{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T12:32:16Z","timestamp":1769344336852,"version":"3.49.0"},"publisher-location":"Republic and Canton of Geneva, Switzerland","reference-count":27,"publisher":"International World Wide Web Conferences Steering Committee","license":[{"start":{"date-parts":[[2016,4,11]],"date-time":"2016-04-11T00:00:00Z","timestamp":1460332800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,4,11]]},"DOI":"10.1145\/2872427.2883056","type":"proceedings-article","created":{"date-parts":[[2017,1,23]],"date-time":"2017-01-23T20:35:52Z","timestamp":1485203752000},"page":"333-343","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":40,"title":["Automatic Extraction of Indicators of Compromise for Web Applications"],"prefix":"10.1145","author":[{"given":"Onur","family":"Catakoglu","sequence":"first","affiliation":[{"name":"Eurecom & Monaco Digital Security Agency, Biot, France"}]},{"given":"Marco","family":"Balduzzi","sequence":"additional","affiliation":[{"name":"Trend Micro Research, Cork, Ireland"}]},{"given":"Davide","family":"Balzarotti","sequence":"additional","affiliation":[{"name":"Eurecom, Biot, France"}]}],"member":"320","published-online":{"date-parts":[[2016,4,11]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1852096.1852098"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516725"},{"key":"e_1_3_2_1_3_1","first-page":"595","volume-title":"Proceedings of the 24th USENIX Conference on Security Symposium (Berkeley, CA, USA, 2015), SEC'15, USENIX Association","author":"Borgolte K.","unstructured":"Borgolte , K. , Kruegel , C. , and Vigna , G . Meerkat: Detecting website defacements through image-based object recognition . In Proceedings of the 24th USENIX Conference on Security Symposium (Berkeley, CA, USA, 2015), SEC'15, USENIX Association , pp. 595 -- 610 . Borgolte, K., Kruegel, C., and Vigna, G. Meerkat: Detecting website defacements through image-based object recognition. In Proceedings of the 24th USENIX Conference on Security Symposium (Berkeley, CA, USA, 2015), SEC'15, USENIX Association, pp. 595--610."},{"key":"e_1_3_2_1_4_1","volume-title":"Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (January","author":"Canali D.","year":"2013","unstructured":"Canali , D. , and Balzarotti , D . Behind the scenes of online attacks: an analysis of exploitation behaviors on the web . In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (January 2013 ), NDSS 13. Canali, D., and Balzarotti, D. Behind the scenes of online attacks: an analysis of exploitation behaviors on the web. In Proceedings of the 20th Annual Network and Distributed System Security Symposium (NDSS) (January 2013), NDSS 13."},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"e_1_3_2_1_6_1","volume-title":"Safe Browsing API. https:\/\/developers.google.com\/safe%2Dbrowsing\/","author":"Google Inc.","year":"2015","unstructured":"Google Inc. Safe Browsing API. https:\/\/developers.google.com\/safe%2Dbrowsing\/ , 2015 . Google Inc. Safe Browsing API. https:\/\/developers.google.com\/safe%2Dbrowsing\/, 2015."},{"key":"e_1_3_2_1_7_1","volume-title":"https:\/\/www.virustotal.com","author":"Google Inc. VirusTotal.","year":"2015","unstructured":"Google Inc. VirusTotal. https:\/\/www.virustotal.com , 2015 . Google Inc. VirusTotal. https:\/\/www.virustotal.com, 2015."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/1656274.1656278"},{"key":"e_1_3_2_1_9_1","volume-title":"SANS","author":"Hun-Ya Lock A. K.","year":"2013","unstructured":"Hun-Ya Lock , A. K. Using IOC (Indicators of Compromise) in Malware Forensics. Tech. rep ., SANS , 2013 . Hun-Ya Lock, A. K. Using IOC (Indicators of Compromise) in Malware Forensics. Tech. rep., SANS, 2013."},{"key":"e_1_3_2_1_10_1","first-page":"407","volume-title":"Sicherheit","volume":"8","author":"Ikinci A.","year":"2008","unstructured":"Ikinci , A. , Holz , T. , and Freiling , F. C . Monkey-spider: Detecting malicious websites with low-interaction honeyclients . In Sicherheit ( 2008 ), vol. 8 , pp. 407 -- 421 . Ikinci, A., Holz, T., and Freiling, F. C. Monkey-spider: Detecting malicious websites with low-interaction honeyclients. In Sicherheit (2008), vol. 8, pp. 407--421."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.33"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963437"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2006.06.015"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/1961189.1961202"},{"key":"e_1_3_2_1_16_1","unstructured":"Mandiant. OpenIOC -- An Open Framework for Sharing Threat Intelligence. http:\/\/www.openioc.org 2015.  Mandiant. OpenIOC -- An Open Framework for Sharing Threat Intelligence. http:\/\/www.openioc.org 2015."},{"key":"e_1_3_2_1_17_1","volume-title":"Meanpath Web Search API. https:\/\/meanpath.com\/","author":"Meanpath","year":"2015","unstructured":"Meanpath . Meanpath Web Search API. https:\/\/meanpath.com\/ , 2015 . Meanpath. Meanpath Web Search API. https:\/\/meanpath.com\/, 2015."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-03549-4_16"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382274"},{"key":"e_1_3_2_1_20_1","volume-title":"http:\/\/www.phishtank.com\/","author":"PhishTank","year":"2015","unstructured":"PhishTank . PhishTank Website. http:\/\/www.phishtank.com\/ , 2015 . PhishTank. PhishTank Website. http:\/\/www.phishtank.com\/, 2015."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.5555\/1323128.1323132"},{"key":"e_1_3_2_1_22_1","volume-title":"Proc. USENIX Security","author":"Soska K.","year":"2014","unstructured":"Soska , K. , and Christin , N . Automatically detecting vulnerable websites before they turn malicious . In Proc. USENIX Security ( 2014 ). Soska, K., and Christin, N. Automatically detecting vulnerable websites before they turn malicious. In Proc. USENIX Security (2014)."},{"key":"e_1_3_2_1_23_1","volume-title":"Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More","author":"Stokes J. W.","year":"2010","unstructured":"Stokes , J. W. , Andersen , R. , Seifert , C. , and Chellapilla , K . Webcop: Locating neighborhoods of malware on the web . In Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More ( Berkeley, CA, USA , 2010 ), LEET'10, USENIX Association, pp. 5--5. Stokes, J. W., Andersen, R., Seifert, C., and Chellapilla, K. Webcop: Locating neighborhoods of malware on the web. In Proceedings of the 3rd USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (Berkeley, CA, USA, 2010), LEET'10, USENIX Association, pp. 5--5."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516682"},{"key":"e_1_3_2_1_25_1","unstructured":"VisAdd. Advertisement Solution. http:\/\/visadd.com.  VisAdd. Advertisement Solution. http:\/\/visadd.com."},{"key":"e_1_3_2_1_26_1","first-page":"35","volume-title":"Proceedings of the 2006 Network and Distributed System Security Symposium","author":"Wang Y.-M.","year":"2006","unstructured":"Wang , Y.-M. , Beck , D. , Jiang , X. , Roussev , R. , Verbowski , C. , Chen , S. , and King , S . Automated web patrol with strider honeymonkeys . In Proceedings of the 2006 Network and Distributed System Security Symposium ( 2006 ), pp. 35 -- 49 . Wang, Y.-M., Beck, D., Jiang, X., Roussev, R., Verbowski, C., Chen, S., and King, S. Automated web patrol with strider honeymonkeys. In Proceedings of the 2006 Network and Distributed System Security Symposium (2006), pp. 35--49."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487575.2487647"}],"event":{"name":"WWW '16: 25th International World Wide Web Conference","location":"Montr\u00e9al Qu\u00e9bec Canada","acronym":"WWW '16","sponsor":["IW3C2 International World Wide Web Conference Committee","SIGWEB ACM Special Interest Group on Hypertext, Hypermedia, and Web"]},"container-title":["Proceedings of the 25th International Conference on World Wide Web"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2872427.2883056","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2872427.2883056","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:39:07Z","timestamp":1750221547000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2872427.2883056"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,4,11]]},"references-count":27,"alternative-id":["10.1145\/2872427.2883056","10.5555\/2872427"],"URL":"https:\/\/doi.org\/10.1145\/2872427.2883056","relation":{},"subject":[],"published":{"date-parts":[[2016,4,11]]},"assertion":[{"value":"2016-04-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}