{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:44:44Z","timestamp":1780634684024,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":85,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,10,30]],"date-time":"2017-10-30T00:00:00Z","timestamp":1509321600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,10,30]]},"DOI":"10.1145\/3133956.3134049","type":"proceedings-article","created":{"date-parts":[[2017,10,27]],"date-time":"2017-10-27T12:48:18Z","timestamp":1509108498000},"page":"537-552","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":41,"title":["Don't Let One Rotten Apple Spoil the Whole Barrel"],"prefix":"10.1145","author":[{"given":"Daiping","family":"Liu","sequence":"first","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Zhou","family":"Li","sequence":"additional","affiliation":[{"name":"ACM Member, Boston, MA, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Kun","family":"Du","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Delaware, Newark, DE, USA"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Baojun","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University, Beijing, China"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2017,10,30]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"Domain Shadowing With a Twist. 2015. https:\/\/blog.malwarebytes.com\/threat-analysis\/2015\/04\/domain-shadowing-with-a-twist\/."},{"key":"e_1_3_2_2_2_1","volume-title":"Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Agten Pieter","year":"2015","unstructured":"Pieter Agten, Wouter Joosen, Frank Piessens, and Nick Nikiforakis 2015. Seven Months' Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse Proceedings of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_3_1","volume-title":"Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks","author":"Alrwais Sumayah","unstructured":"Sumayah Alrwais, Xiaojing Liao, Xianghang Mi, Peng Wang, Xiaofeng Wang, Feng Qian, Raheem Beyah, and Damon McCoy. 2017. Under the Shadow of Sunshine: Understanding and Detecting BulletProof Hosting on Legitimate Service Provider Networks. In IEEE S&P."},{"key":"e_1_3_2_2_4_1","volume-title":"Understanding the Dark Side of Domain Parking. In USENIX Security Symposium (USENIX Security).","author":"Alrwais Sumayah","year":"2014","unstructured":"Sumayah Alrwais, Kan Yuan, Eihal Alowaisheq, Zhou Li, and XiaoFeng Wang 2014. Understanding the Dark Side of Domain Parking. In USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/2991079.2991112"},{"key":"e_1_3_2_2_6_1","volume-title":"Spamscatter: Characterizing Internet Scam Hosting Infrastructure Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (SS'07)","author":"Anderson David S.","unstructured":"David S. Anderson, Chris Fleizach, Stefan Savage, and Geoffrey M. Voelker 2007. Spamscatter: Characterizing Internet Scam Hosting Infrastructure Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium (SS'07)."},{"key":"e_1_3_2_2_7_1","volume-title":"More Obfuscation and Other Nonsense","author":"Fake Extensions","year":"2015","unstructured":"Fake Extensions Angler EK: More Obfuscation and Other Nonsense 2015. http:\/\/blogs.cisco.com\/security\/talos\/angler-update."},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/1929820.1929844"},{"key":"e_1_3_2_2_9_1","volume-title":"Detecting Malware Domains at the Upper DNS Hierarchy Proceedings of the 20th USENIX Conference on Security","author":"Antonakakis Manos","unstructured":"Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, II, and David Dagon 2011. Detecting Malware Domains at the Upper DNS Hierarchy Proceedings of the 20th USENIX Conference on Security."},{"key":"e_1_3_2_2_10_1","volume-title":"From Throw-away Traffic to Bots: Detecting the Rise of DGA-based Malware Proceedings of the 21st USENIX Conference on Security Symposium","author":"Antonakakis Manos","unstructured":"Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon 2012. From Throw-away Traffic to Bots: Detecting the Rise of DGA-based Malware Proceedings of the 21st USENIX Conference on Security Symposium."},{"key":"e_1_3_2_2_11_1","unstructured":"Internet Archive. 2017. https:\/\/archive.org\/."},{"key":"e_1_3_2_2_12_1","unstructured":"Steven M. Bellovin. 1995. Using the Domain Name System for System Break-ins. USENIX Security."},{"key":"e_1_3_2_2_13_1","volume-title":"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Bilge Leyla","year":"2011","unstructured":"Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis Proceedings of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_14_1","unstructured":"Website blocked as malicious. 2015. https:\/\/forum.avast.com\/index.php?topic=167705.0\/."},{"key":"e_1_3_2_2_15_1","volume-title":"Delta: Automatic Identification of Unknown Web-based Infection Campaigns Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS).","author":"Borgolte Kevin","year":"2013","unstructured":"Kevin Borgolte, Christopher Kruegel, and Giovanni Vigna 2013. Delta: Automatic Identification of Unknown Web-based Infection Campaigns Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS)."},{"key":"e_1_3_2_2_16_1","unstructured":"Leo Breiman and Adele Cutler 2017. Random Forests https:\/\/www.stat.berkeley.edu\/breiman\/RandomForests\/cc_home.htm."},{"key":"e_1_3_2_2_17_1","volume-title":"Classification and regression trees","author":"Breiman Leo","unstructured":"Leo Breiman, Jerome Friedman, Charles J Stone, and Richard A Olshen 1984. Classification and regression trees. CRC press."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963436"},{"key":"e_1_3_2_2_19_1","volume-title":"You Better Take Care","author":"Sundown","year":"2016","unstructured":"Sundown EK: You Better Take Care. 2016. http:\/\/blog.talosintelligence.com\/2016\/10\/sundown-ek.html."},{"key":"e_1_3_2_2_20_1","unstructured":"CommonCrawl. 2017. http:\/\/commoncrawl.org\/."},{"key":"e_1_3_2_2_21_1","unstructured":"David Dagon Chris Lee Wenke Lee and Niels Provos. 2008. Corrupted DNS Resolution Paths: The Rise of a Malicious Resolution Authority NDSS."},{"key":"e_1_3_2_2_22_1","unstructured":"defintel 2016. Shadow Puppets - Domain Shadowing 101. https:\/\/defintel.com\/blog\/index.php\/2016\/03\/shadow-puppets-domain-shadowing-101.html. (2016)."},{"key":"e_1_3_2_2_23_1","unstructured":"Dynamic DNS. 2017. https:\/\/doc.pfsense.org\/index.php\/Dynamic_DNS."},{"key":"e_1_3_2_2_24_1","unstructured":"Forward DNS. 2017. https:\/\/scans.io\/study\/sonar.fdns_v2."},{"key":"e_1_3_2_2_25_1","unstructured":"DNSDB 2017. https:\/\/www.farsightsecurity.com\/solutions\/dnsdb\/."},{"key":"e_1_3_2_2_26_1","unstructured":"Peru domain registrar hacked & 207116 domain credentials stolen 2012. https:\/\/www.alertlogic.com\/blog\/peru-domain-registrar-hacked-and-207 116-domain-credentials-stolen-anonymous-group\/."},{"key":"e_1_3_2_2_27_1","volume-title":"The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO USENIX Security Symposium (USENIX Security).","author":"Du Kun","year":"2016","unstructured":"Kun Du, Hao Yang, Zhou Li, Haixin Duan, and Kehuan Zhang 2016. The Ever-Changing Labyrinth: A Large-Scale Analysis of Wildcard DNS Powered Blackhat SEO USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_2_28_1","unstructured":"David Dunkel. 2015. Catch Me If You Can: How APT Actors Are Moving Through Your Environment Unnoticed. http:\/\/blog.trendmicro.com\/catch-me-if-you-can-how-apt-actors-are-moving-through-your-environment-unnoticed\/. (2015)."},{"key":"e_1_3_2_2_29_1","volume-title":"Proceedings of the USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET).","author":"Felegyhazi Mark","year":"2010","unstructured":"Mark Felegyhazi, Christian Kreibich, and Vern Paxson. 2010. On the Potential of Proactive Domain Blacklisting. Proceedings of the USENIX Conference on Large-scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More (LEET)."},{"key":"e_1_3_2_2_30_1","volume-title":"Angler EK Accounts for Over 80% of Drive-by Attacks in the Past Month","author":"Alert Security","year":"2016","unstructured":"Security Alert: Angler EK Accounts for Over 80% of Drive-by Attacks in the Past Month. 2016. https:\/\/heimdalsecurity.com\/blog\/angler-exploit-kit-over-80-of-drive-by-attacks\/."},{"key":"e_1_3_2_2_31_1","volume-title":"Manufacturing Compromise: The Emergence of Exploit-as-a-service Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12)","author":"Grier Chris","unstructured":"Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, and Geoffrey M. Voelker 2012. Manufacturing Compromise: The Emergence of Exploit-as-a-service Proceedings of the 2012 ACM Conference on Computer and Communications Security (CCS '12)."},{"key":"e_1_3_2_2_32_1","unstructured":"Shuang Hao Alex Kantchelian Brad Miller Vern Paxson and Nick Feamster 2016. PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_2_33_1","unstructured":"Shuang Hao Matthew Thomas Vern Paxson Nick Feamster Christian Kreibich Chris Grier and Scott Hollenbeck 2013. Understanding the Domain Registration Behavior of Spammers ACM IMC."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","unstructured":"Amir Herzberg and Haya Shulman 2012. Security of Patched DNS. In ESORICS. 10.1007\/978-3-642-33167-1_16","DOI":"10.1007\/978-3-642-33167-1_16"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"crossref","unstructured":"Amir Herzberg and Haya Shulman 2013. Fragmentation Considered Poisonous or: One-domain-to-rule-them-all.org IEEE CNS.","DOI":"10.1109\/CNS.2013.6682711"},{"key":"e_1_3_2_2_36_1","doi-asserted-by":"publisher","unstructured":"Amir Herzberg and Haya Shulman 2013. Socket Overloading for Fun and Cache-poisoning. In ACSAC. 10.1145\/2523649.2523662","DOI":"10.1145\/2523649.2523662"},{"key":"e_1_3_2_2_37_1","volume-title":"Gribble","author":"Holgers Tobias","year":"2006","unstructured":"Tobias Holgers, David E. Watson, and Steven D. Gribble. 2006. Cutting Through the Confusion: A Measurement Study of Homograph Attacks USENIX ATC."},{"key":"e_1_3_2_2_38_1","volume-title":"Measuring and Detecting Fast-Flux Service Networks Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Holz Thorsten","unstructured":"Thorsten Holz, Christian Gorecki, Konrad Rieck, and Felix C. Freiling 2008. Measuring and Detecting Fast-Flux Service Networks Proceedings of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_39_1","volume-title":"Angler Lurking in the Domain Shadows","author":"Spotlight Threat","year":"2015","unstructured":"Threat Spotlight: Angler Lurking in the Domain Shadows 2015. http:\/\/blogs.cisco.com\/security\/talos\/angler-domain-shadowing."},{"key":"e_1_3_2_2_40_1","volume-title":"Christopher Kruegel, and Giovanni Vigna","author":"Invernizzi Luca","year":"2012","unstructured":"Luca Invernizzi, Stefano Benvenuti, Marco Cova, Paolo Milani Comparetti, Christopher Kruegel, and Giovanni Vigna 2012. EvilSeed: A Guided Approach to Finding Malicious Web Pages Proceedings of the IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_41_1","volume-title":"20th USENIX Security Symposium.","author":"Jacob Gregoire","year":"2011","unstructured":"Gregoire Jacob, Ralf Hund, Christopher Kruegel, and Thorsten Holz 2011. JACKSTRAWS: Picking Command and Control Connections from Bot Traffic Proc. 20th USENIX Security Symposium."},{"key":"e_1_3_2_2_42_1","unstructured":"D. Kaminsky. 2008. It's the End of the Cache As We Know It. In Blackhat Briefings."},{"key":"e_1_3_2_2_43_1","unstructured":"Kankanews. 2014. Xinnet breach leads false resolution of registered sites. http:\/\/www.kankanews.com\/a\/2014-04-02\/0014513245.shtml. (2014)."},{"key":"e_1_3_2_2_44_1","unstructured":"Mohammad Taha Khan Xiang Huo Zhou Li and Chris Kanich. 2015. Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_45_1","volume-title":"d.]. Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs Proceedings of 2nd IEEE European Symposium on Security and Privacy (Euro S&P)","author":"Korczynski Maciej","unstructured":"Maciej Korczynski, Samaneh Tajalizadehkhoob, Arman Noroozian, Maarten Wullink, Cristian Hesselman, and Michel van Eeten [n. d.]. Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs Proceedings of 2nd IEEE European Symposium on Security and Privacy (Euro S&P)."},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815683"},{"key":"e_1_3_2_2_47_1","unstructured":"How lead fraud happens? 2015. https:\/\/www.databowl.com\/blog\/posts\/2015\/10\/07\/how-lead-fraud-happens.html."},{"key":"e_1_3_2_2_48_1","volume-title":"Measuring and Analyzing Search-redirection Attacks in the Illicit Online Prescription Drug Trade Proceedings of USENIX Conference on Security.","author":"Leontiadis Nektarios","year":"2011","unstructured":"Nektarios Leontiadis, Tyler Moore, and Nicolas Christin. 2011. Measuring and Analyzing Search-redirection Attacks in the Illicit Online Prescription Drug Trade Proceedings of USENIX Conference on Security."},{"key":"e_1_3_2_2_49_1","volume-title":"A Lustrum of Malware Network Communication: Evolution and Insights 38th IEEE Symposium on Security and Privacy (S&P)","author":"Lever Chaz","unstructured":"Chaz Lever, Platon Kotzias, Davide Balzarotti, Juan Caballero, and Manos Antonakakisz. 2017. A Lustrum of Malware Network Communication: Evolution and Insights 38th IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_50_1","volume-title":"Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains IEEE Symposium on Security and Privacy (SP).","author":"Lever Chaz","year":"2016","unstructured":"Chaz Lever, Robert Walls, Yacin Nadji, David Dagon, Patrick McDaniel, and Manos Antonakakis 2016. Domain-Z: 28 Registrations Later Measuring the Exploitation of Residual Trust in Domains IEEE Symposium on Security and Privacy (SP)."},{"key":"e_1_3_2_2_51_1","volume-title":"Youtextquoterightve Got Vulnerability: Exploring Effective Vulnerability Notifications USENIX Security Symposium.","author":"Li Frank","year":"2016","unstructured":"Frank Li, Zakir Durumeric, Jakub Czyz, Mohammad Karami, Michael Bailey, Damon McCoy, Stefan Savage, and Vern Paxson. 2016. Youtextquoterightve Got Vulnerability: Exploring Effective Vulnerability Notifications USENIX Security Symposium."},{"key":"e_1_3_2_2_52_1","volume-title":"Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections IEEE Symposium on Security and Privacy (S&P).","author":"Li Zhou","year":"2014","unstructured":"Zhou Li, Sumayah Alrwais, Xiaofeng Wang, and Eihal Alowaisheq. 2014. Hunting the Red Fox Online: Understanding and Detection of Mass Redirect-Script Injections IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_53_1","volume-title":"IEEE Symposium on Security and Privacy (S&P).","author":"Li Zhou","year":"2013","unstructured":"Zhou Li, Sumayah Alrwais, Yinlian Xie, Fang Yu, and Xiaofeng Wang 2013. Finding the Linchpins of the Dark Web: a Study on Topologically Dedicated Hosts on Malicious Web Infrastructures. In IEEE Symposium on Security and Privacy (S&P)."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382267"},{"key":"e_1_3_2_2_55_1","unstructured":"Daiping Liu Shuai Hao and Haining Wang 2016. All Your DNS Records Point to Us: Understanding the Security Threats of Dangling DNS Records Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS)."},{"key":"e_1_3_2_2_56_1","volume-title":"Voelker","author":"Ma Justin","year":"2009","unstructured":"Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker 2009. Beyond Blacklists: Learning to Detect Malicious Web Sites from Suspicious URLs Proceedings of the 15th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining (KDD)."},{"key":"e_1_3_2_2_57_1","volume-title":"Identifying Suspicious URLs: An Application of Large-scale Online Learning Proceedings of the 26th Annual International Conference on Machine Learning (ICML).","author":"Ma Justin","unstructured":"Justin Ma, Lawrence K. Saul, Stefan Savage, and Geoffrey M. Voelker 2009. Identifying Suspicious URLs: An Application of Large-scale Online Learning Proceedings of the 26th Annual International Conference on Machine Learning (ICML)."},{"key":"e_1_3_2_2_58_1","unstructured":"Let's Encrypt Now Being Abused By Malvertisers 2016. http:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/lets-encrypt-now-being-abused-by-malvertisers."},{"key":"e_1_3_2_2_59_1","unstructured":"Malware-Traffic-Analysis. 2017. 2017-04-06 - EITEST RIG EK from 109.234.36.165 sends matrix ransomware variant. http:\/\/www.malware-traffic-analysis.net\/2017\/04\/06\/index2.html. (2017)."},{"key":"e_1_3_2_2_60_1","first-page":"s3","volume":"1","year":"2017","unstructured":"Alexa Top 1 Million. 2017. http:\/\/s3.amazonaws.com\/alexa-static\/top-1m.csv.zip.","journal-title":"Alexa Top"},{"key":"e_1_3_2_2_61_1","unstructured":"Mozilla 2017. Public suffix list. https:\/\/publicsuffix.org\/list\/public_suffix_list.dat. (2017)."},{"key":"e_1_3_2_2_62_1","doi-asserted-by":"publisher","DOI":"10.1145\/1135777.1135794"},{"key":"e_1_3_2_2_63_1","unstructured":"PassiveDNS. 2017. http:\/\/netlab.360.com\/."},{"key":"e_1_3_2_2_64_1","volume-title":"A Comprehensive Measurement Study of Domain Generating Malware 25th USENIX Security Symposium","author":"Plohmann Daniel","unstructured":"Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, and Elmar Gerhards-Padilla. 2016. A Comprehensive Measurement Study of Domain Generating Malware 25th USENIX Security Symposium."},{"key":"e_1_3_2_2_65_1","unstructured":"CDN IP ranges. 2017. https:\/\/zenodo.org\/record\/842988#.WZJtrVGGMzM."},{"key":"e_1_3_2_2_66_1","unstructured":"Domain registrar attacked customer passwords reset 2013. http:\/\/www.theregister.co.uk\/2013\/05\/09\/name_dot_com_data_leak\/."},{"key":"e_1_3_2_2_67_1","unstructured":"scikit learn. 2017. http:\/\/scikit-learn.org\/."},{"key":"e_1_3_2_2_68_1","volume-title":"Malvertising campaigns use domain shadowing to pull in Angler EK","author":"The","year":"2015","unstructured":"The shadow knows: Malvertising campaigns use domain shadowing to pull in Angler EK 2015. https:\/\/www.proofpoint.com\/us\/threat-insight\/post\/The-Shadow-Knows\/."},{"key":"e_1_3_2_2_69_1","unstructured":"Malvertising slowing down but not out. 2016. https:\/\/blog.malwarebytes.com\/cybercrime\/exploits\/2016\/07\/malvertising-slowing-down-but-not-out\/."},{"key":"e_1_3_2_2_70_1","volume-title":"CISCO TALOS thwarts access to massive international exploit kit generating $60M annually from ransomware alone","author":"Threat","year":"2015","unstructured":"Threat spotlight: CISCO TALOS thwarts access to massive international exploit kit generating $60M annually from ransomware alone 2015. http:\/\/www.talosintelligence.com\/angler-exposed\/."},{"key":"e_1_3_2_2_71_1","unstructured":"Tom Spring. 2016. Inside the RIG exploit kit. https:\/\/threatpost.com\/inside-the-rig-exploit-kit\/121805\/. (2016)."},{"key":"e_1_3_2_2_72_1","unstructured":"The story around the Linode hack. 2013. https:\/\/news.ycombinator.com\/item?id=5667027."},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"crossref","unstructured":"Gianluca Stringhini Christopher Kruegel and Giovanni Vigna 2013. Shady Paths: Leveraging Surfing Crowds to Detect Malicious Web Pages Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS).","DOI":"10.1145\/2508859.2516682"},{"key":"e_1_3_2_2_74_1","volume-title":"USENIX Security Symposium (USENIX Security).","author":"Szurdi Janos","year":"2014","unstructured":"Janos Szurdi, Balazs Kocso, Gabor Cseh, Jonathan Spring, Mark Felegyhazi, and Chris Kanich. 2014. The Long textquotedblleftTailetextquotedblright of Typosquatting Domain Names. USENIX Security Symposium (USENIX Security)."},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413217"},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"crossref","unstructured":"Kurt Thomas Chris Grier Justin Ma Vern Paxson and Dawn Song 2011. Design and Evaluation of a Real-Time URL Spam Filtering Service Proceedings of the IEEE Symposium on Security and Privacy (S&P).","DOI":"10.1109\/SP.2011.25"},{"key":"e_1_3_2_2_77_1","volume-title":"Global Malvertising Campaign Thwarted","author":"ShadowGate Take Down Talos","year":"2016","unstructured":"Talos ShadowGate Take Down: Global Malvertising Campaign Thwarted 2016. http:\/\/blog.talosintelligence.com\/2016\/09\/shadowgate-takedown.html."},{"key":"e_1_3_2_2_78_1","unstructured":"Hover Resets User Passwords Due to Possible Breach 2015. http:\/\/www.securityweek.com\/hover-resets-user-passwords-due-possible-breach\/."},{"key":"e_1_3_2_2_79_1","unstructured":"Angler Attempts to Slip the Hook. 2016. http:\/\/blog.talosintelligence.com\/2016\/03\/angler-slips-hook.html."},{"key":"e_1_3_2_2_80_1","volume-title":"Look Into Malvertising Attacks Targeting The UK 2016","author":"A","year":"2016","unstructured":"A Look Into Malvertising Attacks Targeting The UK 2016. https:\/\/blog.malwarebytes.com\/threat-analysis\/2016\/03\/a-look-into-malvertising-attacks-targeting-the-uk\/."},{"key":"e_1_3_2_2_81_1","unstructured":"VirusTotal. 2017. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_2_82_1","volume-title":"Parking Sensors: Analyzing and Detecting Parked Domains Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Vissers Thomas","year":"2015","unstructured":"Thomas Vissers, Wouter Joosen, and Nick Nikiforakis. 2015. Parking Sensors: Analyzing and Detecting Parked Domains Proceedings of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_83_1","doi-asserted-by":"publisher","DOI":"10.1145\/2046707.2046763"},{"key":"e_1_3_2_2_84_1","volume-title":"Large-Scale Automatic Classification of Phishing Pages Proceedings of the Annual Network and Distributed System Security Symposium (NDSS).","author":"Whittaker Colin","year":"2010","unstructured":"Colin Whittaker, Brian Ryner, and Marria Nazif. 2010. Large-Scale Automatic Classification of Phishing Pages Proceedings of the Annual Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_2_85_1","volume-title":"Detecting Algorithmically Generated Malicious Domain Names Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC). endthebibliography","author":"Yadav Sandeep","year":"2010","unstructured":"Sandeep Yadav, Ashwath Kumar Krishna Reddy, A.L. Narasimha Reddy, and Supranamaya Ranjan 2010. Detecting Algorithmically Generated Malicious Domain Names Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC). endthebibliography"}],"event":{"name":"CCS '17: 2017 ACM SIGSAC Conference on Computer and Communications Security","location":"Dallas Texas USA","acronym":"CCS '17","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134049","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3133956.3134049","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:11:03Z","timestamp":1750212663000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3133956.3134049"}},"subtitle":["Towards Automated Detection of Shadowed Domains"],"short-title":[],"issued":{"date-parts":[[2017,10,30]]},"references-count":85,"alternative-id":["10.1145\/3133956.3134049","10.1145\/3133956"],"URL":"https:\/\/doi.org\/10.1145\/3133956.3134049","relation":{},"subject":[],"published":{"date-parts":[[2017,10,30]]},"assertion":[{"value":"2017-10-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}