{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,23]],"date-time":"2025-12-23T00:29:38Z","timestamp":1766449778231,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":40,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3437520","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"916-930","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Analysis and Takeover of the Bitcoin-Coordinated Pony Malware"],"prefix":"10.1145","author":[{"given":"Tsuyoshi","family":"Taniguchi","sequence":"first","affiliation":[{"name":"Fujitsu System Integration Laboratories LTD., Tokyo, Japan"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Harm","family":"Griffioen","sequence":"additional","affiliation":[{"name":"University of Potsdam, Potsdam, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian","family":"Doerr","sequence":"additional","affiliation":[{"name":"University of Potsdam, Potsdam, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"2006. McAfee \"W32\/sality.m\". Malware description by McAfee.  2006. McAfee \"W32\/sality.m\". Malware description by McAfee."},{"key":"e_1_3_2_2_2_1","volume-title":"Popularity-Based Detection of Domain Generation Algorithms. In 2nd International Workshop on Malware Analysis.","author":"Abbink Jasper","year":"2017","unstructured":"Jasper Abbink and Christian Doerr . 2017 . Popularity-Based Detection of Domain Generation Algorithms. In 2nd International Workshop on Malware Analysis. Jasper Abbink and Christian Doerr. 2017. Popularity-Based Detection of Domain Generation Algorithms. In 2nd International Workshop on Malware Analysis."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-48051-9_3"},{"key":"e_1_3_2_2_4_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-017-0379-8"},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_4"},{"volume-title":"Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 491--506.","author":"Antonakakis Manos","key":"e_1_3_2_2_6_1","unstructured":"Manos Antonakakis , Roberto Perdisci , Yacin Nadji , Nikolaos Vasiloglou , Saeed Abu-Nimeh , Wenke Lee , and David Dagon . 2012. From throw-away traffic to bots: detecting the rise of DGA-based malware . In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 491--506. Manos Antonakakis, Roberto Perdisci, Yacin Nadji, Nikolaos Vasiloglou, Saeed Abu-Nimeh, Wenke Lee, and David Dagon. 2012. From throw-away traffic to bots: detecting the rise of DGA-based malware. In Presented as part of the 21st USENIX Security Symposium (USENIX Security 12). 491--506."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2009.56"},{"key":"e_1_3_2_2_8_1","volume-title":"Whispering Botnet Command and Control Instructions. In 2019 Crypto Valley Conference on Blockchain Technology (CVCBT). IEEE, 77--81","author":"Baden Mathis","year":"2019","unstructured":"Mathis Baden , Christof Ferreira Torres , Beltran Borja Fiz Pontiveros , and Radu State . 2019 . Whispering Botnet Command and Control Instructions. In 2019 Crypto Valley Conference on Blockchain Technology (CVCBT). IEEE, 77--81 . Mathis Baden, Christof Ferreira Torres, Beltran Borja Fiz Pontiveros, and Radu State. 2019. Whispering Botnet Command and Control Instructions. In 2019 Crypto Valley Conference on Blockchain Technology (CVCBT). IEEE, 77--81."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/CCST.2017.8167790"},{"key":"e_1_3_2_2_10_1","unstructured":"Blueliv. 2018. The Credential Theft Ecosystem. https:\/\/www.blueliv.com\/the-credential-theft-ecosystem\/  Blueliv. 2018. The Credential Theft Ecosystem. https:\/\/www.blueliv.com\/the-credential-theft-ecosystem\/"},{"key":"e_1_3_2_2_11_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-8348-9283-6_17"},{"key":"e_1_3_2_2_12_1","unstructured":"Kobi Eisenkraft and Arie Olshtein. 2019. Pony's C&C servers hidden inside the Bitcoin blockchain. Technical Report. Check Point. https:\/\/research.checkpoint.com\/2019\/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain\/  Kobi Eisenkraft and Arie Olshtein. 2019. Pony's C&C servers hidden inside the Bitcoin blockchain. Technical Report. Check Point. https:\/\/research.checkpoint.com\/2019\/ponys-cc-servers-hidden-inside-the-bitcoin-blockchain\/"},{"key":"e_1_3_2_2_13_1","unstructured":"Europol. 2018. Five Arrested for Spreading Ransomware Throughout Europe and US. https:\/\/www.europol.europa.eu\/newsroom\/news\/five-arrested-for-spreading-ransomware-throughout-europe-and-us  Europol. 2018. Five Arrested for Spreading Ransomware Throughout Europe and US. https:\/\/www.europol.europa.eu\/newsroom\/news\/five-arrested-for-spreading-ransomware-throughout-europe-and-us"},{"key":"e_1_3_2_2_14_1","volume-title":"Chainchannels: Private botnet communication over public blockchains. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications","author":"Frkat Davor","year":"2018","unstructured":"Davor Frkat , Robert Annessi , and Tanja Zseby . 2018 . Chainchannels: Private botnet communication over public blockchains. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE. Davor Frkat, Robert Annessi, and Tanja Zseby. 2018. Chainchannels: Private botnet communication over public blockchains. In 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData). IEEE."},{"key":"e_1_3_2_2_15_1","volume-title":"Landman","author":"Gordon William J.","year":"2019","unstructured":"William J. Gordon , Adam Wright , Ranjit Aiyagari , Leslie Corbo , Robert J. Glynn , Jigar Kadakia , Jack Kufahl , Christina Mazzone , James Noga , Mark Parkulo , Brad Sanford , Paul Scheib , and Adam B . Landman . 2019 . Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions. JAMA Network Open , Vol. 2 , 3 (03 2019). https:\/\/doi.org\/10.1001\/jamanetworkopen.2019.0393 William J. Gordon, Adam Wright, Ranjit Aiyagari, Leslie Corbo, Robert J. Glynn, Jigar Kadakia, Jack Kufahl, Christina Mazzone, James Noga, Mark Parkulo, Brad Sanford, Paul Scheib, and Adam B. Landman. 2019. Assessment of Employee Susceptibility to Phishing Attacks at US Health Care Institutions. JAMA Network Open, Vol. 2, 3 (03 2019). https:\/\/doi.org\/10.1001\/jamanetworkopen.2019.0393"},{"key":"e_1_3_2_2_16_1","volume-title":"Quality Evaluation of Cyber Threat Intelligence Feeds. In International Conference on Applied Cryptography and Network Security (ACNS).","author":"Griffioen Harm","year":"2020","unstructured":"Harm Griffioen , Tim M. Booij , and Christian Doerr . 2020 . Quality Evaluation of Cyber Threat Intelligence Feeds. In International Conference on Applied Cryptography and Network Security (ACNS). Harm Griffioen, Tim M. Booij, and Christian Doerr. 2020. Quality Evaluation of Cyber Threat Intelligence Feeds. In International Conference on Applied Cryptography and Network Security (ACNS)."},{"key":"e_1_3_2_2_17_1","volume-title":"Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)","author":"Gu Guofei","year":"2008","unstructured":"Guofei Gu , Junjie Zhang , and Wenke Lee . 2008 . BotSniffer: Detecting botnet command and control channels in network traffic . In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08) . Guofei Gu, Junjie Zhang, and Wenke Lee. 2008. BotSniffer: Detecting botnet command and control channels in network traffic. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS'08)."},{"key":"e_1_3_2_2_18_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_30"},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2017.59"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2016.7487938"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3155133.3155166"},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504747"},{"key":"e_1_3_2_2_23_1","volume-title":"Bitcoin: A peer-to-peer electronic cash system. Technical Report. Manubot.","author":"Nakamoto Satoshi","year":"2008","unstructured":"Satoshi Nakamoto . 2008 . Bitcoin: A peer-to-peer electronic cash system. Technical Report. Manubot. Satoshi Nakamoto. 2008. Bitcoin: A peer-to-peer electronic cash system. Technical Report. Manubot."},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"crossref","unstructured":"Kris Oosthoek and Christian Doerr. 2020. From Hodl to Heist: Analysis of Cyber Security Threats to Bitcoin Exchanges. (2020).  Kris Oosthoek and Christian Doerr. 2020. From Hodl to Heist: Analysis of Cyber Security Threats to Bitcoin Exchanges. (2020).","DOI":"10.1109\/ICBC48266.2020.9169412"},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyz003"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2018.8433199"},{"key":"e_1_3_2_2_27_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Plohmann Daniel","year":"2016","unstructured":"Daniel Plohmann , Khaled Yakdan , Michael Klatt , Johannes Bader , and Elmar Gerhards-Padilla . 2016 . A comprehensive measurement study of domain generating malware . In 25th USENIX Security Symposium (USENIX Security 16) . Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, and Elmar Gerhards-Padilla. 2016. A comprehensive measurement study of domain generating malware. In 25th USENIX Security Symposium (USENIX Security 16)."},{"volume-title":"Security and privacy in social networks","author":"Reid Fergal","key":"e_1_3_2_2_28_1","unstructured":"Fergal Reid and Martin Harrigan . 2013. An analysis of anonymity in the bitcoin system . In Security and privacy in social networks . Springer , 197--223. Fergal Reid and Martin Harrigan. 2013. An analysis of anonymity in the bitcoin system. In Security and privacy in social networks. Springer, 197--223."},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_2"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2012.07.021"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_29"},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_3_2_2_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-29551-6_41"},{"key":"e_1_3_2_2_34_1","volume-title":"Hai Anh Tran, and Linh Giang Nguyen","author":"Tran Duc","year":"2018","unstructured":"Duc Tran , Hieu Mac , Van Tong , Hai Anh Tran, and Linh Giang Nguyen . 2018 . A LSTM based framework for handling multiclass imbalance in DGA botnet detection. Neurocomputing , Vol. 275 (2018). Duc Tran, Hieu Mac, Van Tong, Hai Anh Tran, and Linh Giang Nguyen. 2018. A LSTM based framework for handling multiclass imbalance in DGA botnet detection. Neurocomputing, Vol. 275 (2018)."},{"volume-title":"Deep Learning Applications for Cyber Security","author":"Vinayakumar R","key":"e_1_3_2_2_35_1","unstructured":"R Vinayakumar , KP Soman , Prabaharan Poornachandran , Mamoun Alazab , and Alireza Jolfaei . 2019. DBD: deep learning DGA-based botnet detection . In Deep Learning Applications for Cyber Security . Springer , 127--149. R Vinayakumar, KP Soman, Prabaharan Poornachandran, Mamoun Alazab, and Alireza Jolfaei. 2019. DBD: deep learning DGA-based botnet detection. In Deep Learning Applications for Cyber Security. Springer, 127--149."},{"key":"e_1_3_2_2_36_1","unstructured":"Andrey Yakovlev. 2019. The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime. https:\/\/intsights.com\/resources\/how-new-internet-laws-and-nationalism-fuel-russian-cybercrime  Andrey Yakovlev. 2019. The Dark Side of Russia: How New Internet Laws and Nationalism Fuel Russian Cybercrime. https:\/\/intsights.com\/resources\/how-new-internet-laws-and-nationalism-fuel-russian-cybercrime"},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00009-7_43"},{"key":"e_1_3_2_2_38_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Yousaf Haaroon","year":"2019","unstructured":"Haaroon Yousaf , George Kappos , and Sarah Meiklejohn . 2019 . Tracing transactions across cryptocurrency ledgers . In 28th USENIX Security Symposium (USENIX Security 19) . 837--850. Haaroon Yousaf, George Kappos, and Sarah Meiklejohn. 2019. Tracing transactions across cryptocurrency ledgers. In 28th USENIX Security Symposium (USENIX Security 19). 837--850."},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDMW.2017.96"},{"key":"e_1_3_2_2_40_1","article-title":"DGA-Based Botnet Detection Using DNS Traffic","volume":"3","author":"Zhou Yonglin","year":"2013","unstructured":"Yonglin Zhou , Qing-shan Li, Qidi Miao , and Kangbin Yim . 2013 . DGA-Based Botnet Detection Using DNS Traffic . J. Internet Serv. Inf. Secur. , Vol. 3 , 3\/4 (2013). Yonglin Zhou, Qing-shan Li, Qidi Miao, and Kangbin Yim. 2013. DGA-Based Botnet Detection Using DNS Traffic. J. Internet Serv. Inf. Secur., Vol. 3, 3\/4 (2013).","journal-title":"J. Internet Serv. Inf. Secur."}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21"},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3437520","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3437520","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:11Z","timestamp":1750193291000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3437520"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":40,"alternative-id":["10.1145\/3433210.3437520","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3437520","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}