian , and D. McPherson . The Zombie roundup: understanding, detecting, and disrupting botnets . In SRUTI , 2005 . E. Cooke, F. Jahanian, and D. McPherson. The Zombie roundup: understanding, detecting, and disrupting botnets. In SRUTI, 2005."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920283"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455779"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1180405.1180414"},{"key":"e_1_3_2_1_10_1","volume-title":"USENIX Security","author":"Fogla P.","year":"2006","unstructured":"P. Fogla , M. Sharif , R. Perdisci , O. Kolesnikov , and W. Lee . Polymorphic blending attacks . In USENIX Security , 2006 . P. Fogla, M. Sharif, R. Perdisci, O. Kolesnikov, and W. Lee. Polymorphic blending attacks. In USENIX Security, 2006."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315292"},{"key":"e_1_3_2_1_12_1","volume-title":"IFIP Networking.","author":"Fran\u00fdois J.","year":"2011","unstructured":"J. Fran\u00fdois , S. Wang , R. State , and T. Engel . Bottrack: Tracking botnets using netflow and pagerank . In IFIP Networking. 2011 . J. Fran\u00fdois, S. Wang, R. State, and T. Engel. Bottrack: Tracking botnets using netflow and pagerank. In IFIP Networking. 2011."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_19"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_17"},{"key":"e_1_3_2_1_15_1","volume-title":"USENIX HotBots","author":"Goebel J.","year":"2007","unstructured":"J. Goebel and T. Holz . Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation . In USENIX HotBots , 2007 . J. Goebel and T. Holz. Rishi: Identify Bot Contaminated Hosts by IRC Nickname Evaluation. In USENIX HotBots, 2007."},{"key":"e_1_3_2_1_16_1","volume-title":"USENIX Security","author":"Gu G.","year":"2008","unstructured":"G. Gu , R. Perdisci , J. Zhang , and W. Lee . BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection . In USENIX Security , 2008 . G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering Analysis of Network Traffic for Protocol- and Structure-Independent Botnet Detection. In USENIX Security, 2008."},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Security","author":"Gu G.","year":"2007","unstructured":"G. Gu , P. Porras , V. Yegneswaran , M. Fong , and W. Lee . BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation . In USENIX Security , 2007 . G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation. In USENIX Security, 2007."},{"key":"e_1_3_2_1_18_1","volume-title":"NDSS","author":"Gu G.","year":"2008","unstructured":"G. Gu , J. Zhang , and W. Lee . BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic . In NDSS , 2008 . G. Gu, J. Zhang, and W. Lee. BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic. In NDSS, 2008."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the DEFCON conference","author":"Gutmann P.","year":"2007","unstructured":"P. Gutmann . The Commercial Malware Industry . In Proceedings of the DEFCON conference , 2007 . P. Gutmann. The Commercial Malware Industry. In Proceedings of the DEFCON conference, 2007."},{"key":"e_1_3_2_1_20_1","volume-title":"A k-means clustering algorithm. JSTOR: Applied Statistics, 28(1)","author":"Hartigan J. A.","year":"1979","unstructured":"J. A. Hartigan and M. A. Wong . A k-means clustering algorithm. JSTOR: Applied Statistics, 28(1) , 1979 . J. A. Hartigan and M. A. Wong. A k-means clustering algorithm. JSTOR: Applied Statistics, 28(1), 1979."},{"key":"e_1_3_2_1_21_1","volume-title":"USENIX Security","author":"Jacob G.","year":"2011","unstructured":"G. Jacob , R. Hund , C. Kruegel , and T. Holz . Jackstraws: Picking Command and Control Connections from Bot Traffic . USENIX Security , 2011 . G. Jacob, R. Hund, C. Kruegel, and T. Holz. Jackstraws: Picking Command and Control Connections from Bot Traffic. USENIX Security, 2011."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","DOI":"10.1002\/9780470316801","volume-title":"Finding Groups in Data An Introduction to Cluster Analysis","author":"Kaufman L.","year":"1990","unstructured":"L. Kaufman and P. Rousseeuw . Finding Groups in Data An Introduction to Cluster Analysis . Wiley Interscience , New York , 1990 . L. Kaufman and P. Rousseeuw. Finding Groups in Data An Introduction to Cluster Analysis. Wiley Interscience, New York, 1990."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0031-3203(98)00143-5"},{"key":"e_1_3_2_1_24_1","first-page":"2","volume-title":"Botgrep: finding","author":"Nagaraja S.","year":"2010","unstructured":"S. Nagaraja , P. Mittal , C.-Y. Hong , M. Caesar , and N. Borisov . Botgrep: finding p 2 p bots with structured graph analysis. In USENIX Security , 2010 . S. Nagaraja, P. Mittal, C.-Y. Hong, M. Caesar, and N. Borisov. Botgrep: finding p2p bots with structured graph analysis. In USENIX Security, 2010."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1389-1286(99)00112-7"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2006.26"},{"key":"e_1_3_2_1_27_1","volume-title":"USENIX NSDI","author":"Perdisci R.","year":"2010","unstructured":"R. Perdisci , W. Lee , and N. Feamster . Behavioral clustering of http-based malware and signature generation using malicious network traces . In USENIX NSDI , 2010 . R. Perdisci, W. Lee, and N. Feamster. Behavioral clustering of http-based malware and signature generation using malicious network traces. In USENIX NSDI, 2010."},{"key":"e_1_3_2_1_28_1","volume-title":"R: A Language and Environment for Statistical Computing","author":"Team R Development Core","year":"2010","unstructured":"R Development Core Team . R: A Language and Environment for Statistical Computing . R Foundation for Statistical Computing, Vienna , Austria , 2010 . R Development Core Team. R: A Language and Environment for Statistical Computing. R Foundation for Statistical Computing, Vienna, Austria, 2010."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_31_1","volume-title":"USENIX WOOT","author":"Stinson E.","year":"2008","unstructured":"E. Stinson and J. C. Mitchell . Towards systematic evaluation of the evadability of bot\/botnet detection methods . In USENIX WOOT , 2008 . E. Stinson and J. C. Mitchell. Towards systematic evaluation of the evadability of bot\/botnet detection methods. In USENIX WOOT, 2008."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2006.322100"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.csda.2006.12.016"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.5555\/1813084.1813104"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_11"}],"event":{"name":"CoNEXT '12: Conference on emerging Networking Experiments and Technologies","location":"Nice France","acronym":"CoNEXT '12","sponsor":["SIGCOMM ACM Special Interest Group on Data Communication"]},"container-title":["Proceedings of the 8th international conference on Emerging networking experiments and technologies"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2413176.2413217","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2413176.2413217","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T08:18:28Z","timestamp":1750234708000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2413176.2413217"}},"subtitle":["finding bots in network traffic without deep packet inspection"],"short-title":[],"issued":{"date-parts":[[2012,12,10]]},"references-count":37,"alternative-id":["10.1145\/2413176.2413217","10.1145\/2413176"],"URL":"https:\/\/doi.org\/10.1145\/2413176.2413217","relation":{},"subject":[],"published":{"date-parts":[[2012,12,10]]},"assertion":[{"value":"2012-12-10","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}