{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T12:16:43Z","timestamp":1763468203510,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":41,"publisher":"ACM","license":[{"start":{"date-parts":[[2014,6,4]],"date-time":"2014-06-04T00:00:00Z","timestamp":1401840000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-0953638"],"award-info":[{"award-number":["CNS-0953638"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2014,6,4]]},"DOI":"10.1145\/2590296.2590309","type":"proceedings-article","created":{"date-parts":[[2014,5,30]],"date-time":"2014-05-30T18:18:31Z","timestamp":1401473911000},"page":"39-50","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":34,"title":["Detection of stealthy malware activities with traffic causality and scalable triggering relation discovery"],"prefix":"10.1145","author":[{"given":"Hao","family":"Zhang","sequence":"first","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"given":"Danfeng Daphne","family":"Yao","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]},{"given":"Naren","family":"Ramakrishnan","sequence":"additional","affiliation":[{"name":"Virginia Tech, Blacksburg, VA, USA"}]}],"member":"320","published-online":{"date-parts":[[2014,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"DNScat. A tool to tunnel traffic through DNS servers. http:\/\/tadek.pietraszek.org\/projects\/DNScat\/.  DNScat. A tool to tunnel traffic through DNS servers. http:\/\/tadek.pietraszek.org\/projects\/DNScat\/."},{"key":"e_1_3_2_1_2_1","unstructured":"Tlogger. An Firefox extension. http:\/\/dubroy.com\/tlogger\/.  Tlogger. An Firefox extension. http:\/\/dubroy.com\/tlogger\/."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.29"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.5555\/2032305.2032315"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1935826.1935914"},{"key":"e_1_3_2_1_6_1","volume-title":"Modern information retrieval","author":"Baeza-Yates R.","year":"1999","unstructured":"R. Baeza-Yates , B. Ribeiro-Neto , Modern information retrieval , volume 463 . ACM press New York , 1999 . R. Baeza-Yates, B. Ribeiro-Neto, et al. Modern information retrieval, volume 463. ACM press New York, 1999."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1282380.1282383"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS)","author":"Bilge L.","year":"2011","unstructured":"L. Bilge , E. Kirda , C. Kruegel , and M. Balduzzi . EXPOSURE: Finding malicious domains using passive DNS analysis . In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS) , February 2011 . L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi. EXPOSURE: Finding malicious domains using passive DNS analysis. In Proceedings of the 18th Annual Network and Distributed System Security Symposium (NDSS), February 2011."},{"key":"e_1_3_2_1_9_1","first-page":"117","volume-title":"Proceedings of OSDI","author":"Chen X.","year":"2008","unstructured":"X. Chen , M. Zhang , Z. M. Mao , and P. Bahl . Automating network application dependency discovery: Experiences, limitations, and new solutions . In Proceedings of OSDI , pages 117 -- 130 , 2008 . USENIX Association. X. Chen, M. Zhang, Z. M. Mao, and P. Bahl. Automating network application dependency discovery: Experiences, limitations, and new solutions. In Proceedings of OSDI, pages 117--130, 2008. USENIX Association."},{"key":"e_1_3_2_1_10_1","first-page":"327","volume-title":"Network Protocols, 1999.(ICNP'99) Proceedings. Seventh International Conference on","author":"Choi H.-K.","unstructured":"H.-K. Choi and J. O. Limb . A behavioral model of web traffic . In Network Protocols, 1999.(ICNP'99) Proceedings. Seventh International Conference on , pages 327 -- 334 . H.-K. Choi and J. O. Limb. A behavioral model of web traffic. In Network Protocols, 1999.(ICNP'99) Proceedings. Seventh International Conference on, pages 327--334."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1342211.1342215"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1022627411411"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1772690.1772720"},{"key":"e_1_3_2_1_14_1","first-page":"4","volume-title":"Tan. BINDER: An Extrusion-based Break-In Detector for Personal Computers. In Proceedings: USENIX Annual Technical Conference","author":"Cui W.","year":"2005","unstructured":"W. Cui , Y. H. Katz , and W. tian Tan. BINDER: An Extrusion-based Break-In Detector for Personal Computers. In Proceedings: USENIX Annual Technical Conference , page 4 , 2005 . W. Cui, Y. H. Katz, and W. tian Tan. BINDER: An Extrusion-based Break-In Detector for Personal Computers. In Proceedings: USENIX Annual Technical Conference, page 4, 2005."},{"key":"e_1_3_2_1_15_1","first-page":"973","volume-title":"International joint conference on artificial intelligence","author":"Elkan C.","year":"2001","unstructured":"C. Elkan . The foundations of cost-sensitive learning. In International joint conference on artificial intelligence , volume 17 , pages 973 -- 978 , 2001 . C. Elkan. The foundations of cost-sensitive learning. In International joint conference on artificial intelligence, volume 17, pages 973--978, 2001."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1117454.1117456"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/VAST.2008.4677361"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 17th USENIX Security Symposium","author":"Gu G.","year":"2008","unstructured":"G. Gu , R. Perdisci , J. Zhang , and W. Lee . BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection . In Proceedings of the 17th USENIX Security Symposium , 2008 . G. Gu, R. Perdisci, J. Zhang, and W. Lee. BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection. In Proceedings of the 17th USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NDSI)","author":"Gummadi R.","year":"2009","unstructured":"R. Gummadi , H. Balakrishnan , P. Maniatis , and S. Ratnasamy . Not-a-Bot: Improving service availability in the face of botnet attacks . In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NDSI) , 2009 . R. Gummadi, H. Balakrishnan, P. Maniatis, and S. Ratnasamy. Not-a-Bot: Improving service availability in the face of botnet attacks. In Proceedings of the 6th USENIX Symposium on Networked Systems Design and Implementation (NDSI), 2009."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.5555\/2074158.2074196"},{"key":"e_1_3_2_1_21_1","volume-title":"Proceedings of the Third International Conference on Weblogs and Social Media (ICWSM)","author":"Kahanda I.","year":"2009","unstructured":"I. Kahanda and J. Neville . Using transactional information to predict link strength in online social networks . In Proceedings of the Third International Conference on Weblogs and Social Media (ICWSM) , 2009 . I. Kahanda and J. Neville. Using transactional information to predict link strength in online social networks. In Proceedings of the Third International Conference on Weblogs and Social Media (ICWSM), 2009."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/1402958.1402970"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.5555\/844383.845490"},{"key":"e_1_3_2_1_24_1","volume-title":"Proceedings of Network and Distributed System Security (NDSS)","author":"King S. T.","year":"2005","unstructured":"S. T. King , Z. M. Mao , D. G. Lucchetti , and P. M. Chen . Enriching intrusion alerts through multi-host causality . In Proceedings of Network and Distributed System Security (NDSS) , 2005 . S. T. King, Z. M. Mao, D. G. Lucchetti, and P. M. Chen. Enriching intrusion alerts through multi-host causality. In Proceedings of Network and Distributed System Security (NDSS), 2005."},{"key":"e_1_3_2_1_25_1","first-page":"351","volume-title":"USENIX Security Symposium","author":"Kolbitsch C.","year":"2009","unstructured":"C. Kolbitsch , P. M. Comparetti , C. Kruegel , E. Kirda , X.-y. Zhou , and X. Wang . Effective and efficient malware detection at the end host . In USENIX Security Symposium , pages 351 -- 366 , 2009 . C. Kolbitsch, P. M. Comparetti, C. Kruegel, E. Kirda, X.-y. Zhou, and X. Wang. Effective and efficient malware detection at the end host. In USENIX Security Symposium, pages 351--366, 2009."},{"key":"e_1_3_2_1_26_1","first-page":"120","volume-title":"Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on","author":"Lee W.","year":"1999","unstructured":"W. Lee , S. J. Stolfo , and K. W. Mok . A data mining framework for building intrusion detection models . In Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on , pages 120 -- 132 . IEEE, 1999 . W. Lee, S. J. Stolfo, and K. W. Mok. A data mining framework for building intrusion detection models. In Security and Privacy, 1999. Proceedings of the 1999 IEEE Symposium on, pages 120--132. IEEE, 1999."},{"key":"e_1_3_2_1_27_1","volume-title":"NSDI","volume":"10","author":"Li Z.","year":"2010","unstructured":"Z. Li , M. Zhang , Z. Zhu , Y. Chen , A. G. Greenberg , and Y.-M. Wang . WebProphet : Automating performance prediction for web services . In NSDI , volume 10 , 2010 . Z. Li, M. Zhang, Z. Zhu, Y. Chen, A. G. Greenberg, and Y.-M. Wang. WebProphet: Automating performance prediction for web services. In NSDI, volume 10, 2010."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1002\/asi.v58:7"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2009.5403020"},{"key":"e_1_3_2_1_30_1","first-page":"967","volume-title":"2nd IEEE LCN Workshop on Network Security (WoNS) 2006","author":"Livadas C.","year":"2006","unstructured":"C. Livadas , R. Walsh , D. Lapsley , and W. T. Strayer . Using machine learning techniques to identify botnet traffic . In 2nd IEEE LCN Workshop on Network Security (WoNS) 2006 , pages 967 -- 974 , 2006 . C. Livadas, R. Walsh, D. Lapsley, and W. T. Strayer. Using machine learning techniques to identify botnet traffic. In 2nd IEEE LCN Workshop on Network Security (WoNS) 2006, pages 967--974, 2006."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2012.6195642"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2008.080406"},{"key":"e_1_3_2_1_33_1","unstructured":"Panda Security Report. 2013. http:\/\/press.pandasecurity.com\/press-room\/reports\/.  Panda Security Report. 2013. http:\/\/press.pandasecurity.com\/press-room\/reports\/."},{"key":"e_1_3_2_1_34_1","unstructured":"Botnet Pony 1.9 Malware. http:\/\/laboratoriomalware.blogspot.com\/2013\/01\/botnet-pony-19-malware.html.  Botnet Pony 1.9 Malware. http:\/\/laboratoriomalware.blogspot.com\/2013\/01\/botnet-pony-19-malware.html."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.4304\/jcp.1.4.8-17"},{"key":"e_1_3_2_1_36_1","volume-title":"Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS)","author":"Stefan D.","year":"2010","unstructured":"D. Stefan , C. Wu , D. Yao , and G. Xu . Cryptographic provenance verification for the integrity of keystrokes and outbound network traffic . In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS) , June 2010 . D. Stefan, C. Wu, D. Yao, and G. Xu. Cryptographic provenance verification for the integrity of keystrokes and outbound network traffic. In Proceedings of the 8th International Conference on Applied Cryptography and Network Security (ACNS), June 2010."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/2348283.2348526"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1145\/1163593.1163596"},{"key":"e_1_3_2_1_39_1","first-page":"211","volume-title":"Dependable Systems and Networks (DSN), 2010 IEEE\/IFIP International Conference on","author":"Xie P.","year":"2010","unstructured":"P. Xie , J. H. Li , X. Ou , P. Liu , and R. Levy . Using Bayesian networks for cyber security analysis . In Dependable Systems and Networks (DSN), 2010 IEEE\/IFIP International Conference on , pages 211 -- 220 . IEEE, 2010 . P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy. Using Bayesian networks for cyber security analysis. In Dependable Systems and Networks (DSN), 2010 IEEE\/IFIP International Conference on, pages 211--220. IEEE, 2010."},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2013.10"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2011.50"}],"event":{"name":"ASIA CCS '14: 9th ACM Symposium on Information, Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Kyoto Japan","acronym":"ASIA CCS '14"},"container-title":["Proceedings of the 9th ACM symposium on Information, computer and communications security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590309","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2590296.2590309","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T06:55:51Z","timestamp":1750229751000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2590296.2590309"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,6,4]]},"references-count":41,"alternative-id":["10.1145\/2590296.2590309","10.1145\/2590296"],"URL":"https:\/\/doi.org\/10.1145\/2590296.2590309","relation":{},"subject":[],"published":{"date-parts":[[2014,6,4]]},"assertion":[{"value":"2014-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}