{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T18:15:31Z","timestamp":1777486531788,"version":"3.51.4"},"reference-count":155,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2013,8,1]],"date-time":"2013-08-01T00:00:00Z","timestamp":1375315200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2013,8]]},"abstract":"Of all current threats to cybersecurity, botnets are at the top of the list. In consequence, interest in this problem is increasing rapidly among the research community and the number of publications on the question has grown exponentially in recent years. This article proposes a taxonomy of botnet research and presents a survey of the field to provide a comprehensive overview of all these contributions. Furthermore, we hope to provide researchers with a clear perspective of the gaps that remain to be filled in our defenses against botnets. The taxonomy is based upon the botnet's life-cycle, defined as the sequence of stages a botnet needs to pass through in order to reach its goal.<\/jats:p>\n This approach allows us to consider the problem of botnets from a global perspective, which constitutes a key difference from other taxonomies that have been proposed. Under this novel taxonomy, we conclude that all attempts to defeat botnets should be focused on one or more stages of this life-cycle. In fact, the sustained hindering of any of the stages makes it possible to thwart a botnet's progress and thus render it useless. We test the potential capabilities of our taxonomy by means of a survey of current botnet research, and find it genuinely useful in understanding the focus of the different contributions in this field.<\/jats:p>","DOI":"10.1145\/2501654.2501659","type":"journal-article","created":{"date-parts":[[2013,8,27]],"date-time":"2013-08-27T12:58:51Z","timestamp":1377608331000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":79,"title":["Survey and taxonomy of botnet research through life-cycle"],"prefix":"10.1145","volume":"45","author":[{"given":"Rafael A.","family":"Rodr\u00edguez-G\u00f3mez","sequence":"first","affiliation":[{"name":"University of Granada, Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gabriel","family":"Maci\u00e1-Fern\u00e1ndez","sequence":"additional","affiliation":[{"name":"University of Granada, Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pedro","family":"Garc\u00eda-Teodoro","sequence":"additional","affiliation":[{"name":"University of Granada, Granada, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2013,8,30]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"key":"e_1_2_1_2_1","unstructured":"Abuse.Ch 2011. Zeus gets more sophisticated using P2P techniques. Tech. rep. http:\/\/www.abuse.ch\/?p=3499. Abuse.Ch 2011. Zeus gets more sophisticated using P2P techniques. Tech. rep. http:\/\/www.abuse.ch\/?p=3499."},{"key":"e_1_2_1_3_1","volume-title":"Proceedings of the IEEE International Conference on Communications (ICC'09)","author":"Al-Duwairi B."},{"key":"e_1_2_1_4_1","unstructured":"Amini P. 2008. Kraken botnet infiltration. Tech. rep. DVLabs. http:\/\/dvlabs.tippingpoint.com\/blog\/2008\/04\/28\/kraken-botnetinfiltration. Amini P. 2008. Kraken botnet infiltration. Tech. rep. DVLabs. http:\/\/dvlabs.tippingpoint.com\/blog\/2008\/04\/28\/kraken-botnetinfiltration."},{"key":"e_1_2_1_5_1","volume-title":"Proceedings of the 20th USENIX Conference on Security (SEC'11)","author":"Antonakakis M."},{"key":"e_1_2_1_6_1","unstructured":"Apec. 2008. Guide on policy and technical approaches against botnet. Tech. rep. Telecommunications and Information Working Group Asia-Pacific Economic Cooperation (APEC). http:\/\/publications.apec.org\/publication-detail.php?pub_id=145. Apec. 2008. Guide on policy and technical approaches against botnet. Tech. rep. Telecommunications and Information Working Group Asia-Pacific Economic Cooperation (APEC). http:\/\/publications.apec.org\/publication-detail.php?pub_id=145."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSECP.2003.1177002"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2009.56"},{"key":"e_1_2_1_9_1","unstructured":"Bacher P. Holz T. Kotter M. and Wicherski G. 2008. Know your enemy: Tracking botnets. Tech. rep. The Honeynet Project. October. http:\/\/www.honeynet.org\/book\/export\/html\/50. Bacher P. Holz T. Kotter M. and Wicherski G. 2008. Know your enemy: Tracking botnets. Tech. rep. The Honeynet Project. October. http:\/\/www.honeynet.org\/book\/export\/html\/50."},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.40"},{"key":"e_1_2_1_11_1","unstructured":"Balas E. 2004. Know your Enemy: Learning about Security Threats 2nd Ed. Addison Wesley. Balas E. 2004. Know your Enemy: Learning about Security Threats 2 nd Ed. Addison Wesley."},{"key":"e_1_2_1_12_1","first-page":"171","article-title":"An inside look at botnets. In ARO-DHS Special Workshop on Malware Detection","volume":"27","author":"Barford P.","year":"2007","journal-title":"Advances in Information Security Series"},{"key":"e_1_2_1_13_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS'11)","author":"Bilge L."},{"key":"e_1_2_1_14_1","volume-title":"Proceedings of the USENIX Steps to Reducing Unwanted Traffic on the Internet Workshop (SRUTI'06)","author":"Binkley J. R.","year":"2006"},{"key":"e_1_2_1_15_1","unstructured":"Boyd C. 2010. The diy twitter botnet creator. http:\/\/www.gfi.com\/blog\/the-diy-twitter-botnet-creator\/. Boyd C. 2010. The diy twitter botnet creator. http:\/\/www.gfi.com\/blog\/the-diy-twitter-botnet-creator\/."},{"key":"e_1_2_1_16_1","unstructured":"Brosch T. and Morgenstern M. 2006. Runtime rackers: The hidden problem? Tech. rep. Black Hat. http:\/\/www.blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Morgenstern.pdf. Brosch T. and Morgenstern M. 2006. Runtime rackers: The hidden problem? Tech. rep. Black Hat. http:\/\/www.blackhat.com\/presentations\/bh-usa-06\/BH-US-06-Morgenstern.pdf."},{"key":"e_1_2_1_17_1","volume-title":"Proceedings of the 20th USENIX Conference on Security (SEC'11)","author":"Caballero J."},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653737"},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1558607.1558662"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.44"},{"key":"e_1_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Calvet J. Davis C. and Bureau P.-M. 2009. Malware authors don't learn and that's good! In Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE'09). 88--97. Calvet J. Davis C. and Bureau P.-M. 2009. Malware authors don't learn and that's good! In Proceedings of the 4 th International Conference on Malicious and Unwanted Software (MALWARE'09). 88--97.","DOI":"10.1109\/MALWARE.2009.5403013"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1654988.1654996"},{"key":"e_1_2_1_23_1","volume-title":"Proceedings of the International Computer Symposium (ICS'10)","author":"Chen C.-M."},{"key":"e_1_2_1_24_1","unstructured":"Chien E. 2010. W32.stuxnet dossier. Tech. rep. Symantec. Septemeber. http:\/\/www.symantec.com\/connect\/blogs\/w32stuxnet-dossier. Chien E. 2010. W32.stuxnet dossier. Tech. rep. Symantec. Septemeber. http:\/\/www.symantec.com\/connect\/blogs\/w32stuxnet-dossier."},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866355"},{"key":"e_1_2_1_26_1","volume-title":"Proceedings of the 7th IEEE International Conference on Computer and Information Technology (CIT'07)","author":"Choi H."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1298306.1298319"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1561\/1500000006"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920283"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1109\/EC2ND.2009.15"},{"key":"e_1_2_1_31_1","volume-title":"Proceedings of the 23rd Annual Computer Security Applications Conference (ACSAC'07)","author":"Dagon D."},{"key":"e_1_2_1_32_1","volume-title":"Proceedings of the Network and Distributed System Security Symposium (NDSS'06)","author":"Dagon D."},{"key":"e_1_2_1_33_1","unstructured":"Danchev D. 2010. DIY botnet kit spotted in the wild. http:\/\/www.zdnet.com\/blog\/security\/diy-botnet-kitspotted-in-the-wild\/9440. Danchev D. 2010. DIY botnet kit spotted in the wild. http:\/\/www.zdnet.com\/blog\/security\/diy-botnet-kitspotted-in-the-wild\/9440."},{"key":"e_1_2_1_34_1","volume-title":"Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association. 11","author":"Daswani N."},{"key":"e_1_2_1_35_1","volume-title":"Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE'09)","author":"Davis C."},{"key":"e_1_2_1_36_1","volume-title":"Proceedings of the 3rd International Conference on Malicious and Unwanted Software (MALWARE'08)","author":"Davis C."},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2003.10.003"},{"key":"e_1_2_1_38_1","volume-title":"Proceedings of the 28th Conference on Computer Communications (INFOCOM'09)","author":"Duan Z."},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-02918-9_6"},{"key":"e_1_2_1_40_1","volume-title":"Botnets: Detection, measurement, disinfection and defence. Tech. rep.","author":"Enisa","year":"2011"},{"key":"e_1_2_1_41_1","volume-title":"Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE'09)","author":"Faghani M."},{"key":"e_1_2_1_42_1","volume-title":"Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'10)","author":"Fallmann H."},{"key":"e_1_2_1_43_1","unstructured":"Fbi. 2007. Over one million potential victims of botnet cyber crime. Tech. rep. FBI Press Release. June. http:\/\/www.fbi.gov\/news\/pressrel\/press-releases\/over-1-million-potential-victims-of-botnet-cyber-crime. Fbi. 2007. Over one million potential victims of botnet cyber crime. Tech. rep. FBI Press Release. June. http:\/\/www.fbi.gov\/news\/pressrel\/press-releases\/over-1-million-potential-victims-of-botnet-cyber-crime."},{"key":"e_1_2_1_44_1","unstructured":"Fbi. 2010. Another pleads guilty in botnet hacking conspiracy. Tech. rep. FBI Press Release. June. http:\/\/www.fbi.gov\/dallas\/press-releases\/2010\/dl061010.htm. Fbi. 2010. Another pleads guilty in botnet hacking conspiracy. Tech. rep. FBI Press Release. June. http:\/\/www.fbi.gov\/dallas\/press-releases\/2010\/dl061010.htm."},{"key":"e_1_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2009.48"},{"key":"e_1_2_1_46_1","unstructured":"Fortinet. 2010. Fortinet august threat landscape report shows return of ransomware and rise of \u201cdo-it-yourself\u201d botnets. http:\/\/investor.fortinet.com\/releasedetail.cfm?releaseid=504094. Fortinet. 2010. Fortinet august threat landscape report shows return of ransomware and rise of \u201cdo-it-yourself\u201d botnets. http:\/\/investor.fortinet.com\/releasedetail.cfm?releaseid=504094."},{"key":"e_1_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315292"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_19"},{"key":"e_1_2_1_49_1","volume-title":"Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association","author":"Goebel J."},{"key":"e_1_2_1_50_1","volume-title":"Proceedings of the IEEE International Conference on Electro\/Information Technology. 215--220","author":"Govil J."},{"key":"e_1_2_1_51_1","volume-title":"Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association","author":"Grizzard J. B."},{"key":"e_1_2_1_52_1","volume-title":"Proceedings of the 17th USENIX Security Symposium (Security'08)","author":"Gu G."},{"key":"e_1_2_1_53_1","volume-title":"Proceedings of 16th USENIX Security Symposium. 167--182","author":"Gu G."},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.30"},{"key":"e_1_2_1_55_1","volume-title":"Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)","author":"Gu G."},{"key":"e_1_2_1_56_1","volume-title":"Proceedings of the IEEE\/IFIP International Conference on Dependable Systems Networks (DSN'09)","author":"Ha D."},{"key":"e_1_2_1_57_1","unstructured":"Harley D. Vibert R. S. Bechtel K. Blanchard M. Diemer H. Lee A. Muttik I. and Zdrnja B. 2007. AVIEN Malware Defense Guide for the Enterprise. Elsevier. Harley D. Vibert R. S. Bechtel K. Blanchard M. Diemer H. Lee A. Muttik I. and Zdrnja B. 2007. AVIEN Malware Defense Guide for the Enterprise. Elsevier."},{"key":"e_1_2_1_58_1","volume-title":"Proceedings of the 14th European Conference on Research in Computer Security (ESORICS'09)","author":"Holz T."},{"key":"e_1_2_1_59_1","volume-title":"Proceedings of the 15th Network and Distributed System Security Conference (NDSS'08)","author":"Holz T."},{"key":"e_1_2_1_60_1","volume-title":"Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08)","author":"Holz T."},{"key":"e_1_2_1_61_1","unstructured":"Honeynet Project. 2007. Know your enemy: Fast-flux service networks. Tech. rep. The Honeynet Project. July. http:\/\/www.honeynet.org\/book\/export\/html\/130. Honeynet Project. 2007. Know your enemy: Fast-flux service networks. Tech. rep. The Honeynet Project. July. http:\/\/www.honeynet.org\/book\/export\/html\/130."},{"key":"e_1_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.5555\/1488723.1488746"},{"key":"e_1_2_1_63_1","volume-title":"Proceedings of the 9th Malaysia International Conference on Communications (MICC'09)","author":"Il Jang D."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.26"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecTech.2008.53"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.5555\/1848648.1849010"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.11"},{"key":"e_1_2_1_68_1","unstructured":"Juniper. 2012. 2011 Mobile threats report. Tech. rep. Juniper Networks. February. http:\/\/www.juniper. net\/us\/en\/local\/pdf\/additional-resources\/jnpr-2011-mobile-threats-report.pdf. Juniper. 2012. 2011 Mobile threats report. Tech. rep. Juniper Networks. February. http:\/\/www.juniper. net\/us\/en\/local\/pdf\/additional-resources\/jnpr-2011-mobile-threats-report.pdf."},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533064"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/NSWCTC.2010.10"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1109\/NSWCTC.2009.107"},{"key":"e_1_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1145\/1455770.1455774"},{"key":"e_1_2_1_73_1","volume-title":"Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET'08)","author":"Kanich C."},{"key":"e_1_2_1_74_1","volume-title":"Proceedings of the USENIX Security Symposium.","author":"Kanich C."},{"key":"e_1_2_1_75_1","unstructured":"Leder F. and Werner T. 2009. Know your enemy: Containing conficker. Tech. rep. The Honeynet Project. April. http:\/\/www.honeynet.org\/files\/KYE-Conficker.pdf. Leder F. and Werner T. 2009. Know your enemy: Containing conficker. Tech. rep. The Honeynet Project. April. http:\/\/www.honeynet.org\/files\/KYE-Conficker.pdf."},{"key":"e_1_2_1_76_1","volume-title":"Proceedings of the 1st Conference on Cyber Warfare (CCDECEO'09)","author":"Leder F."},{"key":"e_1_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1109\/SecTech.2008.52"},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2011.24"},{"key":"e_1_2_1_79_1","volume-title":"Proceedings of the 4th International Conference on Innovative Computing, Information and Control (ICICIC'09)","author":"Li C."},{"key":"e_1_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1109\/ISISE.2009.18"},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533063"},{"key":"e_1_2_1_82_1","volume-title":"Proceedings of the International Conference on Internet Technology and Applications. 1--4.","author":"Liao W.-H."},{"key":"e_1_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1155\/2009\/692654"},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/1413140.1413185"},{"key":"e_1_2_1_85_1","doi-asserted-by":"publisher","DOI":"10.1109\/IAS.2008.58"},{"key":"e_1_2_1_86_1","unstructured":"Mcaffe. 2009. Mcafee threats report: First quarter 2009. http:\/\/resources.mcafee.com\/content\/AvertReportQ109. Mcaffe. 2009. Mcafee threats report: First quarter 2009. http:\/\/resources.mcafee.com\/content\/AvertReportQ109."},{"key":"e_1_2_1_87_1","unstructured":"Mcelroy W. 2007. In child porn case technology entraps the innocent. Tech. rep. Fox News. Mcelroy W. 2007. In child porn case technology entraps the innocent. Tech. rep. Fox News."},{"key":"e_1_2_1_88_1","unstructured":"Mirkovic J. Dietrich S. Dittrich D. and Reiher P. 2004. Internet Denial of Service. Attack and Defense Mechanisms. Prentice Hall. Mirkovic J. Dietrich S. Dittrich D. and Reiher P. 2004. Internet Denial of Service. Attack and Defense Mechanisms. Prentice Hall."},{"key":"e_1_2_1_89_1","doi-asserted-by":"publisher","DOI":"10.1145\/997150.997156"},{"key":"e_1_2_1_90_1","doi-asserted-by":"publisher","DOI":"10.1145\/1900546.1900566"},{"key":"e_1_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1145\/2068816.2068824"},{"key":"e_1_2_1_92_1","volume-title":"Proceedings of the 19th USENIX Conference on Security. USENIX Association","author":"Nagaraja S."},{"key":"e_1_2_1_93_1","unstructured":"Namestnikov Y. 2009. The economics of botnets. Tech. rep. Securelist. July. http:\/\/www.securelist.com\/en\/downloads\/pdf\/ynam_botnets_0907_en.pdf. Namestnikov Y. 2009. The economics of botnets. Tech. rep. Securelist. July. http:\/\/www.securelist.com\/en\/downloads\/pdf\/ynam_botnets_0907_en.pdf."},{"key":"e_1_2_1_94_1","volume-title":"Proceedings of the 7th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA'10)","author":"Nappa A."},{"key":"e_1_2_1_95_1","unstructured":"Nazario J. 2009. Twitter-based botnet command channel. Tech. rep. Arbor SERT. August. http:\/\/ddos. arbornetworks.com\/2009\/08\/twitter-based-botnet-command-channel\/. Nazario J. 2009. Twitter-based botnet command channel. Tech. rep. Arbor SERT. August. http:\/\/ddos. arbornetworks.com\/2009\/08\/twitter-based-botnet-command-channel\/."},{"key":"e_1_2_1_96_1","volume-title":"Proceedings of the 3rd International Conference on Malicious and Unwanted Software (MALWARE'08)","author":"Nazario J."},{"key":"e_1_2_1_97_1","unstructured":"Nvd. 2010. Vulnerabilities in the last three years. Tech. rep. National Vulnerability Database. http:\/\/nvd.nist.gov\/. Nvd. 2010. Vulnerabilities in the last three years. Tech. rep. National Vulnerability Database. http:\/\/nvd.nist.gov\/."},{"key":"e_1_2_1_98_1","volume-title":"Proceedings of the 17th Conference on Security Symposium (SS'08)","author":"Oberheide J."},{"key":"e_1_2_1_99_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_10"},{"key":"e_1_2_1_100_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.36"},{"key":"e_1_2_1_101_1","doi-asserted-by":"publisher","DOI":"10.1109\/NSS.2009.46"},{"key":"e_1_2_1_102_1","unstructured":"Pointer R. 1993. Home page of eggdrop botnet. http:\/\/s23.org\/wiki\/Eggdrop. Pointer R. 1993. Home page of eggdrop botnet. http:\/\/s23.org\/wiki\/Eggdrop."},{"key":"e_1_2_1_103_1","volume-title":"Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats. USENIX Association","author":"Polychronakis M."},{"key":"e_1_2_1_104_1","volume-title":"Proceedings of the 16th USENIX Security Symposium. USENIX Association, 275--290","author":"Popov I. V."},{"key":"e_1_2_1_105_1","volume-title":"Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET'09)","author":"Porras P."},{"key":"e_1_2_1_106_1","unstructured":"Porras P. Saidi H. and Yegneswaran V. 2007. A multiperspective analysis of the storm (peacomm) worm. Tech. rep. Cyber-ta project page. http:\/\/www.cyber-ta.org\/pubs\/StormWorm\/SRITechnical-Report-10-01-Storm-Analysis.pdf. Porras P. Saidi H. and Yegneswaran V. 2007. A multiperspective analysis of the storm (peacomm) worm. Tech. rep. Cyber-ta project page. http:\/\/www.cyber-ta.org\/pubs\/StormWorm\/SRITechnical-Report-10-01-Storm-Analysis.pdf."},{"key":"e_1_2_1_107_1","unstructured":"Priestley M. B. 1982. Spectral Analysis and Time Series. Academic Press. Priestley M. B. 1982. Spectral Analysis and Time Series. Academic Press."},{"key":"e_1_2_1_108_1","volume-title":"Proceedings of the 13th USENIX Security Symposium (SSYM'04)","volume":"13","author":"Provos N.","year":"2004"},{"key":"e_1_2_1_109_1","volume-title":"Proceedings of the 17th Conference on Security Symposium. USENIX Association","author":"Provos N."},{"key":"e_1_2_1_110_1","volume-title":"Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association","author":"Provos N."},{"key":"e_1_2_1_111_1","doi-asserted-by":"publisher","DOI":"10.1145\/1498765.1498782"},{"key":"e_1_2_1_112_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2010.38"},{"key":"e_1_2_1_113_1","volume-title":"Proceedings of the 1st Conference on the 1st Workshop on Hot Topics in Understanding Botnets. USENIX Association.","author":"Rajab M. A."},{"key":"e_1_2_1_114_1","volume-title":"Proceedings of the 2nd Conference on Steps to Reducing Unwanted Traffic on the Internet.","volume":"2","author":"Ramachandran A."},{"key":"e_1_2_1_115_1","unstructured":"Rodionov E. and Matrosov A. 2011. The evolution of tdl: Conquering x64. Tech. rep. ESET. June. http:\/\/go.eset.com\/us\/resources\/white-papers\/The_Evolution_of_TDL.pdf. Rodionov E. and Matrosov A. 2011. The evolution of tdl: Conquering x64. Tech. rep. ESET. June. http:\/\/go.eset.com\/us\/resources\/white-papers\/The_Evolution_of_TDL.pdf."},{"key":"e_1_2_1_116_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920285"},{"key":"e_1_2_1_117_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_13"},{"key":"e_1_2_1_118_1","volume-title":"Proceedings of the 31st Annual IEEE Conference on Computer Communications (INFOCOM'12)","author":"Shin S."},{"key":"e_1_2_1_119_1","volume-title":"Proceedings of the 4th International Conference on Malicious and Unwanted Software (MALWARE'09)","author":"Sinclair G."},{"key":"e_1_2_1_120_1","unstructured":"Solomon A. and Evron G. 2006. The world of botnets. Virus Bull. 10--12. http:\/\/www.beyondsecurity.com\/whitepapers\/SolomonEvronSept06.pdf. Solomon A. and Evron G. 2006. The world of botnets. Virus Bull. 10--12. http:\/\/www.beyondsecurity.com\/whitepapers\/SolomonEvronSept06.pdf."},{"key":"e_1_2_1_121_1","doi-asserted-by":"publisher","DOI":"10.1145\/1460877.1460894"},{"key":"e_1_2_1_122_1","unstructured":"Stewart J. 2004a. Bobax trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/research\/threats\/bobax\/. Stewart J. 2004a. Bobax trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/research\/threats\/bobax\/."},{"key":"e_1_2_1_123_1","unstructured":"Stewart J. 2004b. Phatbot trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/research\/threats\/phatbot\/. Stewart J. 2004b. Phatbot trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/research\/threats\/phatbot\/."},{"key":"e_1_2_1_124_1","unstructured":"Stewart J. 2006. Spamthru trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/spamthru\/. Stewart J. 2006. Spamthru trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/spamthru\/."},{"key":"e_1_2_1_125_1","unstructured":"Stewart J. 2009. Sinit p2p trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/research\/threats\/sinit\/. Stewart J. 2009. Sinit p2p trojan analysis. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/research\/threats\/sinit\/."},{"key":"e_1_2_1_126_1","unstructured":"Stewart J. 2010. Zeus banking trojan report. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/zeus\/. Stewart J. 2010. Zeus banking trojan report. Tech. rep. SecureWorks. http:\/\/www.secureworks.com\/cyber-threat-intelligence\/threats\/zeus\/."},{"key":"e_1_2_1_127_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_2_1_128_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.144"},{"key":"e_1_2_1_129_1","first-page":"46","article-title":"Analysis of the storm and nugache trojans: P2P is here","volume":"32","author":"Stover S.","year":"2007","journal-title":"USENIX"},{"key":"e_1_2_1_130_1","first-page":"1","article-title":"Botnet detection based on network behavior. In Botnet Detection","volume":"36","author":"Strayer W.","year":"2008","journal-title":"Advances in Information Security Series"},{"key":"e_1_2_1_131_1","unstructured":"Symantec. 2008. Symantec global internet security threat report trends for july- december 07. Tech. rep. http:\/\/eval.symantec.com\/mktginfo\/enterprise\/white papers\/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf. Symantec. 2008. Symantec global internet security threat report trends for july- december 07. Tech. rep. http:\/\/eval.symantec.com\/mktginfo\/enterprise\/white papers\/b-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf."},{"key":"e_1_2_1_132_1","unstructured":"Symantec. 2010. Symantec global internet security threat report trends of 2009. Tech. rep. DIY kit of Turkojan Symantec. TURKOJAN. http:\/\/www.turkojan.com\/eng\/. Symantec. 2010. Symantec global internet security threat report trends of 2009. Tech. rep. DIY kit of Turkojan Symantec. TURKOJAN. http:\/\/www.turkojan.com\/eng\/."},{"key":"e_1_2_1_133_1","volume-title":"Proceedings of the 4th International Symposium on Information and Communication Technologies (WISICT'05)","author":"van der Merwe A."},{"key":"e_1_2_1_134_1","volume-title":"Proceedings of the 5th IEEE Consumer Communications and Networking Conference (CCNC'08)","author":"Villamarin-Salomon R."},{"key":"e_1_2_1_135_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2008.35"},{"key":"e_1_2_1_136_1","doi-asserted-by":"crossref","unstructured":"Wang P. Wu L. Aslam B. and Zou C. C. 2009a. A systematic study on peer-to-peer botnets. http:\/\/www.eecs.ucf.edu\/∼czou\/research\/P2P-Botnet-ICCCN09.pdf. Wang P. Wu L. Aslam B. and Zou C. C. 2009a. A systematic study on peer-to-peer botnets. http:\/\/www.eecs.ucf.edu\/∼czou\/research\/P2P-Botnet-ICCCN09.pdf.","DOI":"10.1109\/ICCCN.2009.5235360"},{"key":"e_1_2_1_137_1","doi-asserted-by":"publisher","DOI":"10.1504\/IJICS.2010.031858"},{"key":"e_1_2_1_138_1","doi-asserted-by":"publisher","DOI":"10.1109\/NSWCTC.2009.72"},{"key":"e_1_2_1_139_1","unstructured":"Weber T. 2007. Criminals may overwhelm the web. Tech. rep. BBC News. http:\/\/news.bbc.co.uk\/2\/hi\/business\/6298641.stm. Weber T. 2007. Criminals may overwhelm the web. Tech. rep. BBC News. http:\/\/news.bbc.co.uk\/2\/hi\/business\/6298641.stm."},{"key":"e_1_2_1_140_1","doi-asserted-by":"publisher","DOI":"10.1287\/mksc.1080.0397"},{"key":"e_1_2_1_141_1","volume-title":"CRS Report for Congress. http:\/\/www.fas.org\/sgp\/crs\/terror\/RL32114","author":"Wilson C.","year":"2007"},{"key":"e_1_2_1_142_1","volume-title":"Proceedings of the 14th European Conference on Research in Computer Security (ESORICS'09)","author":"Wurzinger P."},{"key":"e_1_2_1_143_1","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402979"},{"key":"e_1_2_1_144_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879148"},{"key":"e_1_2_1_145_1","volume-title":"Proceedings of the 7th International ICST Conference on Security and Privacy in Communication Networks (SecureComm'11)","author":"Yadav S."},{"key":"e_1_2_1_146_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2008.126"},{"key":"e_1_2_1_147_1","doi-asserted-by":"publisher","DOI":"10.1145\/1718487.1718540"},{"key":"e_1_2_1_148_1","doi-asserted-by":"publisher","DOI":"10.1109\/CSO.2010.214"},{"key":"e_1_2_1_149_1","volume-title":"Proceedings of the 3rd IEEE International Conference on Computer Science and Information Technology (ICCSIT'10)","volume":"2","author":"Zeidanloo H."},{"key":"e_1_2_1_150_1","volume-title":"Proceedings of the IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN'10)","author":"Zeng Y."},{"key":"e_1_2_1_151_1","unstructured":"Zetter K. 2009. Trick or tweet? Malware abundant in twitter urls. Tech. rep. Kaspersky. http:\/\/www.wired.com\/threatlevel\/2009\/10\/twitter malware\/. Zetter K. 2009. Trick or tweet? Malware abundant in twitter urls. Tech. rep. Kaspersky. http:\/\/www.wired.com\/threatlevel\/2009\/10\/twitter malware\/."},{"key":"e_1_2_1_152_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958212"},{"key":"e_1_2_1_153_1","volume-title":"Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NSDI'09)","author":"Zhao Y."},{"key":"e_1_2_1_154_1","doi-asserted-by":"publisher","DOI":"10.5555\/1444455.1446211"},{"key":"e_1_2_1_155_1","volume-title":"Proceedings of the Workshop on the Economics of Information Security (WEIS'08)","author":"Zhuge J."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2501654.2501659","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2501654.2501659","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T07:28:48Z","timestamp":1750231728000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2501654.2501659"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,8]]},"references-count":155,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2013,8]]}},"alternative-id":["10.1145\/2501654.2501659"],"URL":"https:\/\/doi.org\/10.1145\/2501654.2501659","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,8]]},"assertion":[{"value":"2011-07-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2012-07-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2013-08-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}