{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:08:01Z","timestamp":1750306081459,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":42,"publisher":"ACM","license":[{"start":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T00:00:00Z","timestamp":1512345600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2017,12,4]]},"DOI":"10.1145\/3134600.3134604","type":"proceedings-article","created":{"date-parts":[[2017,12,4]],"date-time":"2017-12-04T19:18:32Z","timestamp":1512415112000},"page":"91-102","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":19,"title":["Marmite"],"prefix":"10.1145","author":[{"given":"Gianluca","family":"Stringhini","sequence":"first","affiliation":[{"name":"University College London"}]},{"given":"Yun","family":"Shen","sequence":"additional","affiliation":[{"name":"Symantec Research Labs"}]},{"given":"Yufei","family":"Han","sequence":"additional","affiliation":[{"name":"Symantec Research Labs"}]},{"given":"Xiangliang","family":"Zhang","sequence":"additional","affiliation":[{"name":"King Abdullah University of Science and Technology"}]}],"member":"320","published-online":{"date-parts":[[2017,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"National Software Reference Library. http:\/\/www.nsrl.nist.gov\/.  National Software Reference Library. http:\/\/www.nsrl.nist.gov\/."},{"key":"e_1_3_2_1_2_1","unstructured":"VirusTotal. https:\/\/www.virustotal.com.  VirusTotal. https:\/\/www.virustotal.com."},{"key":"e_1_3_2_1_3_1","volume-title":"USENIX Security Symposium","author":"Antonakakis M.","year":"2012","unstructured":"Antonakakis , M. , Perdisci , R. , Nadji , Y. , Vasiloglou , N. , Abu-Nimeh , S. , Lee , W. , and Dagon , D . From throw-away traffic to bots: detecting the rise of DGA-based malware . In USENIX Security Symposium ( 2012 ). Antonakakis, M., Perdisci, R., Nadji, Y., Vasiloglou, N., Abu-Nimeh, S., Lee, W., and Dagon, D. From throw-away traffic to bots: detecting the rise of DGA-based malware. In USENIX Security Symposium (2012)."},{"key":"e_1_3_2_1_4_1","volume-title":"Random Search for Hyper-parameter Optimization. Journal of Machine Learning Research (Feb","author":"Bergstra J.","year":"2012","unstructured":"Bergstra , J. , and Bengio , Y . Random Search for Hyper-parameter Optimization. Journal of Machine Learning Research (Feb . 2012 ). Bergstra, J., and Bengio, Y. Random Search for Hyper-parameter Optimization. Journal of Machine Learning Research (Feb. 2012)."},{"key":"e_1_3_2_1_5_1","volume-title":"USENIX Security Symposium","author":"Caballero J.","year":"2011","unstructured":"Caballero , J. , Grier , C. , Kreibich , C. , and Paxson , V . Measuring pay-per-install: The commoditization of malware distribution . In USENIX Security Symposium ( 2011 ). Caballero, J., Grier, C., Kreibich, C., and Paxson, V. Measuring pay-per-install: The commoditization of malware distribution. In USENIX Security Symposium (2011)."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/2089125.2089126"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.patrec.2005.10.010"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382283"},{"key":"e_1_3_2_1_9_1","volume-title":"Measuring and Detecting Fast-Flux Service Networks. In Network and Distributed Systems Security Symposium (NDSS)","author":"Holz T.","year":"2008","unstructured":"Holz , T. , Gorecki , C. , Rieck , K. , and Freiling , F. C . Measuring and Detecting Fast-Flux Service Networks. In Network and Distributed Systems Security Symposium (NDSS) ( 2008 ). Holz, T., Gorecki, C., Rieck, K., and Freiling, F. C. Measuring and Detecting Fast-Flux Service Networks. In Network and Distributed Systems Security Symposium (NDSS) (2008)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2012.33"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23269"},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Security Symposium","author":"Kapravelos A.","year":"2013","unstructured":"Kapravelos , A. , Shoshitaishvili , Y. , Cova , M. , Kruegel , C. , and Vigna , G . Revolver: An automated approach to the detection of evasive web-based malware . In USENIX Security Symposium ( 2013 ). Kapravelos, A., Shoshitaishvili, Y., Cova, M., Kruegel, C., and Vigna, G. Revolver: An automated approach to the detection of evasive web-based malware. In USENIX Security Symposium (2013)."},{"key":"e_1_3_2_1_13_1","volume-title":"Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA)","author":"Karampatziakis N.","year":"2013","unstructured":"Karampatziakis , N. , Stokes , J. W. , Thomas , A. , and Marinescu , M . Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA) . 2013 , ch. Using File Relationships in Malware Classification . Karampatziakis, N., Stokes, J. W., Thomas, A., and Marinescu, M. Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA). 2013, ch. Using File Relationships in Malware Classification."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_1"},{"key":"e_1_3_2_1_15_1","volume-title":"USENIX Security Symposium","author":"Kirat D.","year":"2014","unstructured":"Kirat , D. , Vigna , G. , and Kruegel , C . Barecloud: bare-metal analysis-based evasive malware detection . In USENIX Security Symposium ( 2014 ). Kirat, D., Vigna, G., and Kruegel, C. Barecloud: bare-metal analysis-based evasive malware detection. In USENIX Security Symposium (2014)."},{"key":"e_1_3_2_1_16_1","volume-title":"IJCAI","author":"Kohavi R.","year":"1995","unstructured":"Kohavi , R. A study of cross-validation and bootstrap for accuracy estimation and model selection . In IJCAI ( 1995 ). Kohavi, R. A study of cross-validation and bootstrap for accuracy estimation and model selection. In IJCAI (1995)."},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Security Symposium","author":"Kotzias P.","year":"2016","unstructured":"Kotzias , P. , Bilge , L. , and Caballero , J . Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services . In USENIX Security Symposium ( 2016 ). Kotzias, P., Bilge, L., and Caballero, J. Measuring PUP Prevalence and PUP Distribution through Pay-Per-Install Services. In USENIX Security Symposium (2016)."},{"key":"e_1_3_2_1_18_1","volume-title":"USENIX Security Symposium","author":"Kruegel C.","year":"2004","unstructured":"Kruegel , C. , Robertson , W. , Valeur , F. , and Vigna , G . Static disassembly of obfuscated binaries . In USENIX Security Symposium ( 2004 ). Kruegel, C., Robertson, W., Valeur, F., and Vigna, G. Static disassembly of obfuscated binaries. In USENIX Security Symposium (2004)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813724"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.18"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666659"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFOCOM.2014.6848047"},{"key":"e_1_3_2_1_23_1","unstructured":"Nachenberg C. Wilhelm J. Wright A. and Faloutsos C Polonium: Tera-scale graph mining and inference for malware detection.  Nachenberg C. Wilhelm J. Wright A. and Faloutsos C Polonium: Tera-scale graph mining and inference for malware detection."},{"key":"e_1_3_2_1_24_1","volume-title":"USENIX Security Symposium","author":"Nelms T.","year":"2015","unstructured":"Nelms , T. , Perdisci , R. , Antonakakis , M. , and Ahamad , M . Webwitness: Investigating, categorizing, and mitigating malware download paths . In USENIX Security Symposium ( 2015 ). Nelms, T., Perdisci, R., Antonakakis, M., and Ahamad, M. Webwitness: Investigating, categorizing, and mitigating malware download paths. In USENIX Security Symposium (2015)."},{"key":"e_1_3_2_1_25_1","volume-title":"Learning pattern classification tasks with imbalanced data sets. Tech. rep","author":"Nguyen G. H.","year":"2009","unstructured":"Nguyen , G. H. , Bouzerdoum , A. , and Phung , S. L . Learning pattern classification tasks with imbalanced data sets. Tech. rep ., 2009 . Nguyen, G. H., Bouzerdoum, A., and Phung, S. L. Learning pattern classification tasks with imbalanced data sets. Tech. rep., 2009."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/2398776.2398821"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897918"},{"key":"e_1_3_2_1_28_1","volume-title":"Network and Distributed System Security Symposium (NDSS)","author":"Rajab M. A.","year":"2013","unstructured":"Rajab , M. A. , Ballard , L. , Lutz , N. , Mavrommatis , P. , and Provos , N . Camp: Content-agnostic malware protection . In Network and Distributed System Security Symposium (NDSS) ( 2013 ). Rajab, M. A., Ballard, L., Lutz, N., Mavrommatis, P., and Provos, N. Camp: Content-agnostic malware protection. In Network and Distributed System Security Symposium (NDSS) (2013)."},{"key":"e_1_3_2_1_29_1","volume-title":"Can DNS-based blacklists keep up with bots? In CEAS","author":"Ramachandran A.","year":"2006","unstructured":"Ramachandran , A. , Dagon , D. , and Feamster , N . Can DNS-based blacklists keep up with bots? In CEAS ( 2006 ). Ramachandran, A., Dagon, D., and Feamster, N. Can DNS-based blacklists keep up with bots? In CEAS (2006)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-37300-8_3"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_32_1","volume-title":"USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET)","author":"Stokes J. W.","year":"2010","unstructured":"Stokes , J. W. , Andersen , R. , Seifert , C. , and Chellapilla , K . Webcop: Locating neighborhoods of malware on the web . In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) ( 2010 ). Stokes, J. W., Andersen, R.,Seifert, C., and Chellapilla, K. Webcop: Locating neighborhoods of malware on the web. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2010)."},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_1_34_1","volume-title":"Workshop on lage-scale exploits and emerging threats (LEET)","author":"Stone-Gross B.","year":"2011","unstructured":"Stone-Gross , B. , Holz , T. , Stringhini , G. , and Vigna , G . The underground economy of spam: A botmaster's perspective of coordinating large-scale spam campaigns . In Workshop on lage-scale exploits and emerging threats (LEET) ( 2011 ). Stone-Gross, B., Holz, T., Stringhini, G., and Vigna, G. The underground economy of spam: A botmaster's perspective of coordinating large-scale spam campaigns. In Workshop on lage-scale exploits and emerging threats (LEET) (2011)."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516682"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"e_1_3_2_1_37_1","volume-title":"D. Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software. In USENIX Security Symposium","author":"Thomas K.","year":"2016","unstructured":"Thomas , K. , Crespo , J. , Picod , J.-M. , Phillips , C. , Sharp , C. , Decoste , M.-A. , Tofigh , A. , Courteau , M.-A. , Ballard , L. , Shield , R. , Jagpal , N. , Abu Rajab , M. , Mavrommatis , P. , Provos , N. , Bursztein , E. , and McCoy , D. Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software. In USENIX Security Symposium ( 2016 ). Thomas, K., Crespo, J., Picod, J.-M., Phillips, C., Sharp, C., Decoste, M.-A., Tofigh, A., Courteau, M.-A., Ballard, L., Shield, R., Jagpal, N., Abu Rajab, M., Mavrommatis, P., Provos, N., Bursztein, E., and McCoy, D. Investigating Commercial Pay-Per-Install and the Distribution of Unwanted Software. In USENIX Security Symposium (2016)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-40203-6_31"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2007.45"},{"key":"e_1_3_2_1_40_1","volume-title":"PAKDD","author":"Yamaguchi Y.","year":"2015","unstructured":"Yamaguchi , Y. , Faloutsos , C. , and Kitagawa , H . PAKDD . 2015 , ch. SocNL: Bayesian Label Propagation with Confidence . Yamaguchi, Y., Faloutsos, C., and Kitagawa, H. PAKDD. 2015, ch. SocNL: Bayesian Label Propagation with Confidence."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/1963405.1963435"},{"key":"e_1_3_2_1_42_1","volume-title":"ICML","author":"Zhu X.","year":"2003","unstructured":"Zhu , X. , Ghahramani , Z. , and Lafferty , J . Semi-supervised learning using gaussian fields and harmonic functions . In ICML ( 2003 ). Zhu, X., Ghahramani, Z., and Lafferty, J. Semi-supervised learning using gaussian fields and harmonic functions. In ICML (2003)."}],"event":{"name":"ACSAC 2017: 2017 Annual Computer Security Applications Conference","acronym":"ACSAC 2017","location":"Orlando FL USA"},"container-title":["Proceedings of the 33rd Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134604","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3134600.3134604","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:30:11Z","timestamp":1750217411000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3134600.3134604"}},"subtitle":["Spreading Malicious File Reputation Through Download Graphs"],"short-title":[],"issued":{"date-parts":[[2017,12,4]]},"references-count":42,"alternative-id":["10.1145\/3134600.3134604","10.1145\/3134600"],"URL":"https:\/\/doi.org\/10.1145\/3134600.3134604","relation":{},"subject":[],"published":{"date-parts":[[2017,12,4]]},"assertion":[{"value":"2017-12-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}