{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T22:37:42Z","timestamp":1768430262767,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":34,"publisher":"ACM","license":[{"start":{"date-parts":[[2015,10,12]],"date-time":"2015-10-12T00:00:00Z","timestamp":1444608000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Maryland Procurement Office","award":["H98230-14-C-0127"],"award-info":[{"award-number":["H98230-14-C-0127"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2015,10,12]]},"DOI":"10.1145\/2810103.2813724","type":"proceedings-article","created":{"date-parts":[[2015,10,6]],"date-time":"2015-10-06T15:22:12Z","timestamp":1444144932000},"page":"1118-1129","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":70,"title":["The Dropper Effect"],"prefix":"10.1145","author":[{"given":"Bum Jun","family":"Kwon","sequence":"first","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Jayanta","family":"Mondal","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]},{"given":"Jiyong","family":"Jang","sequence":"additional","affiliation":[{"name":"IBM Research, Yorktown Heights, NY, USA"}]},{"given":"Leyla","family":"Bilge","sequence":"additional","affiliation":[{"name":"Symantec Research Labs, Sophia Antipolis, France"}]},{"given":"Tudor","family":"Dumitra\u015f","sequence":"additional","affiliation":[{"name":"University of Maryland, College Park, MD, USA"}]}],"member":"320","published-online":{"date-parts":[[2015,10,12]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-13672-6_40"},{"key":"e_1_3_2_1_2_1","volume-title":"Random forests","author":"Breiman L.","year":"2001","unstructured":"L. Breiman . Random forests . 2001 . L. Breiman. Random forests. 2001."},{"key":"e_1_3_2_1_3_1","volume-title":"USENIX Security Symposium","author":"Caballero J.","year":"2011","unstructured":"J. Caballero , C. Grier , C. Kreibich , and V. Paxson . Measuring pay-per-install: The commoditization of malware distribution . In USENIX Security Symposium , 2011 . J. Caballero, C. Grier, C. Kreibich, and V. Paxson. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security Symposium, 2011."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/1132952.1132954"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611972818.12"},{"key":"e_1_3_2_1_6_1","volume-title":"CRITIS Workshop","author":"D\u00fcbendorfer T.","year":"2009","unstructured":"T. D\u00fcbendorfer and S. Frei . Web browser security update effectiveness . In CRITIS Workshop , September 2009 . T. D\u00fcbendorfer and S. Frei. Web browser security update effectiveness. In CRITIS Workshop, September 2009."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1978672.1978683"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382283"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653736"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487575.2488219"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1007452223027"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660332"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.18"},{"key":"e_1_3_2_1_15_1","unstructured":"Microsoft. Driver signing policy. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff548231(v=vs.85).aspx.  Microsoft. Driver signing policy. https:\/\/msdn.microsoft.com\/en-us\/library\/windows\/hardware\/ff548231(v=vs.85).aspx."},{"key":"e_1_3_2_1_16_1","volume-title":"The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching","author":"Nappa A.","year":"2015","unstructured":"A. Nappa , R. Johnson , L. Bilge , J. Caballero , and T. Dumitras ,. The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching . In IEEE S&P, San Jose, CA , 2015 . A. Nappa, R. Johnson, L. Bilge, J. Caballero, and T. Dumitras,. The Attack of the Clones: A Study of the Impact of Shared Code on Vulnerability Patching. In IEEE S&P, San Jose, CA, 2015."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-014-0248-7"},{"key":"e_1_3_2_1_18_1","volume-title":"Cyberprobe: Towards internet-scale active detection of malicious servers","author":"Nappa A.","year":"2014","unstructured":"A. Nappa , Z. Xu , M. Z. Rafique , J. Caballero , and G. Gu . Cyberprobe: Towards internet-scale active detection of malicious servers . In NDSS. The Internet Society , 2014 . A. Nappa, Z. Xu, M. Z. Rafique, J. Caballero, and G. Gu. Cyberprobe: Towards internet-scale active detection of malicious servers. In NDSS. The Internet Society, 2014."},{"key":"e_1_3_2_1_19_1","volume-title":"NSDI","author":"Perdisci R.","year":"2010","unstructured":"R. Perdisci , W. Lee , and N. Feamster . Behavioral clustering of http-based malware and signature generation using malicious network traces . In NSDI , 2010 . R. Perdisci, W. Lee, and N. Feamster. Behavioral clustering of http-based malware and signature generation using malicious network traces. In NSDI, 2010."},{"key":"e_1_3_2_1_20_1","volume-title":"USENIX Security Symposium","author":"Provos N.","year":"2008","unstructured":"N. Provos , P. Mavrommatis , M. A. Rajab , and F. Monrose . All Your iFRAMEs Point to Us . In USENIX Security Symposium , 2008 . N. Provos, P. Mavrommatis, M. A. Rajab, and F. Monrose. All Your iFRAMEs Point to Us. In USENIX Security Symposium, 2008."},{"key":"e_1_3_2_1_21_1","volume-title":"Induction of decision trees. Machine learning","author":"Quinlan J. R.","year":"1986","unstructured":"J. R. Quinlan . Induction of decision trees. Machine learning , 1986 . J. R. Quinlan. Induction of decision trees. Machine learning, 1986."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2030376.2030401"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_3"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.25"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1142\/S0218001409007326"},{"key":"e_1_3_2_1_27_1","volume-title":"http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2003-081909-2118-99","author":"F.","year":"2003","unstructured":"Symantec. W32.Sobig. F. http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2003-081909-2118-99 , 2003 . Symantec. W32.Sobig.F. http:\/\/www.symantec.com\/security_response\/writeup.jsp?docid=2003-081909-2118-99, 2003."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"e_1_3_2_1_29_1","volume-title":"http:\/\/securityresponse.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/the_bredolab_files.pdf","author":"Tenebro G.","year":"2009","unstructured":"G. Tenebro . The Bredolab Files . Symantec Whitepaper . http:\/\/securityresponse.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/the_bredolab_files.pdf , 2009 . G. Tenebro. The Bredolab Files. Symantec Whitepaper. http:\/\/securityresponse.symantec.com\/content\/en\/us\/enterprise\/media\/security_response\/whitepapers\/the_bredolab_files.pdf, 2009."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_31"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660352"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23644-0_17"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660359"},{"key":"e_1_3_2_1_34_1","volume-title":"NSDI","author":"Zhao Y.","year":"2009","unstructured":"Y. Zhao , Y. Xie , F. Yu , Q. Ke , Y. Yu , Y. Chen , and E. Gillum . BotGraph: Large Scale Spamming Botnet Detection . In NSDI , 2009 . Y. Zhao, Y. Xie, F. Yu, Q. Ke, Y. Yu, Y. Chen, and E. Gillum. BotGraph: Large Scale Spamming Botnet Detection. In NSDI, 2009."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2006.38"}],"event":{"name":"CCS'15: The 22nd ACM Conference on Computer and Communications Security","location":"Denver Colorado USA","acronym":"CCS'15","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813724","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2810103.2813724","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:48:25Z","timestamp":1750225705000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2810103.2813724"}},"subtitle":["Insights into Malware Distribution with Downloader Graph Analytics"],"short-title":[],"issued":{"date-parts":[[2015,10,12]]},"references-count":34,"alternative-id":["10.1145\/2810103.2813724","10.1145\/2810103"],"URL":"https:\/\/doi.org\/10.1145\/2810103.2813724","relation":{},"subject":[],"published":{"date-parts":[[2015,10,12]]},"assertion":[{"value":"2015-10-12","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}