{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T21:42:29Z","timestamp":1762033349295,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":25,"publisher":"ACM","license":[{"start":{"date-parts":[[2016,5,30]],"date-time":"2016-05-30T00:00:00Z","timestamp":1464566400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"National Science Foundation","award":["CNS-1149051"],"award-info":[{"award-number":["CNS-1149051"]}]},{"name":"Auburn University Montgomery","award":["102002\/220242\/2050"],"award-info":[{"award-number":["102002\/220242\/2050"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,5,30]]},"DOI":"10.1145\/2897845.2897918","type":"proceedings-article","created":{"date-parts":[[2016,5,27]],"date-time":"2016-05-27T12:37:36Z","timestamp":1464352656000},"page":"783-794","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":17,"title":["Real-Time Detection of Malware Downloads via Large-Scale URL->File->Machine Graph Mining"],"prefix":"10.1145","author":[{"given":"Babak","family":"Rahbarinia","sequence":"first","affiliation":[{"name":"Auburn University at Montgomery, Montgomery, AL, USA"}]},{"given":"Marco","family":"Balduzzi","sequence":"additional","affiliation":[{"name":"Trend Micro Research, ., Italy"}]},{"given":"Roberto","family":"Perdisci","sequence":"additional","affiliation":[{"name":"University of Georgia, Athens, GA, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,5,30]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"273","volume-title":"USENIX security symposium","author":"Antonakakis M.","year":"2010","unstructured":"M. Antonakakis , R. Perdisci , D. Dagon , W. Lee , and N. Feamster . Building a dynamic reputation system for dns . In USENIX security symposium , pages 273 -- 290 , 2010 . M. Antonakakis, R. Perdisci, D. Dagon, W. Lee, and N. Feamster. Building a dynamic reputation system for dns. In USENIX security symposium, pages 273--290, 2010."},{"key":"e_1_3_2_1_2_1","first-page":"16","volume-title":"USENIX Security Symposium","author":"Antonakakis M.","year":"2011","unstructured":"M. Antonakakis , R. Perdisci , W. Lee , N. Vasiloglou II, and D. Dagon . Detecting malware domains at the upper dns hierarchy . In USENIX Security Symposium , page 16 , 2011 . M. Antonakakis, R. Perdisci, W. Lee, N. Vasiloglou II, and D. Dagon. Detecting malware domains at the upper dns hierarchy. In USENIX Security Symposium, page 16, 2011."},{"key":"e_1_3_2_1_3_1","first-page":"491","volume-title":"USENIX Security Symposium","author":"Antonakakis M.","year":"2012","unstructured":"M. Antonakakis , R. Perdisci , Y. Nadji , N. Vasiloglou II, S. Abu-Nimeh , W. Lee , and D. Dagon . From throw-away traffic to bots: Detecting the rise of dga-based malware . In USENIX Security Symposium , pages 491 -- 506 , 2012 . M. Antonakakis, R. Perdisci, Y. Nadji, N. Vasiloglou II, S. Abu-Nimeh, W. Lee, and D. Dagon. From throw-away traffic to bots: Detecting the rise of dga-based malware. In USENIX Security Symposium, pages 491--506, 2012."},{"key":"e_1_3_2_1_4_1","volume-title":"TTAnalyze: A tool for analyzing malware. na","author":"Bayer U.","year":"2006","unstructured":"U. Bayer , C. Kruegel , and E. Kirda . TTAnalyze: A tool for analyzing malware. na , 2006 . U. Bayer, C. Kruegel, and E. Kirda. TTAnalyze: A tool for analyzing malware. na, 2006."},{"key":"e_1_3_2_1_5_1","first-page":"184","article-title":"Static detection of malicious code in executable programs","author":"Bergeron J.","year":"2001","unstructured":"J. Bergeron , M. Debbabi , J. Desharnais , M. M. Erhioui , Y. Lavoie , N. Tawbi , Static detection of malicious code in executable programs . Int. J. of Req. Eng , 2001 ( 184 -- 189 ):79, 2001. J. Bergeron, M. Debbabi, J. Desharnais, M. M. Erhioui, Y. Lavoie, N. Tawbi, et al. Static detection of malicious code in executable programs. Int. J. of Req. Eng, 2001(184--189):79, 2001.","journal-title":"Int. J. of Req. Eng"},{"key":"e_1_3_2_1_6_1","volume-title":"NDSS","author":"Bilge L.","year":"2011","unstructured":"L. Bilge , E. Kirda , C. Kruegel , and M. Balduzzi . Exposure: Finding malicious domains using passive dns analysis . In NDSS , 2011 . L. Bilge, E. Kirda, C. Kruegel, and M. Balduzzi. Exposure: Finding malicious domains using passive dns analysis. In NDSS, 2011."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1010933404324"},{"key":"e_1_3_2_1_8_1","volume-title":"ACM SIGKDD Conference on Knowledge Discovery and Data Mining","author":"Chau D. H.","year":"2010","unstructured":"D. H. Chau , C. Nachenberg , J. Wilhelm , A. Wright , and C. Faloutsos . Polonium: Tera-scale graph mining for malware detection . In ACM SIGKDD Conference on Knowledge Discovery and Data Mining , 2010 . D. H. Chau, C. Nachenberg, J. Wilhelm, A. Wright, and C. Faloutsos. Polonium: Tera-scale graph mining for malware detection. In ACM SIGKDD Conference on Knowledge Discovery and Data Mining, 2010."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855686.1855692"},{"key":"e_1_3_2_1_10_1","unstructured":"Google. Google Safe Browsing. https:\/\/www.google.com\/transparencyreport\/safebrowsing\/.  Google. Google Safe Browsing. https:\/\/www.google.com\/transparencyreport\/safebrowsing\/."},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-87403-4_6"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813724"},{"key":"e_1_3_2_1_14_1","unstructured":"K. Lab. Torrentlocker ransomware. http:\/\/www.kaspersky.com\/internet-security-center\/threats\/torrentlocker%-malware 2015.  K. Lab. Torrentlocker ransomware. http:\/\/www.kaspersky.com\/internet-security-center\/threats\/torrentlocker%-malware 2015."},{"key":"e_1_3_2_1_15_1","first-page":"64","volume-title":"Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC","author":"Li W.-J.","year":"2005","unstructured":"W.-J. Li , K. Wang , S. J. Stolfo , and B. Herzog . Fileprints: Identifying file types by n-gram analysis . In Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC , pages 64 -- 71 . IEEE, 2005 . W.-J. Li, K. Wang, S. J. Stolfo, and B. Herzog. Fileprints: Identifying file types by n-gram analysis. In Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC, pages 64--71. IEEE, 2005."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666659"},{"key":"e_1_3_2_1_17_1","unstructured":"J. Oberheide E. Cooke and F. Jahanian. Cloudav: N-version antivirus in the network cloud.  J. Oberheide E. Cooke and F. Jahanian. Cloudav: N-version antivirus in the network cloud."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.35"},{"key":"e_1_3_2_1_19_1","volume-title":"NDSS","author":"Rajab M. A.","year":"2013","unstructured":"M. A. Rajab , L. Ballard , N. Lutz , P. Mavrommatis , and N. Provos . Camp: Content-agnostic malware protection . In NDSS , 2013 . M. A. Rajab, L. Ballard, N. Lutz, P. Mavrommatis, and N. Provos. Camp: Content-agnostic malware protection. In NDSS, 2013."},{"key":"e_1_3_2_1_20_1","unstructured":"N. Solutions. Norman sandbox whitepaper 2003.  N. Solutions. Norman sandbox whitepaper 2003."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_31"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2020408.2020448"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"}],"event":{"name":"ASIA CCS '16: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Xi'an China","acronym":"ASIA CCS '16"},"container-title":["Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2897845.2897918","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2897845.2897918","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T05:07:01Z","timestamp":1750223221000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2897845.2897918"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,5,30]]},"references-count":25,"alternative-id":["10.1145\/2897845.2897918","10.1145\/2897845"],"URL":"https:\/\/doi.org\/10.1145\/2897845.2897918","relation":{},"subject":[],"published":{"date-parts":[[2016,5,30]]},"assertion":[{"value":"2016-05-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}