{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,29]],"date-time":"2026-04-29T17:19:53Z","timestamp":1777483193673,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":44,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,4,2]],"date-time":"2017-04-02T00:00:00Z","timestamp":1491091200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","award":["12.003\/628.001.003"],"award-info":[{"award-number":["12.003\/628.001.003"]}],"id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003030","name":"Ag\u00e8ncia de Gesti\u00f3 d'Ajuts Universitaris i de Recerca","doi-asserted-by":"publisher","award":["BP-A 00214"],"award-info":[{"award-number":["BP-A 00214"]}],"id":[{"id":"10.13039\/501100003030","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,4,2]]},"DOI":"10.1145\/3052973.3053023","type":"proceedings-article","created":{"date-parts":[[2017,3,31]],"date-time":"2017-03-31T12:22:54Z","timestamp":1490962974000},"page":"575-586","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["The Role of Hosting Providers in Fighting Command and Control Infrastructure of Financial Malware"],"prefix":"10.1145","author":[{"given":"Samaneh","family":"Tajalizadehkhoob","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arman","family":"Noroozian","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michel van","family":"Eeten","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,4,2]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"DNSDB. https:\/\/www.dnsdb.info.  DNSDB. https:\/\/www.dnsdb.info."},{"key":"e_1_3_2_1_2_1","unstructured":"Farsight Security. https:\/\/www.farsightsecurity.com.  Farsight Security. https:\/\/www.farsightsecurity.com."},{"key":"e_1_3_2_1_3_1","unstructured":"MaxMind.  MaxMind."},{"key":"e_1_3_2_1_4_1","unstructured":"WPScan. http:\/\/wpscan.org.  WPScan. http:\/\/wpscan.org."},{"key":"e_1_3_2_1_5_1","unstructured":"Microsoft Security Intelligence Report. https:\/\/www.microsoft.com\/security\/sir\/default.aspx 2015.  Microsoft Security Intelligence Report. https:\/\/www.microsoft.com\/security\/sir\/default.aspx 2015."},{"key":"e_1_3_2_1_6_1","unstructured":"Zeus Tracker. https:\/\/zeustracker.abuse.ch August 2016.  Zeus Tracker. https:\/\/zeustracker.abuse.ch August 2016."},{"key":"e_1_3_2_1_7_1","unstructured":"Botero J. C. and Ponce A. Rule of law index. The World Justice Project (2010).  Botero J. C. and Ponce A. Rule of law index. The World Justice Project (2010)."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10257-011-0171-7"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879166"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2488388.2488405"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyw005"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714637"},{"key":"e_1_3_2_1_13_1","unstructured":"de Vries W. Hosting provider Antagonist automatically fixes vulnerabilities in customers' websites. https:\/\/www.antagonist.nl 2012.  de Vries W. Hosting provider Antagonist automatically fixes vulnerabilities in customers' websites. https:\/\/www.antagonist.nl 2012."},{"key":"e_1_3_2_1_14_1","first-page":"91","volume-title":"Revealing the Autonomous System Taxonomy: The Machine Learning Approach. In Passive and Active Network Measurement Workshop (PAM)","author":"Dimitropoulos X.","year":"2006"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714579"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_10"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"Heinzl H. and Mittlb\u00f6ck M. Pseudo R-squared measures for Poisson regression models with over-or underdispersion. Computational statistics & data analysis 44 1 (2003) 253--271.  Heinzl H. and Mittlb\u00f6ck M. Pseudo R-squared measures for Poisson regression models with over-or underdispersion. Computational statistics & data analysis 44 1 (2003) 253--271.","DOI":"10.1016\/S0167-9473(03)00062-8"},{"key":"e_1_3_2_1_18_1","unstructured":"Hostexploit. World Hosts Report. Technical report. http:\/\/hostexploit.com\/ downloads\/summary\/7-public-reports\/52-world-hosts-report-march-2014.html 2014.  Hostexploit. World Hosts Report. Technical report. http:\/\/hostexploit.com\/ downloads\/summary\/7-public-reports\/52-world-hosts-report-march-2014.html 2014."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3003147"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533064"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Kaplan E. L. and Meier P. Nonparametric estimation from incomplete observations. Journal of the American statistical association 53 282 (1958) 457--481.  Kaplan E. L. and Meier P. Nonparametric estimation from incomplete observations. Journal of the American statistical association 53 282 (1958) 457--481.","DOI":"10.1080\/01621459.1958.10501452"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2829988.2787494"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2017.15"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533063"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2872427.2883008"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815693"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1533057.1533062"},{"key":"e_1_3_2_1_28_1","unstructured":"M3AAWG. Anti-abuse best common practices for hosting and cloud service providers. https:\/\/www.m3aawg.org\/sites\/maawg\/files\/news\/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf 2015.  M3AAWG. Anti-abuse best common practices for hosting and cloud service providers. https:\/\/www.m3aawg.org\/sites\/maawg\/files\/news\/M3AAWG_Hosting_Abuse_BCPs-2015-03.pdf 2015."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39235-1_1"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23218"},{"key":"e_1_3_2_1_31_1","volume-title":"8th Usenix Workshop on Cyber Security Experimentation and Test (CSET 15)","author":"Noroozian A.","year":"2015"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.17"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_3"},{"key":"e_1_3_2_1_34_1","unstructured":"Solutions TotalBank. Internet archive. http:\/\/archive.org\/web\/ 2016.  Solutions TotalBank. Internet archive. http:\/\/archive.org\/web\/ 2016."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2009.29"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2590296.2590302"},{"key":"e_1_3_2_1_37_1","volume-title":"Proceedings of the 13th Annual Workshop on the Economics of Information Security, WEIS 2014","author":"Tajalizadehkhoob S.","year":"2014"},{"key":"e_1_3_2_1_38_1","unstructured":"Tajalizadehkhoob S. B\u00f6hme R. Gan\u00e1n C. Korczynski M. and van Eeten M. Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse.  Tajalizadehkhoob S. B\u00f6hme R. Gan\u00e1n C. Korczynski M. and van Eeten M. Rotten Apples or Bad Harvest? What We Are Measuring When We Are Measuring Abuse."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/NOMS.2016.7502824"},{"key":"e_1_3_2_1_40_1","unstructured":"TrendMicro. Criminal Hideouts for Lease: Bulletproof Hosting Services. http:\/\/www.trendmicro.fr\/media\/wp\/wp-criminal-hideouts-for-lease-en.pdf.  TrendMicro. Criminal Hideouts for Lease: Bulletproof Hosting Services. http:\/\/www.trendmicro.fr\/media\/wp\/wp-criminal-hideouts-for-lease-en.pdf."},{"key":"e_1_3_2_1_41_1","unstructured":"TrendMicro. Looking Into a Cyber-Attack Facilitator in the Netherlands. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/looking-into-a-cyber-attack-facilitator-in-the-netherlands\/.  TrendMicro. Looking Into a Cyber-Attack Facilitator in the Netherlands. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/looking-into-a-cyber-attack-facilitator-in-the-netherlands\/."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2427847"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/2592791.2592794"},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 16th BlackHat USA.","author":"Xu W."}],"event":{"name":"ASIA CCS '17: ACM Asia Conference on Computer and Communications Security","location":"Abu Dhabi United Arab Emirates","acronym":"ASIA CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3052973.3053023","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3052973.3053023","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:36:58Z","timestamp":1750217818000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3052973.3053023"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2017,4,2]]},"references-count":44,"alternative-id":["10.1145\/3052973.3053023","10.1145\/3052973"],"URL":"https:\/\/doi.org\/10.1145\/3052973.3053023","relation":{},"subject":[],"published":{"date-parts":[[2017,4,2]]},"assertion":[{"value":"2017-04-02","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}