{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,1]],"date-time":"2026-05-01T05:43:20Z","timestamp":1777614200264,"version":"3.51.4"},"publisher-location":"New York, NY, USA","reference-count":48,"publisher":"ACM","license":[{"start":{"date-parts":[[2019,12,9]],"date-time":"2019-12-09T00:00:00Z","timestamp":1575849600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2019,12,9]]},"DOI":"10.1145\/3359789.3359791","type":"proceedings-article","created":{"date-parts":[[2019,11,22]],"date-time":"2019-11-22T18:41:59Z","timestamp":1574448119000},"page":"417-429","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":29,"title":["MalRank"],"prefix":"10.1145","author":[{"given":"Pejman","family":"Najafi","sequence":"first","affiliation":[{"name":"Hasso Plattner Institute"}]},{"given":"Alexander","family":"M\u00fchle","sequence":"additional","affiliation":[{"name":"Hasso Plattner Institute"}]},{"given":"Wenzel","family":"P\u00fcnter","sequence":"additional","affiliation":[{"name":"Hasso Plattner Institute"}]},{"given":"Feng","family":"Cheng","sequence":"additional","affiliation":[{"name":"Hasso Plattner Institute"}]},{"given":"Christoph","family":"Meinel","sequence":"additional","affiliation":[{"name":"Hasso Plattner Institute"}]}],"member":"320","published-online":{"date-parts":[[2019,12,9]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"2018. ATT&CK: Standard Application Layer Protocol. https:\/\/attack.mitre.org\/wiki\/Technique\/T1071  2018. ATT&CK: Standard Application Layer Protocol. https:\/\/attack.mitre.org\/wiki\/Technique\/T1071"},{"key":"e_1_3_2_1_2_1","unstructured":"2018. Loopy Belief Propagation. https:\/\/github.com\/HewlettPackard\/sandpiper. Accessed: 2018-08-10.  2018. Loopy Belief Propagation. https:\/\/github.com\/HewlettPackard\/sandpiper. Accessed: 2018-08-10."},{"key":"e_1_3_2_1_3_1","unstructured":"Osama Almanna. 2016. StartSSL Domain validation (Vulnerability discovered). http:\/\/oalmanna.blogspot.com\/2016\/03\/startssl-domain-validation.html  Osama Almanna. 2016. StartSSL Domain validation (Vulnerability discovered). http:\/\/oalmanna.blogspot.com\/2016\/03\/startssl-domain-validation.html"},{"key":"e_1_3_2_1_4_1","unstructured":"Manos Antonakakis Roberto Perdisci David Dagon Wenke Lee and Nick Feamster. 2010. Building a Dynamic Reputation System for DNS. In USENIX security symposium. 273--290.  Manos Antonakakis Roberto Perdisci David Dagon Wenke Lee and Nick Feamster. 2010. Building a Dynamic Reputation System for DNS. In USENIX security symposium. 273--290."},{"key":"e_1_3_2_1_5_1","volume-title":"USENIX security symposium","author":"Antonakakis Manos","unstructured":"Manos Antonakakis , Roberto Perdisci , Wenke Lee , Nikolaos Vasiloglou , and David Dagon . 2011. Detecting Malware Domains at the Upper DNS Hierarchy . In USENIX security symposium , Vol. 11 . 1--16. Manos Antonakakis, Roberto Perdisci, Wenke Lee, Nikolaos Vasiloglou, and David Dagon. 2011. Detecting Malware Domains at the Upper DNS Hierarchy. In USENIX security symposium, Vol. 11. 1--16."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.14778\/1929861.1929864"},{"key":"e_1_3_2_1_7_1","volume-title":"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In Ndss.","author":"Bilge Leyla","year":"2011","unstructured":"Leyla Bilge , Engin Kirda , Christopher Kruegel , and Marco Balduzzi . 2011 . EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In Ndss. Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis. In Ndss."},{"key":"e_1_3_2_1_8_1","volume-title":"The anatomy of a large-scale hypertextual web search engine. Computer networks and ISDN systems 30, 1-7","author":"Brin Sergey","year":"1998","unstructured":"Sergey Brin and Lawrence Page . 1998. The anatomy of a large-scale hypertextual web search engine. Computer networks and ISDN systems 30, 1-7 ( 1998 ), 107--117. Sergey Brin and Lawrence Page. 1998. The anatomy of a large-scale hypertextual web search engine. Computer networks and ISDN systems 30, 1-7 (1998), 107--117."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/comst.2015.2494502"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.5555\/2228298.2228319"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611972818.12"},{"key":"e_1_3_2_1_12_1","volume-title":"Threat intelligence: Collecting, analysing, evaluating","author":"Chismon D","year":"2015","unstructured":"D Chismon and M Ruks . 2015. Threat intelligence: Collecting, analysing, evaluating . MWR InfoSecurity Ltd ( 2015 ). D Chismon and M Ruks. 2015. Threat intelligence: Collecting, analysing, evaluating. MWR InfoSecurity Ltd (2015)."},{"key":"e_1_3_2_1_14_1","unstructured":"MITRE Corporation. 2018. ATT&CK: Commonly Used Port. https:\/\/attack.mitre.org\/wiki\/Technique\/T1043  MITRE Corporation. 2018. ATT&CK: Commonly Used Port. https:\/\/attack.mitre.org\/wiki\/Technique\/T1043"},{"key":"e_1_3_2_1_15_1","unstructured":"Brian Davison. 2006. Propagating trust and distrust to demote web spam. (2006).  Brian Davison. 2006. Propagating trust and distrust to demote web spam. (2006)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.14778\/3055540.3055554"},{"key":"e_1_3_2_1_17_1","volume-title":"Systems and Technologies, 2009. SECURWARE'09. Third International Conference on. IEEE, 268--273","author":"Feily Maryam","year":"2009","unstructured":"Maryam Feily , Alireza Shahrestani , and Sureswaran Ramadass . 2009 . A survey of botnet and botnet detection. In Emerging Security Information , Systems and Technologies, 2009. SECURWARE'09. Third International Conference on. IEEE, 268--273 . Maryam Feily, Alireza Shahrestani, and Sureswaran Ramadass. 2009. A survey of botnet and botnet detection. In Emerging Security Information, Systems and Technologies, 2009. SECURWARE'09. Third International Conference on. IEEE, 268--273."},{"key":"e_1_3_2_1_18_1","unstructured":"Will Hamilton Zhitao Ying and Jure Leskovec. 2017. Inductive representation learning on large graphs. In Advances in Neural Information Processing Systems. 1024--1034.  Will Hamilton Zhitao Ying and Jure Leskovec. 2017. Inductive representation learning on large graphs. In Advances in Neural Information Processing Systems. 1024--1034."},{"key":"e_1_3_2_1_19_1","volume-title":"Topic-sensitive pagerank: A context-sensitive ranking algorithm for web search","author":"Haveliwala Taher H","year":"2003","unstructured":"Taher H Haveliwala . 2003. Topic-sensitive pagerank: A context-sensitive ranking algorithm for web search . IEEE transactions on knowledge and data engineering 15, 4 ( 2003 ), 784--796. Taher H Haveliwala. 2003. Topic-sensitive pagerank: A context-sensitive ranking algorithm for web search. IEEE transactions on knowledge and data engineering 15, 4 (2003), 784--796."},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/MLSP.2015.7324374"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/775047.775126"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/956750.956769"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897845.2897877"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3176258.3176329"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-23783-6_16"},{"key":"e_1_3_2_1_26_1","first-page":"37","article-title":"Web spam detection with anti-trust rank","volume":"6","author":"Krishnan Vijay","year":"2006","unstructured":"Vijay Krishnan and Rashmi Raj . 2006 . Web spam detection with anti-trust rank . In AIRWeb , Vol. 6. 37 -- 40 . Vijay Krishnan and Rashmi Raj. 2006. Web spam detection with anti-trust rank. In AIRWeb, Vol. 6. 37--40.","journal-title":"AIRWeb"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_1"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1557019.1557153"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1553374.1553462"},{"key":"e_1_3_2_1_30_1","volume-title":"Monitoring a fast flux botnet using recursive and passive DNS: A case study. In eCrime Researchers Summit (eCRS)","author":"Mahjoub Dhia","year":"2013","unstructured":"Dhia Mahjoub . 2013. Monitoring a fast flux botnet using recursive and passive DNS: A case study. In eCrime Researchers Summit (eCRS) , 2013 . IEEE , 1--9. Dhia Mahjoub. 2013. Monitoring a fast flux botnet using recursive and passive DNS: A case study. In eCrime Researchers Summit (eCRS), 2013. IEEE, 1--9."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1807167.1807184"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666652.2666659"},{"key":"e_1_3_2_1_33_1","volume-title":"USENIX Security Symposium. USENIX. 1--16","author":"Panayiotis Mavrommatis Niels Provos","year":"2008","unstructured":"Niels Provos Panayiotis Mavrommatis and Moheeb Abu Rajab Fabian Monrose . 2008 . All your iframes point to us . In USENIX Security Symposium. USENIX. 1--16 . Niels Provos Panayiotis Mavrommatis and Moheeb Abu Rajab Fabian Monrose. 2008. All your iframes point to us. In USENIX Security Symposium. USENIX. 1--16."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20810-7_20"},{"key":"e_1_3_2_1_35_1","volume-title":"International Conference on Security and Privacy in Communication Systems. Springer, 88--107","author":"Najafi Pejman","year":"2017","unstructured":"Pejman Najafi , Andrey Sapegin , Feng Cheng , and Christoph Meinel . 2017 . Guilt-by-Association: Detecting Malicious Entities via Graph Mining . In International Conference on Security and Privacy in Communication Systems. Springer, 88--107 . Pejman Najafi, Andrey Sapegin, Feng Cheng, and Christoph Meinel. 2017. Guilt-by-Association: Detecting Malicious Entities via Graph Mining. In International Conference on Security and Privacy in Communication Systems. Springer, 88--107."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.14"},{"key":"e_1_3_2_1_38_1","volume-title":"Probabilistic reasoning in intelligent systems: networks of plausible inference","author":"Pearl Judea","unstructured":"Judea Pearl . 2014. Probabilistic reasoning in intelligent systems: networks of plausible inference . Elsevier . Judea Pearl. 2014. Probabilistic reasoning in intelligent systems: networks of plausible inference. Elsevier."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.241"},{"key":"e_1_3_2_1_40_1","volume-title":"Fox-IT","author":"Ronald Prins J","year":"2011","unstructured":"J Ronald Prins and Business Unit Cybercrime . 2011 . DigiNotar Certificate Authority breach 'Operation Black Tulip '. Fox-IT , November (2011). https:\/\/www.rijksoverheid.nl\/ministeries\/ministerie-van-binnenlandse-zaken-en-koninkrijksrelaties\/documenten\/rapporten\/2011\/09\/05\/diginotar-public-report-version-1 J Ronald Prins and Business Unit Cybercrime. 2011. DigiNotar Certificate Authority breach 'Operation Black Tulip'. Fox-IT, November (2011). https:\/\/www.rijksoverheid.nl\/ministeries\/ministerie-van-binnenlandse-zaken-en-koninkrijksrelaties\/documenten\/rapporten\/2011\/09\/05\/diginotar-public-report-version-1"},{"key":"e_1_3_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2015.35"},{"key":"e_1_3_2_1_42_1","volume-title":"Maliciousness in top-ranked alexa domains. Online]. https:\/\/www.barracudanetworks.com\/blogs\/labsblog","author":"Royal Paul","year":"2012","unstructured":"Paul Royal . 2012. Maliciousness in top-ranked alexa domains. Online]. https:\/\/www.barracudanetworks.com\/blogs\/labsblog ( 2012 ). Paul Royal. 2012. Maliciousness in top-ranked alexa domains. Online]. https:\/\/www.barracudanetworks.com\/blogs\/labsblog (2012)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052587"},{"key":"e_1_3_2_1_44_1","first-page":"1","article-title":"Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods","volume":"8","author":"Stinson Elizabeth","year":"2008","unstructured":"Elizabeth Stinson and John C Mitchell . 2008 . Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods . WOOT 8 (2008), 1 -- 9 . Elizabeth Stinson and John C Mitchell. 2008. Towards Systematic Evaluation of the Evadability of Bot\/Botnet Detection Methods. WOOT 8 (2008), 1--9.","journal-title":"WOOT"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.2200\/S00590ED1V01Y201408AIM029"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623342"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/DNSR.2004.1344743"},{"key":"e_1_3_2_1_48_1","volume-title":"Understanding belief propagation and its generalizations. Exploring artificial intelligence in the new millennium 8","author":"Yedidia Jonathan S","year":"2003","unstructured":"Jonathan S Yedidia , William T Freeman , and Yair Weiss . 2003. Understanding belief propagation and its generalizations. Exploring artificial intelligence in the new millennium 8 ( 2003 ), 236--239. Jonathan S Yedidia, William T Freeman, and Yair Weiss. 2003. Understanding belief propagation and its generalizations. Exploring artificial intelligence in the new millennium 8 (2003), 236--239."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/1242572.1242659"},{"key":"e_1_3_2_1_50_1","first-page":"102687","article-title":"Detecting malware based on DNS graph mining","volume":"11","author":"Zou Futai","year":"2015","unstructured":"Futai Zou , Siyu Zhang , Weixiong Rao , and Ping Yi . 2015 . Detecting malware based on DNS graph mining . International Journal of Distributed Sensor Networks 11 , 10 (2015), 102687 . Futai Zou, Siyu Zhang, Weixiong Rao, and Ping Yi. 2015. Detecting malware based on DNS graph mining. International Journal of Distributed Sensor Networks 11, 10 (2015), 102687.","journal-title":"International Journal of Distributed Sensor Networks"}],"event":{"name":"ACSAC '19: 2019 Annual Computer Security Applications Conference","location":"San Juan Puerto Rico USA","acronym":"ACSAC '19"},"container-title":["Proceedings of the 35th Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359791","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3359789.3359791","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T23:23:06Z","timestamp":1750202586000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3359789.3359791"}},"subtitle":["a measure of maliciousness in SIEM-based knowledge graphs"],"short-title":[],"issued":{"date-parts":[[2019,12,9]]},"references-count":48,"alternative-id":["10.1145\/3359789.3359791","10.1145\/3359789"],"URL":"https:\/\/doi.org\/10.1145\/3359789.3359791","relation":{},"subject":[],"published":{"date-parts":[[2019,12,9]]},"assertion":[{"value":"2019-12-09","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}