{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:51:15Z","timestamp":1763459475152,"version":"3.45.0"},"publisher-location":"New York, NY, USA","reference-count":29,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,4,19]],"date-time":"2017-04-19T00:00:00Z","timestamp":1492560000000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100009226","name":"National Security Agency","doi-asserted-by":"publisher","award":["H98230-14-C-0141"],"award-info":[{"award-number":["H98230-14-C-0141"]}],"id":[{"id":"10.13039\/100009226","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"publisher","award":["FA8750-11-20084"],"award-info":[{"award-number":["FA8750-11-20084"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006445","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS 10-185303"],"award-info":[{"award-number":["CNS 10-185303"]}],"id":[{"id":"10.13039\/100006445","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2016,4,19]]},"DOI":"10.1145\/2898375.2898392","type":"proceedings-article","created":{"date-parts":[[2016,4,14]],"date-time":"2016-04-14T17:09:21Z","timestamp":1460653761000},"page":"28-37","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["A framework for generation, replay, and analysis of real-world attack variants"],"prefix":"10.1145","author":[{"given":"Phuong","family":"Cao","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL"}]},{"given":"Eric C.","family":"Badger","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL"}]},{"given":"Zbigniew T.","family":"Kalbarczyk","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL"}]},{"given":"Ravishankar K.","family":"Iyer","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign, Urbana, IL"}]}],"member":"320","published-online":{"date-parts":[[2016,4,19]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"https:\/\/www.bro.org\/","author":"Bro IDS","year":"2016","unstructured":"Bro IDS, https:\/\/www.bro.org\/, 2016"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2012.90"},{"key":"e_1_3_2_1_3_1","unstructured":"Black PE. \"Ratcliff\/Obershelp pattern recognition.\" In Dictionary of Algorithms and Data Structures {online} Vreda Pieterse and Paul E. Black eds. 2004."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/359581.359603"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.5555\/2362793.2362802"},{"key":"e_1_3_2_1_7_1","unstructured":"Owens Jr JP. A study of passwords and methods used in brute-force SSH attacks (Doctoral dissertation Clarkson University) 2008."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516719"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/2600239.2600241"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1165389.945462"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1755688.1755722"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","unstructured":"Cao P Badger E Kalbarczyk Z Iyer R Slagell A. \"Preemptive intrusion detection: Theoretical framework and real-world measurements.\" In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security 2015 Apr 21 (p. 5). 10.1145\/2746194.2746199","DOI":"10.1145\/2746194.2746199"},{"key":"e_1_3_2_1_13_1","first-page":"1","article-title":"Discovery techniques for P2P botnets","volume":"2008","author":"Dittrich D","unstructured":"Dittrich D, Dietrich S. \"Discovery techniques for P2P botnets.\" Stevens Institute of Technology CS Technical Report 2008 4 (2008): 1--14.","journal-title":"Stevens Institute of Technology CS Technical Report"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2011.5958263"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/322033.322044"},{"key":"e_1_3_2_1_16_1","unstructured":"FireEye report http:\/\/www2.fireeye.com\/rs\/fireye\/images\/fireeye-advanced-threatreport-2013.pdf."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.5555\/2534766.2534784"},{"key":"e_1_3_2_1_18_1","unstructured":"Dockerfile reference https:\/\/docs.docker.com\/engine\/reference\/builder\/"},{"key":"e_1_3_2_1_19_1","volume-title":"linuxcontainers.org","author":"Linux Containers","year":"2016","unstructured":"LXC - Linux Containers. linuxcontainers.org, 2016."},{"key":"e_1_3_2_1_20_1","first-page":"225","article-title":"kvm: the Linux Virtual Machine Monitor","author":"Kivity A","year":"2007","unstructured":"Kivity A, Kamay Y, Laor D, Lublin U, Liguori A. \"kvm: the Linux Virtual Machine Monitor.\" In Linux Symposium, pp. 225--230, 2007.","journal-title":"Linux Symposium"},{"key":"e_1_3_2_1_21_1","unstructured":"PuttyHijack https:\/\/www.insomniasec.com."},{"key":"e_1_3_2_1_22_1","unstructured":"ExeCrypt obfuscation service http:\/\/execrypt.com\/en\/."},{"key":"e_1_3_2_1_23_1","volume-title":"Computer security threat monitoring and surveillance (TR)","author":"Anderson JP.","year":"1980","unstructured":"Anderson JP. Computer security threat monitoring and surveillance (TR), 1980."},{"key":"e_1_3_2_1_24_1","unstructured":"Snoopy logging library https:\/\/github.com\/a2o\/snoopy."},{"key":"e_1_3_2_1_25_1","first-page":"82","article-title":"Building reliable and secure virtual machines using architectural invariants","author":"Pham C","year":"2014","unstructured":"Pham C, Estrada ZJ, Cao P, Kalbarczyk Z, Iyer RK. \"Building reliable and secure virtual machines using architectural invariants.\" IEEE S&P 2014; 12(5):82--85.","journal-title":"IEEE S&P"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2011.67"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","unstructured":"Du H Yang SJ. \"Probabilistic inference for obfuscated network attack sequences.\" 2014 44th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN) pp. 57--67 2014. 10.1109\/DSN.2014.22","DOI":"10.1109\/DSN.2014.22"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.5555\/1205530"},{"key":"e_1_3_2_1_29_1","unstructured":"OpenNSM project www.open-nsm.net"}],"event":{"name":"HotSoS '16: HotSos 2016 Science of Security","acronym":"HotSoS '16","location":"Pittsburgh Pennsylvania"},"container-title":["Proceedings of the Symposium and Bootcamp on the Science of Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2898375.2898392","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2898375.2898392","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2898375.2898392","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,18]],"date-time":"2025-11-18T09:46:57Z","timestamp":1763459217000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2898375.2898392"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,4,19]]},"references-count":29,"alternative-id":["10.1145\/2898375.2898392","10.1145\/2898375"],"URL":"https:\/\/doi.org\/10.1145\/2898375.2898392","relation":{},"subject":[],"published":{"date-parts":[[2016,4,19]]},"assertion":[{"value":"2016-04-19","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}