{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T17:11:46Z","timestamp":1768410706744,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":21,"publisher":"ACM","license":[{"start":{"date-parts":[[2020,12,7]],"date-time":"2020-12-07T00:00:00Z","timestamp":1607299200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2020,12,7]]},"DOI":"10.1145\/3427228.3427273","type":"proceedings-article","created":{"date-parts":[[2020,12,9]],"date-time":"2020-12-09T22:20:18Z","timestamp":1607552418000},"page":"17-27","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Spotlight: Malware Lead Generation at Scale"],"prefix":"10.1145","author":[{"given":"Fabian","family":"Kaczmarczyck","sequence":"first","affiliation":[{"name":"Google"}]},{"given":"Bernhard","family":"Grill","sequence":"additional","affiliation":[{"name":"Google"}]},{"given":"Luca","family":"Invernizzi","sequence":"additional","affiliation":[{"name":"Google, United States of America"}]},{"given":"Jennifer","family":"Pullman","sequence":"additional","affiliation":[{"name":"Google"}]},{"given":"Cecilia M.","family":"Procopiuc","sequence":"additional","affiliation":[{"name":"Google"}]},{"given":"David","family":"Tao","sequence":"additional","affiliation":[{"name":"Google"}]},{"given":"Borbala","family":"Benko","sequence":"additional","affiliation":[{"name":"Google, Switzerland"}]},{"given":"Elie","family":"Bursztein","sequence":"additional","affiliation":[{"name":"Google"}]}],"member":"320","published-online":{"date-parts":[[2020,12,8]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"12th USENIX Symposium on Operating Systems Design and Implementation (OSDI 16)","author":"Abadi Martin","year":"2016"},{"key":"e_1_3_2_1_2_1","unstructured":"Av-Test. [n.d.]. Malware Statistics and Trends. https:\/\/www.av-test.org\/en\/statistics\/malware.  Av-Test. [n.d.]. Malware Statistics and Trends. https:\/\/www.av-test.org\/en\/statistics\/malware."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74320-0_10"},{"key":"e_1_3_2_1_4_1","unstructured":"Ulrich Bayer Paolo\u00a0Milani Comparetti Clemens Hlauschek Christopher Kruegel and Engin Kirda. 2009. Scalable behavior-based malware clustering.. In NDSS.  Ulrich Bayer Paolo\u00a0Milani Comparetti Clemens Hlauschek Christopher Kruegel and Engin Kirda. 2009. Scalable behavior-based malware clustering.. In NDSS."},{"key":"e_1_3_2_1_5_1","unstructured":"VMWare\u00a0Carbon Black. [n.d.]. Threat Hunting. https:\/\/www.carbonblack.com\/products\/solutions\/use-case\/threat-hunting\/.  VMWare\u00a0Carbon Black. [n.d.]. Threat Hunting. https:\/\/www.carbonblack.com\/products\/solutions\/use-case\/threat-hunting\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Crowdstrike. [n.d.]. Threat Hunting. https:\/\/www.crowdstrike.com\/epp-101\/threat-hunting\/.  Crowdstrike. [n.d.]. Threat Hunting. https:\/\/www.crowdstrike.com\/epp-101\/threat-hunting\/."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP.2013.6638293"},{"key":"e_1_3_2_1_8_1","unstructured":"Chuvakin DarkReading Anton. [n.d.]. Threat Hunting Is Not for Everyone. https:\/\/www.darkreading.com\/threat-intelligence\/threat-hunting-is-not-for-everyone\/a\/d-id\/1336877.  Chuvakin DarkReading Anton. [n.d.]. Threat Hunting Is Not for Everyone. https:\/\/www.darkreading.com\/threat-intelligence\/threat-hunting-is-not-for-everyone\/a\/d-id\/1336877."},{"key":"e_1_3_2_1_9_1","unstructured":"SANS\u00a0Institute David\u00a0Szili. [n.d.]. Building and Maturing Your Threat Hunting Program. https:\/\/www.sans.org\/media\/analyst-program\/building-maturing-threat-hunting-program-39025.pdf.  SANS\u00a0Institute David\u00a0Szili. [n.d.]. Building and Maturing Your Threat Hunting Program. https:\/\/www.sans.org\/media\/analyst-program\/building-maturing-threat-hunting-program-39025.pdf."},{"key":"e_1_3_2_1_10_1","volume-title":"24th {USENIX} Security Symposium ({USENIX} Security 15).","author":"Graziano Mariano"},{"key":"e_1_3_2_1_11_1","unstructured":"Chuvakin HelpNet\u00a0Security Anton. [n.d.]. What hinders successful threat hunting?https:\/\/www.helpnetsecurity.com\/2020\/05\/26\/successful-threat-hunting\/.  Chuvakin HelpNet\u00a0Security Anton. [n.d.]. What hinders successful threat hunting?https:\/\/www.helpnetsecurity.com\/2020\/05\/26\/successful-threat-hunting\/."},{"key":"e_1_3_2_1_12_1","volume-title":"USENIX Annual Technical Conference (USENIX).","author":"Hu Xin","year":"2013"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"crossref","unstructured":"Wenyi Huang and Jack\u00a0W. Stokes. 2016. MtNet: A Multi-Task Neural Network for Dynamic Malware Classification. In Detection of Intrusions and Malware and Vulnerability Assessment.  Wenyi Huang and Jack\u00a0W. Stokes. 2016. MtNet: A Multi-Task Neural Network for Dynamic Malware Classification. In Detection of Intrusions and Malware and Vulnerability Assessment.","DOI":"10.1007\/978-3-319-40667-1_20"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-25560-1_10"},{"key":"e_1_3_2_1_15_1","unstructured":"Benjamin Moseley and Joshua Wang. 2017. Approximation Bounds for Hierarchical Clustering: Average Linkage Bisecting K-means and Local Search. In Advances in Neural Information Processing Systems.  Benjamin Moseley and Joshua Wang. 2017. Approximation Bounds for Hierarchical Clustering: Average Linkage Bisecting K-means and Local Search. In Advances in Neural Information Processing Systems."},{"key":"e_1_3_2_1_16_1","unstructured":"Daniel M\u00fcllner. 2011. Modern hierarchical agglomerative clustering algorithms. In arXiv preprint.  Daniel M\u00fcllner. 2011. Modern hierarchical agglomerative clustering algorithms. In arXiv preprint."},{"key":"e_1_3_2_1_17_1","unstructured":"Daniel Plohmann and Steffen Enders. [n.d.]. Malpedia. https:\/\/malpedia.caad.fkie.fraunhofer.de\/.  Daniel Plohmann and Steffen Enders. [n.d.]. Malpedia. https:\/\/malpedia.caad.fkie.fraunhofer.de\/."},{"key":"e_1_3_2_1_18_1","unstructured":"Andrew Rosenberg and Julia Hirschberg. 2007. V-Measure: A Conditional Entropy-Based External Cluster Evaluation Measure. In In Proceedings of the 2007 Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning (EMNLP-CoNLL).  Andrew Rosenberg and Julia Hirschberg. 2007. V-Measure: A Conditional Entropy-Based External Cluster Evaluation Measure. In In Proceedings of the 2007 Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning (EMNLP-CoNLL)."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSAA.2016.26"},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"crossref","unstructured":"Yunan Zhang Chenghao Rong Qingjia Huang Yang Wu Zeming Yang and Jianguo Jiang. 2017. Based on multi-features and clustering ensemble method for automatic malware categorization. In 2017 IEEE Trustcom\/BigDataSE\/ICESS.  Yunan Zhang Chenghao Rong Qingjia Huang Yang Wu Zeming Yang and Jianguo Jiang. 2017. Based on multi-features and clustering ensemble method for automatic malware categorization. In 2017 IEEE Trustcom\/BigDataSE\/ICESS.","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.222"}],"event":{"name":"ACSAC '20: Annual Computer Security Applications Conference","location":"Austin USA","acronym":"ACSAC '20"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427273","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3427228.3427273","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T22:02:24Z","timestamp":1750197744000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3427228.3427273"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,12,7]]},"references-count":21,"alternative-id":["10.1145\/3427228.3427273","10.1145\/3427228"],"URL":"https:\/\/doi.org\/10.1145\/3427228.3427273","relation":{},"subject":[],"published":{"date-parts":[[2020,12,7]]},"assertion":[{"value":"2020-12-08","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}