{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:58:13Z","timestamp":1773511093308,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,3,13]],"date-time":"2018-03-13T00:00:00Z","timestamp":1520899200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,3,13]]},"DOI":"10.1145\/3176258.3176329","type":"proceedings-article","created":{"date-parts":[[2018,3,15]],"date-time":"2018-03-15T13:22:14Z","timestamp":1521120134000},"page":"330-341","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":20,"title":["A Domain is only as Good as its Buddies"],"prefix":"10.1145","author":[{"given":"Issa M.","family":"Khalil","sequence":"first","affiliation":[{"name":"Qatar Computing Research Institute, Doha, Qatar"}]},{"given":"Bei","family":"Guan","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Doha, Qatar"}]},{"given":"Mohamed","family":"Nabeel","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Doha, Qatar"}]},{"given":"Ting","family":"Yu","sequence":"additional","affiliation":[{"name":"Qatar Computing Research Institute, Doha, Qatar"}]}],"member":"320","published-online":{"date-parts":[[2018,3,13]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Active DNS Project. https:\/\/activednsproject.org\/. Accessed: 17-04-2017.  Active DNS Project. https:\/\/activednsproject.org\/. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_2_1","unstructured":"AWS Public IP Ranges. https:\/\/ip-ranges.amazonaws.com\/ip-ranges.json. Accessed: 17-04-2017.  AWS Public IP Ranges. https:\/\/ip-ranges.amazonaws.com\/ip-ranges.json. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_3_1","unstructured":"Common Crawl. https:\/\/commoncrawl.org\/. Accessed: 17-04-2017.  Common Crawl. https:\/\/commoncrawl.org\/. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_4_1","unstructured":"Google Public IP API. https:\/\/github.com\/bcoe\/gce-ips\/blob\/master\/index.js. Accessed: 17-04-2017.  Google Public IP API. https:\/\/github.com\/bcoe\/gce-ips\/blob\/master\/index.js. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_5_1","unstructured":"McAfee SiteAdvisor. http:\/\/www.siteadvisor.com\/. Accessed: 10-08-2016.  McAfee SiteAdvisor. http:\/\/www.siteadvisor.com\/. Accessed: 10-08-2016."},{"key":"e_1_3_2_1_6_1","unstructured":"Microsoft Azure Public IP Ranges. https:\/\/github.com\/bcoe\/which-cloud\/blob\/master\/data\/PublicIPs.xml. Accessed: 17-04-2017.  Microsoft Azure Public IP Ranges. https:\/\/github.com\/bcoe\/which-cloud\/blob\/master\/data\/PublicIPs.xml. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_7_1","unstructured":"scikit-learn. http:\/\/scikit-learn.org\/. Accessed: 20-04-2017.  scikit-learn. http:\/\/scikit-learn.org\/. Accessed: 20-04-2017."},{"key":"e_1_3_2_1_8_1","unstructured":"Team AWS. https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/using-instance-addressing.html\/. Accessed: 17-04--2017.  Team AWS. https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/using-instance-addressing.html\/. Accessed: 17-04--2017."},{"key":"e_1_3_2_1_9_1","unstructured":"Team AWS. https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/elastic-ip-addresses-eip.html. Accessed: 17-04--2017.  Team AWS. https:\/\/docs.aws.amazon.com\/AWSEC2\/latest\/UserGuide\/elastic-ip-addresses-eip.html. Accessed: 17-04--2017."},{"key":"e_1_3_2_1_10_1","unstructured":"Team Google. https:\/\/cloud.google.com\/compute\/docs\/ip-addresses\/ephemeraladdress. Accessed: 17-04-2017.  Team Google. https:\/\/cloud.google.com\/compute\/docs\/ip-addresses\/ephemeraladdress. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_11_1","unstructured":"Which-Cloud Tool. https:\/\/github.com\/bcoe\/which-cloud. Accessed: 17-04-2017.  Which-Cloud Tool. https:\/\/github.com\/bcoe\/which-cloud. Accessed: 17-04-2017."},{"key":"e_1_3_2_1_12_1","unstructured":"WHOIS Records. https:\/\/whois.icann.org\/. Accessed: 20-04-2017.  WHOIS Records. https:\/\/whois.icann.org\/. Accessed: 20-04-2017."},{"key":"e_1_3_2_1_13_1","unstructured":"Alexa. Alexa Top Sites. http:\/\/aws.amazon.com\/alexa-top-sites\/. Accessed: 30-03--2016.  Alexa. Alexa Top Sites. http:\/\/aws.amazon.com\/alexa-top-sites\/. Accessed: 30-03--2016."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/2996758.2996767"},{"key":"e_1_3_2_1_15_1","first-page":"273","volume-title":"Proceedings of the 19th USENIX Conference on Security","author":"Antonakakis Manos","year":"2010","unstructured":"Manos Antonakakis , Roberto Perdisci , David Dagon , Wenke Lee , and Nick Feamster . Building a Dynamic Reputation System for DNS . In Proceedings of the 19th USENIX Conference on Security , pages 273 -- 290 , 2010 . Manos Antonakakis, Roberto Perdisci, David Dagon, Wenke Lee, and Nick Feamster. Building a Dynamic Reputation System for DNS. In Proceedings of the 19th USENIX Conference on Security, pages 273--290, 2010."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.5555\/2028067.2028094"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/357830.357849"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2584679"},{"key":"e_1_3_2_1_19_1","unstructured":"Black Hole DNS. Black hole dns list. http:\/\/www.malwaredomains.com\/bhdns.html\/. Accessed: 17-05-2017.  Black Hole DNS. Black hole dns list. http:\/\/www.malwaredomains.com\/bhdns.html\/. Accessed: 17-05-2017."},{"key":"e_1_3_2_1_20_1","unstructured":"Farsight Security Inc. DNS Database. https:\/\/www.dnsdb.info\/. Accessed: 28-03-2016.  Farsight Security Inc. DNS Database. https:\/\/www.dnsdb.info\/. Accessed: 28-03-2016."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1007465528199"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815706"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2014.2358637"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2010.5762763"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897877"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855768.1855790"},{"key":"e_1_3_2_1_27_1","first-page":"188","volume-title":"Manos Antonakakis. Enabling Network Security Through Active DNS Datasets. In Proceedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses","author":"Kountouras Athanasios","year":"2016","unstructured":"Athanasios Kountouras , Panagiotis Kintis , Charles Lever , Yizheng Chen , Yacin Nadji , David Dagon , and Manos Antonakakis. Enabling Network Security Through Active DNS Datasets. In Proceedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses , pages 188 -- 208 , 2016 . Athanasios Kountouras, Panagiotis Kintis, Charles Lever, Yizheng Chen, Yacin Nadji, David Dagon, and Manos Antonakakis. Enabling Network Security Through Active DNS Datasets. In Proceedings of the 19th International Symposium on Research in Attacks, Intrusions, and Defenses, pages 188--208, 2016."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV.2009.5459198"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2815675.2815693"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666659"},{"key":"e_1_3_2_1_31_1","volume-title":"Proceedings of the National Conference on Artificial Intelligence","author":"Pearl Judea","year":"1982","unstructured":"Judea Pearl . Reverend Bayes on inference engines: A distributed hierarchical approach . In Proceedings of the National Conference on Artificial Intelligence , 1982 . Judea Pearl. Reverend Bayes on inference engines: A distributed hierarchical approach. In Proceedings of the National Conference on Artificial Intelligence, 1982."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.35"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.5555\/2011216.2011217"},{"key":"e_1_3_2_1_34_1","volume-title":"Gaussian Markov Random Fields: Theory And Applications (Monographs on Statistics and Applied Probability)","author":"Rue Havard","year":"2005","unstructured":"Havard Rue and Leonhard Held . Gaussian Markov Random Fields: Theory And Applications (Monographs on Statistics and Applied Probability) . Chapman & Hall\/CRC , 2005 . Havard Rue and Leonhard Held. Gaussian Markov Random Fields: Theory And Applications (Monographs on Statistics and Applied Probability). Chapman & Hall\/CRC, 2005."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1109\/65.912716"},{"key":"e_1_3_2_1_36_1","first-page":"195","volume-title":"Proceedings of the 2016 USENIX Conference on Usenix Annual Technical Conference","author":"Scott Will","year":"2016","unstructured":"Will Scott , Thomas Anderson , Tadayoshi Kohno , and Arvind Krishnamurthy . Satellite : Joint analysis of cdns and network-level interference . In Proceedings of the 2016 USENIX Conference on Usenix Annual Technical Conference , pages 195 -- 208 . USENIX Association , 2016 . Will Scott, Thomas Anderson, Tadayoshi Kohno, and Arvind Krishnamurthy. Satellite: Joint analysis of cdns and network-level interference. In Proceedings of the 2016 USENIX Conference on Usenix Annual Technical Conference, pages 195--208. USENIX Association, 2016."},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-016-0331-3"},{"key":"e_1_3_2_1_38_1","first-page":"1","volume-title":"Stinson and John C. Mitchell. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods. In Proceedings of the 2Nd Conference on USENIX Workshop on Offensive Technologies","author":"Elizabeth","year":"2008","unstructured":"Elizabeth Stinson and John C. Mitchell. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods. In Proceedings of the 2Nd Conference on USENIX Workshop on Offensive Technologies , pages 5: 1 -- 5 :9, 2008 . Elizabeth Stinson and John C. Mitchell. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods. In Proceedings of the 2Nd Conference on USENIX Workshop on Offensive Technologies, pages 5:1--5:9, 2008."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"e_1_3_2_1_40_1","unstructured":"The DNS-BH project. DNS-BH -- Malware Domain Blocklist. http:\/\/www.malwaredomains.com\/. Accessed: 16-05--2016.  The DNS-BH project. DNS-BH -- Malware Domain Blocklist. http:\/\/www.malwaredomains.com\/. Accessed: 16-05--2016."},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1145\/3011077.3011112"},{"key":"e_1_3_2_1_42_1","unstructured":"VirusTotal Subsidiary of Google. VirusTotal -- Free Online Virus Malware and URL Scanner. https:\/\/www.virustotal.com\/. Accessed: 04-05-2016.  VirusTotal Subsidiary of Google. VirusTotal -- Free Online Virus Malware and URL Scanner. https:\/\/www.virustotal.com\/. Accessed: 04-05-2016."},{"key":"e_1_3_2_1_43_1","first-page":"98","volume-title":"Weimer. Passive DNS Replication. In FIRST Conference on Computer Security Incident","author":"Florian","year":"2005","unstructured":"Florian Weimer. Passive DNS Replication. In FIRST Conference on Computer Security Incident , page 98 , 2005 . Florian Weimer. Passive DNS Replication. In FIRST Conference on Computer Security Incident, page 98, 2005."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1282380.1282415"},{"key":"e_1_3_2_1_45_1","first-page":"689","volume-title":"Proceedings of the Advances in Neural Information Processing Systems","author":"Yedidia Jonathan S","year":"2001","unstructured":"Jonathan S Yedidia , William T. Freeman , and Yair Weiss . Generalized belief propagation . In T. K. Leen, T. G. Dietterich, and V. Tresp, editors, Proceedings of the Advances in Neural Information Processing Systems , pages 689 -- 695 . MIT Press , 2001 . Jonathan S Yedidia, William T. Freeman, and Yair Weiss. Generalized belief propagation. In T. K. Leen, T. G. Dietterich, and V. Tresp, editors, Proceedings of the Advances in Neural Information Processing Systems, pages 689--695. MIT Press, 2001."},{"key":"e_1_3_2_1_46_1","first-page":"239","volume-title":"Exploring artificial intelligence in the new millennium","author":"Yedidia Jonathan S.","year":"2003","unstructured":"Jonathan S. Yedidia , William T. Freeman , and Yair Weiss . Exploring artificial intelligence in the new millennium . chapter Understanding Belief Propagation and Its Generalizations, pages 239 -- 269 . Morgan Kaufmann Publishers Inc ., 2003 . Jonathan S. Yedidia, William T. Freeman, and Yair Weiss. Exploring artificial intelligence in the new millennium. chapter Understanding Belief Propagation and Its Generalizations, pages 239--269. Morgan Kaufmann Publishers Inc., 2003."},{"key":"e_1_3_2_1_47_1","unstructured":"Zeus Tracker. Zeus domain blocklist. https:\/\/zeustracker.abuse.ch\/. Accessed: 17-05-2017.  Zeus Tracker. Zeus domain blocklist. https:\/\/zeustracker.abuse.ch\/. Accessed: 17-05-2017."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2015.70"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1155\/2015\/102687"}],"event":{"name":"CODASPY '18: Eighth ACM Conference on Data and Application Security and Privacy","location":"Tempe AZ USA","acronym":"CODASPY '18","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3176258.3176329","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3176258.3176329","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T02:26:40Z","timestamp":1750213600000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3176258.3176329"}},"subtitle":["Detecting Stealthy Malicious Domains via Graph Inference"],"short-title":[],"issued":{"date-parts":[[2018,3,13]]},"references-count":49,"alternative-id":["10.1145\/3176258.3176329","10.1145\/3176258"],"URL":"https:\/\/doi.org\/10.1145\/3176258.3176329","relation":{},"subject":[],"published":{"date-parts":[[2018,3,13]]},"assertion":[{"value":"2018-03-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}