{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,3]],"date-time":"2025-12-03T17:55:14Z","timestamp":1764784514452,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,10,5]],"date-time":"2020-10-05T00:00:00Z","timestamp":1601856000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,10,5]]},"DOI":"10.1145\/3320269.3372202","type":"proceedings-article","created":{"date-parts":[[2020,10,5]],"date-time":"2020-10-05T16:33:22Z","timestamp":1601915602000},"page":"652-664","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":18,"title":["BOTection: Bot Detection by Building Markov Chain Models of Bots Network Behavior"],"prefix":"10.1145","author":[{"given":"Bushra A.","family":"AlAhmadi","sequence":"first","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"given":"Enrico","family":"Mariconti","sequence":"additional","affiliation":[{"name":"University College London, London, United Kingdom"}]},{"given":"Riccardo","family":"Spolaor","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"given":"Gianluca","family":"Stringhini","sequence":"additional","affiliation":[{"name":"Boston University, Boston, MA, USA"}]},{"given":"Ivan","family":"Martinovic","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2020,10,5]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"Mohamed Ali Kaafar, and Sanjay Jha","author":"Abaid Zainab","year":"2017","unstructured":"Zainab Abaid , Mohamed Ali Kaafar, and Sanjay Jha . 2017 . Early Detection of In-the-Wild Botnet Attacks by Exploiting Network Communication Uniformity: An Empirical Study. IFIP Networking ( 2017). Zainab Abaid, Mohamed Ali Kaafar, and Sanjay Jha. 2017. Early Detection of In-the-Wild Botnet Attacks by Exploiting Network Communication Uniformity: An Empirical Study. IFIP Networking (2017)."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/LCN.2016.17"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/1177080.1177086"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2018.8376209"},{"key":"e_1_3_2_1_5_1","volume-title":"The Command Structure of the Operation Aurora Botnet: History, Patterns, and Findings","author":"Antonakakis M","year":"2010","unstructured":"M Antonakakis , C Elisan , D Dagon , G Ollmann , and E Wu. 2010. The Command Structure of the Operation Aurora Botnet: History, Patterns, and Findings . Atlanta, GA : Damballa, Inc ( 2010 ). M Antonakakis, C Elisan, D Dagon, G Ollmann, and E Wu. 2010. The Command Structure of the Operation Aurora Botnet: History, Patterns, and Findings. Atlanta, GA: Damballa, Inc (2010)."},{"key":"e_1_3_2_1_6_1","volume-title":"Affan A Syed, and Syed Ali Khayam.","author":"Ashfaq Ayesha Binte","year":"2016","unstructured":"Ayesha Binte Ashfaq , Zainab Abaid , Maliha Ismail , Muhammad Umar Aslam , Affan A Syed, and Syed Ali Khayam. 2016 . Diagnosing bot infections using Bayesian inference. Journal of Computer Virology and Hacking Techniques ( 2016). Ayesha Binte Ashfaq, Zainab Abaid, Maliha Ismail, Muhammad Umar Aslam, Affan A Syed, and Syed Ali Khayam. 2016. Diagnosing bot infections using Bayesian inference. Journal of Computer Virology and Hacking Techniques (2016)."},{"key":"e_1_3_2_1_7_1","volume-title":"Proc. of IEEE CNS.","author":"Beigi Elaheh Biglar","year":"2014","unstructured":"Elaheh Biglar Beigi , Hossein Hadian Jazi , Natalia Stakhanova , and Ali A Ghorbani . 2014 . Towards effective feature selection in machine learning-based botnet detection approaches . In Proc. of IEEE CNS. Elaheh Biglar Beigi, Hossein Hadian Jazi, Natalia Stakhanova, and Ali A Ghorbani. 2014. Towards effective feature selection in machine learning-based botnet detection approaches. In Proc. of IEEE CNS."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/PST.2010.5593240"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/MILCOM.2015.7357464"},{"key":"e_1_3_2_1_11_1","volume-title":"Proc. of NSF NGDM.","author":"Dokas Paul","year":"2002","unstructured":"Paul Dokas , Levent Ertoz , Vipin Kumar , Aleksandar Lazarevic , Jaideep Srivastava , and Pang-Ning Tan . 2002 . Data mining for network intrusion detection . In Proc. of NSF NGDM. Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep Srivastava, and Pang-Ning Tan. 2002. Data mining for network intrusion detection. In Proc. of NSF NGDM."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_3_2_1_13_1","volume-title":"Proc. of USENIX Security.","author":"Gu Guofei","year":"2007","unstructured":"Guofei Gu , Phillip A Porras , Vinod Yegneswaran , Martin W Fong , and Wenke Lee . 2007 . BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation .. In Proc. of USENIX Security. Guofei Gu, Phillip A Porras, Vinod Yegneswaran, Martin W Fong, and Wenke Lee. 2007. BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation.. In Proc. of USENIX Security."},{"key":"e_1_3_2_1_14_1","volume-title":"Proc. of USENIX Security.","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Phillip A Porras , Vinod Yegneswaran , Martin W Fong , and Wenke Lee . 2008 a. BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection .. In Proc. of USENIX Security. Guofei Gu, Phillip A Porras, Vinod Yegneswaran, Martin W Fong, and Wenke Lee. 2008a. BotMiner: Clustering Analysis of Network Traffic for Protocol-and Structure-Independent Botnet Detection.. In Proc. of USENIX Security."},{"key":"e_1_3_2_1_15_1","volume-title":"Proc. of USENIX Security.","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Junjie Zhang , and Wenke Lee . 2008 b. BotSniffer: Detecting botnet command and control channels in network traffic . In Proc. of USENIX Security. Guofei Gu, Junjie Zhang, and Wenke Lee. 2008b. BotSniffer: Detecting botnet command and control channels in network traffic. In Proc. of USENIX Security."},{"key":"e_1_3_2_1_16_1","first-page":"898","article-title":"A taxonomy of botnet behavior, detection, and defense","volume":"16","author":"Khattak Sheharbano","year":"2014","unstructured":"Sheharbano Khattak , Naurin Rasheed Ramay , Kamran Riaz Khan , Affan A Syed , and Syed Ali Khayam . 2014 . A taxonomy of botnet behavior, detection, and defense . IEEE COMST , Vol. 16 , 2 (2014), 898 -- 924 . Sheharbano Khattak, Naurin Rasheed Ramay, Kamran Riaz Khan, Affan A Syed, and Syed Ali Khayam. 2014. A taxonomy of botnet behavior, detection, and defense. IEEE COMST, Vol. 16, 2 (2014), 898--924.","journal-title":"IEEE COMST"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1081870.1081950"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2016.36"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23353"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICNP.2016.7785325"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2014.6997496"},{"key":"e_1_3_2_1_22_1","volume-title":"Proc. of USENIX security.","author":"Nazario J","year":"2008","unstructured":"J Nazario . 2008 . Political DDoS: Estonia and beyond . In Proc. of USENIX security. J Nazario. 2008. Political DDoS: Estonia and beyond. In Proc. of USENIX security."},{"key":"e_1_3_2_1_24_1","first-page":"14","article-title":"MaMaDroid: Detecting android malware by building markov chains of behavioral models (extended version)","volume":"22","author":"Onwuzurike Lucky","year":"2019","unstructured":"Lucky Onwuzurike , Enrico Mariconti , Panagiotis Andriotis , Emiliano De Cristofaro , Gordon Ross , and Gianluca Stringhini . 2019 . MaMaDroid: Detecting android malware by building markov chains of behavioral models (extended version) . ACM TOPS , Vol. 22 , 2 (2019), 14 . Lucky Onwuzurike, Enrico Mariconti, Panagiotis Andriotis, Emiliano De Cristofaro, Gordon Ross, and Gianluca Stringhini. 2019. MaMaDroid: Detecting android malware by building markov chains of behavioral models (extended version). ACM TOPS, Vol. 22, 2 (2019), 14.","journal-title":"ACM TOPS"},{"key":"e_1_3_2_1_25_1","volume-title":"Proc. of USENIX Security.","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury , Fabio Pierazzi , Roberto Jordaney , Johannes Kinder , and Lorenzo Cavallaro . 2019 . TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time . In Proc. of USENIX Security. Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating Experimental Bias in Malware Classification across Space and Time. In Proc. of USENIX Security."},{"key":"e_1_3_2_1_26_1","volume-title":"Proc. of USENIX NSDI.","author":"Perdisci Roberto","year":"2010","unstructured":"Roberto Perdisci , Wenke Lee , and Nick Feamster . 2010 . Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces .. In Proc. of USENIX NSDI. Roberto Perdisci, Wenke Lee, and Nick Feamster. 2010. Behavioral Clustering of HTTP-Based Malware and Signature Generation Using Malicious Network Traces.. In Proc. of USENIX NSDI."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308897.3308961"},{"key":"e_1_3_2_1_28_1","volume-title":"Proc. of RAID.","author":"Zubair Rafique M","year":"2013","unstructured":"M Zubair Rafique and Juan Caballero . 2013 . Firma: Malware clustering and network signature generation with mixed network behaviors . In Proc. of RAID. M Zubair Rafique and Juan Caballero. 2013. Firma: Malware clustering and network signature generation with mixed network behaviors. In Proc. of RAID."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"crossref","unstructured":"Elias Raftopoulos and Xenofontas Dimitropoulos. 2011. Detecting validating and characterizing computer infections in the wild. In ACM IMC.  Elias Raftopoulos and Xenofontas Dimitropoulos. 2011. Detecting validating and characterizing computer infections in the wild. In ACM IMC.","DOI":"10.1145\/2068816.2068820"},{"key":"e_1_3_2_1_30_1","volume-title":"Provex: Detecting botnets with encrypted command and control channels. In DIMVA. 21--40.","author":"Rossow Christian","year":"2013","unstructured":"Christian Rossow and Christian J Dietrich . 2013 . Provex: Detecting botnets with encrypted command and control channels. In DIMVA. 21--40. Christian Rossow and Christian J Dietrich. 2013. Provex: Detecting botnets with encrypted command and control channels. In DIMVA. 21--40."},{"key":"e_1_3_2_1_31_1","volume-title":"Proc. of USENIX WOOT","author":"Stinson Elizabeth","year":"2008","unstructured":"Elizabeth Stinson and John C Mitchell . 2008 . Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods . Proc. of USENIX WOOT (2008). Elizabeth Stinson and John C Mitchell. 2008. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods. Proc. of USENIX WOOT (2008)."},{"key":"e_1_3_2_1_32_1","first-page":"63","article-title":"Robust smartphone app identification via encrypted network traffic analysis","volume":"13","author":"Taylor Vincent F","year":"2018","unstructured":"Vincent F Taylor , Riccardo Spolaor , Mauro Conti , and Ivan Martinovic . 2018 . Robust smartphone app identification via encrypted network traffic analysis . IEEE TIFS , Vol. 13 , 1 (2018), 63 -- 78 . Vincent F Taylor, Riccardo Spolaor, Mauro Conti, and Ivan Martinovic. 2018. Robust smartphone app identification via encrypted network traffic analysis. IEEE TIFS, Vol. 13, 1 (2018), 63--78.","journal-title":"IEEE TIFS"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"crossref","unstructured":"Florian Tegeler Xiaoming Fu Giovanni Vigna and Christopher Kruegel. 2012. BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection. In ACM CoNEXT.  Florian Tegeler Xiaoming Fu Giovanni Vigna and Christopher Kruegel. 2012. BotFinder: Finding Bots in Network Traffic Without Deep Packet Inspection. In ACM CoNEXT.","DOI":"10.1145\/2413176.2413217"},{"key":"e_1_3_2_1_34_1","first-page":"2768","article-title":"Botnet Communication Patterns","volume":"19","author":"Vormayr Gernot","year":"2017","unstructured":"Gernot Vormayr , Tanja Zseby , and Joachim Fabini . 2017 . Botnet Communication Patterns . IEEE COMST , Vol. 19 , 4 (2017), 2768 -- 2796 . Gernot Vormayr, Tanja Zseby, and Joachim Fabini. 2017. Botnet Communication Patterns. IEEE COMST, Vol. 19, 4 (2017), 2768--2796.","journal-title":"IEEE COMST"},{"key":"e_1_3_2_1_35_1","first-page":"44","article-title":"A survey of covert channels and countermeasures in computer network protocols","volume":"9","author":"Zander Sebastian","year":"2007","unstructured":"Sebastian Zander , Grenville Armitage , and Philip Branch . 2007 . A survey of covert channels and countermeasures in computer network protocols . IEEE COMST , Vol. 9 , 3 (2007), 44 -- 57 . Sebastian Zander, Grenville Armitage, and Philip Branch. 2007. A survey of covert channels and countermeasures in computer network protocols. IEEE COMST, Vol. 9, 3 (2007), 44--57.","journal-title":"IEEE COMST"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2013.04.007"}],"event":{"name":"ASIA CCS '20: The 15th ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"ASIA CCS '20"},"container-title":["Proceedings of the 15th ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3320269.3372202","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3320269.3372202","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T19:04:52Z","timestamp":1750273492000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3320269.3372202"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,10,5]]},"references-count":35,"alternative-id":["10.1145\/3320269.3372202","10.1145\/3320269"],"URL":"https:\/\/doi.org\/10.1145\/3320269.3372202","relation":{},"subject":[],"published":{"date-parts":[[2020,10,5]]},"assertion":[{"value":"2020-10-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}