{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,14]],"date-time":"2026-01-14T18:16:45Z","timestamp":1768414605421,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":59,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,5,24]],"date-time":"2021-05-24T00:00:00Z","timestamp":1621814400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Ministero dell'istruzione dell'universite della ricerca","award":["Dipartimenti di eccellenza 2018-2022"],"award-info":[{"award-number":["Dipartimenti di eccellenza 2018-2022"]}]},{"name":"European Union","award":["Horizon 2020 research and innovation programme No. 101000427"],"award-info":[{"award-number":["Horizon 2020 research and innovation programme No. 101000427"]}]},{"name":"Technology Innovation Institute","award":["PALM"],"award-info":[{"award-number":["PALM"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,5,24]]},"DOI":"10.1145\/3433210.3453101","type":"proceedings-article","created":{"date-parts":[[2021,6,4]],"date-time":"2021-06-04T15:26:39Z","timestamp":1622820399000},"page":"774-786","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":28,"title":["MalPhase: Fine-Grained Malware Detection Using Network Flow Data"],"prefix":"10.1145","author":[{"given":"Michal","family":"Piskozub","sequence":"first","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"given":"Fabio","family":"De Gaspari","sequence":"additional","affiliation":[{"name":"Sapienza University of Rome, Rome, Italy"}]},{"given":"Freddie","family":"Barr-Smith","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]},{"given":"Luigi","family":"Mancini","sequence":"additional","affiliation":[{"name":"Sapienza University of Rome, Rome, Italy"}]},{"given":"Ivan","family":"Martinovic","sequence":"additional","affiliation":[{"name":"University of Oxford, Oxford, United Kingdom"}]}],"member":"320","published-online":{"date-parts":[[2021,6,4]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"\"ClamAV \" https:\/\/www.clamav.net\/downloads.  \"ClamAV \" https:\/\/www.clamav.net\/downloads."},{"key":"e_1_3_2_1_2_1","unstructured":"\"GT Malware Netflow Daily Feed 2018 \" https:\/\/www.impactcybertrust.org\/dataset_view?idDataset=1143.  \"GT Malware Netflow Daily Feed 2018 \" https:\/\/www.impactcybertrust.org\/dataset_view?idDataset=1143."},{"key":"e_1_3_2_1_3_1","unstructured":"\"MalShare \" https:\/\/malshare.com\/.  \"MalShare \" https:\/\/malshare.com\/."},{"key":"e_1_3_2_1_4_1","unstructured":"\"Malware Capture Facility Project \" https:\/\/www.stratosphereips.org\/datasets-normal.  \"Malware Capture Facility Project \" https:\/\/www.stratosphereips.org\/datasets-normal."},{"key":"e_1_3_2_1_5_1","unstructured":"\"The ZeuS ZBOT and Kneber Connection \" https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/web-attack\/16\/the-zeus-zbot-and-kneber-connection.  \"The ZeuS ZBOT and Kneber Connection \" https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/web-attack\/16\/the-zeus-zbot-and-kneber-connection."},{"key":"e_1_3_2_1_6_1","unstructured":"\"VirusShare \" https:\/\/virusshare.com\/hashes.4n6.  \"VirusShare \" https:\/\/virusshare.com\/hashes.4n6."},{"key":"e_1_3_2_1_7_1","unstructured":"\"VirusTotal - Ulise Zusy \" https:\/\/www.virustotal.com\/gui\/file\/7891c60f 2e6fec81733f3e7a5baca9d3cd894662ed6f977c2577895bc552f10a\/detec tion.  \"VirusTotal - Ulise Zusy \" https:\/\/www.virustotal.com\/gui\/file\/7891c60f 2e6fec81733f3e7a5baca9d3cd894662ed6f977c2577895bc552f10a\/detec tion."},{"key":"e_1_3_2_1_8_1","unstructured":"\"VX Underground \" https:\/\/vx-underground.org\/samples.html.  \"VX Underground \" https:\/\/vx-underground.org\/samples.html."},{"key":"e_1_3_2_1_9_1","unstructured":"\"What Is the Difference: Viruses Worms Trojans and Bots?\" https:\/\/tools.cisco.com\/security\/center\/resources\/virus_differences#2.  \"What Is the Difference: Viruses Worms Trojans and Bots?\" https:\/\/tools.cisco.com\/security\/center\/resources\/virus_differences#2."},{"key":"e_1_3_2_1_10_1","unstructured":"\"What is Trojan:Win32\/Ulise!MSR infection?\" https:\/\/howtofix.guide\/trojanwin32-ulisemsr\/.  \"What is Trojan:Win32\/Ulise!MSR infection?\" https:\/\/howtofix.guide\/trojanwin32-ulisemsr\/."},{"key":"e_1_3_2_1_11_1","unstructured":"\"Yet Another Flowmeter \" https:\/\/tools.netsa.cert.org\/yaf\/.  \"Yet Another Flowmeter \" https:\/\/tools.netsa.cert.org\/yaf\/."},{"key":"e_1_3_2_1_12_1","unstructured":"\"ZBOT-UPATRE Far From Game Over Uses Random Headers \" https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/zbot-upatre-far-from-game-over-uses-random-headers\/.  \"ZBOT-UPATRE Far From Game Over Uses Random Headers \" https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/zbot-upatre-far-from-game-over-uses-random-headers\/."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11416-011-0156-6"},{"key":"e_1_3_2_1_14_1","volume-title":"BOTection: Bot Detection by Building Markov Chain Models of Bots Network Behavior,\" AsiaCCS 2019 - Proceedings of the 2019 ACM AsiaCCS","author":"Alahmadi B.","year":"2020","unstructured":"B. Alahmadi , E. Mariconti , R. Spolaor , G. Stringhini , and I. Martinovic , \" BOTection: Bot Detection by Building Markov Chain Models of Bots Network Behavior,\" AsiaCCS 2019 - Proceedings of the 2019 ACM AsiaCCS , 2020 . B. Alahmadi, E. Mariconti, R. Spolaor, G. Stringhini, and I. Martinovic, \"BOTection: Bot Detection by Building Markov Chain Models of Bots Network Behavior,\" AsiaCCS 2019 - Proceedings of the 2019 ACM AsiaCCS, 2020."},{"key":"e_1_3_2_1_15_1","first-page":"1","volume-title":"MalClassifier: Malware family classification using network flow sequence behaviour,\" eCrime Researchers Summit, eCrime","author":"Alahmadi B. A.","year":"2018","unstructured":"B. A. Alahmadi and I. Martinovic , \" MalClassifier: Malware family classification using network flow sequence behaviour,\" eCrime Researchers Summit, eCrime , vol. 2018-May, no. 1 , pp. 1 -- 13 , 2018 . B. A. Alahmadi and I. Martinovic, \"MalClassifier: Malware family classification using network flow sequence behaviour,\" eCrime Researchers Summit, eCrime, vol. 2018-May, no. 1, pp. 1--13, 2018."},{"key":"e_1_3_2_1_16_1","volume-title":"Ember: An open dataset for training static pe malware machine learning models","author":"Anderson H. S.","year":"2018","unstructured":"H. S. Anderson and P. Roth , \" Ember: An open dataset for training static pe malware machine learning models ,\" 2018 . H. S. Anderson and P. Roth, \"Ember: An open dataset for training static pe malware machine learning models,\" 2018."},{"key":"e_1_3_2_1_17_1","first-page":"807","article-title":"Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants","author":"Bartos K.","year":"2016","unstructured":"K. Bartos , M. Sofka , C. Systems , V. Franc , K. Bartos , and M. Sofka , \" Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants ,\" USENIX Security Symposium , pp. 807 -- 822 , 2016 . K. Bartos, M. Sofka, C. Systems, V. Franc, K. Bartos, and M. Sofka, \"Optimized Invariant Representation of Network Traffic for Detecting Unseen Malware Variants,\" USENIX Security Symposium, pp. 807--822, 2016.","journal-title":"USENIX Security Symposium"},{"key":"e_1_3_2_1_18_1","first-page":"129","article-title":"Disclosure: Detecting botnet command and control servers through large-scale NetFlow analysis","author":"Bilge L.","year":"2012","unstructured":"L. Bilge , D. Balzarotti , W. Robertson , E. Kirda , and C. Kruegel , \" Disclosure: Detecting botnet command and control servers through large-scale NetFlow analysis ,\" ACM International Conference Proceeding Series , pp. 129 -- 138 , 2012 . L. Bilge, D. Balzarotti, W. Robertson, E. Kirda, and C. Kruegel, \"Disclosure: Detecting botnet command and control servers through large-scale NetFlow analysis,\" ACM International Conference Proceeding Series, pp. 129--138, 2012.","journal-title":"ACM International Conference Proceeding Series"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMST.2015.2494502"},{"key":"e_1_3_2_1_20_1","volume-title":"Secrets and lies: digital security in a networked world [Books]","author":"Cherry S.","year":"2005","unstructured":"S. Cherry , Secrets and lies: digital security in a networked world [Books] , 1 st ed.John Wiley & Sons, Inc. , 2005 , vol. 37 , no. 10. S. Cherry, Secrets and lies: digital security in a networked world [Books], 1st ed.John Wiley & Sons, Inc., 2005, vol. 37, no. 10.","edition":"1"},{"key":"e_1_3_2_1_21_1","first-page":"336","volume-title":"Shieldfs: a self-healing, ransomware-aware filesystem,\" in Proceedings of the 32nd Annual Conference on Computer Security Applications","author":"Continella A.","year":"2016","unstructured":"A. Continella , A. Guagnelli , G. Zingaro , G. De Pasquale , A. Barenghi , S. Zanero , and F. Maggi , \" Shieldfs: a self-healing, ransomware-aware filesystem,\" in Proceedings of the 32nd Annual Conference on Computer Security Applications , 2016 , pp. 336 -- 347 . A. Continella, A. Guagnelli, G. Zingaro, G. De Pasquale, A. Barenghi, S. Zanero, and F. Maggi, \"Shieldfs: a self-healing, ransomware-aware filesystem,\" in Proceedings of the 32nd Annual Conference on Computer Security Applications, 2016, pp. 336--347."},{"key":"e_1_3_2_1_22_1","volume-title":"NSS","author":"Gaspari F. De","year":"2020","unstructured":"F. De Gaspari , D. Hitaj , G. Pagnotta , L. De Carli , and L. V. Mancini , \" Encod: Distinguishing compressed and encrypted file fragments,\" in 14th International Conference on Network and System Security, ser . NSS , 2020 . F. De Gaspari, D. Hitaj, G. Pagnotta, L. De Carli, and L. V. Mancini, \"Encod: Distinguishing compressed and encrypted file fragments,\" in 14th International Conference on Network and System Security, ser. NSS, 2020."},{"key":"e_1_3_2_1_23_1","volume-title":"ACNS","author":"Gaspari F. De","year":"2020","unstructured":"F. De Gaspari , D. Hitaj , G. Pagnotta , L. De Carli , and L. V. Mancini : Malicious cooperation between benign-looking processes,\" in 18th International Conference on Applied Cryptography and Network Security, ser . ACNS , 2020 . ----, \"The naked sun: Malicious cooperation between benign-looking processes,\" in 18th International Conference on Applied Cryptography and Network Security, ser. ACNS, 2020."},{"key":"e_1_3_2_1_24_1","volume-title":"Malware analysis through high-level behavior,\" 11th USENIX Workshop on Cyber Security Experimentation and Test","author":"Deng X.","year":"2018","unstructured":"X. Deng and J. Mirkovic , \" Malware analysis through high-level behavior,\" 11th USENIX Workshop on Cyber Security Experimentation and Test , 2018 . X. Deng and J. Mirkovic, \"Malware analysis through high-level behavior,\" 11th USENIX Workshop on Cyber Security Experimentation and Test, 2018."},{"key":"e_1_3_2_1_25_1","first-page":"2907","volume-title":"Classifying Anomalies for Network Security,\" in ICASSP","author":"Do E. H.","year":"2020","unstructured":"E. H. Do and V. N. Gadepally , \" Classifying Anomalies for Network Security,\" in ICASSP 2020 , may 2020, pp. 2907 -- 2911 . E. H. Do and V. N. Gadepally, \"Classifying Anomalies for Network Security,\" in ICASSP 2020, may 2020, pp. 2907--2911."},{"key":"e_1_3_2_1_26_1","volume-title":"From Theory to Applications. \"Springer","author":"Filiol E.","year":"2005","unstructured":"E. Filiol , \" Computer Viruses : From Theory to Applications. \"Springer , 2005 . E. Filiol, \"Computer Viruses: From Theory to Applications. \"Springer, 2005."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.03.013"},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"crossref","unstructured":"L. Gondara \"Medical image denoising using convolutional denoising autoencoders \" in 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW).  L. Gondara \"Medical image denoising using convolutional denoising autoencoders \" in 2016 IEEE 16th International Conference on Data Mining Workshops (ICDMW).","DOI":"10.1109\/ICDMW.2016.0041"},{"issue":"10","key":"e_1_3_2_1_29_1","first-page":"2758","article-title":"Toward a Taxonomy of Malware Behaviors","volume":"58","author":"A. R. A.","year":"2014","unstructured":"A. R. A. Gr\u00e9 gio, V. M. Afonso , D. S. F. Filho , P. L. D. Geus , and M. Jino , \" Toward a Taxonomy of Malware Behaviors ,\" Computer Journal , vol. 58 , no. 10 , pp. 2758 -- 2777 , 2014 . A. R. A. Gr\u00e9 gio, V. M. Afonso, D. S. F. Filho, P. L. D. Geus, and M. Jino, \"Toward a Taxonomy of Malware Behaviors,\" Computer Journal, vol. 58, no. 10, pp. 2758--2777, 2014.","journal-title":"Computer Journal"},{"key":"e_1_3_2_1_30_1","first-page":"139","article-title":"BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection","author":"Gu G.","year":"2008","unstructured":"G. Gu , R. Perdisci , J. Zhang , and W. Lee , \" BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection ,\" Proceedings of the 17th USENIX Security Symposium , pp. 139 -- 154 , 2008 . G. Gu, R. Perdisci, J. Zhang, and W. Lee, \"BotMiner: Clustering analysis of network traffic for protocol- and structure-independent botnet detection,\" Proceedings of the 17th USENIX Security Symposium, pp. 139--154, 2008.","journal-title":"Proceedings of the 17th USENIX Security Symposium"},{"key":"e_1_3_2_1_31_1","first-page":"167","article-title":"BotHunter: Detecting malware infection through IDS-driven dialog correlation","author":"Gu G.","year":"2007","unstructured":"G. Gu , P. Porras , V. Yegneswaran , M. Fong , and W. Lee , \" BotHunter: Detecting malware infection through IDS-driven dialog correlation ,\" 16th USENIX Security Symposium , pp. 167 -- 182 , 2007 . G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, \"BotHunter: Detecting malware infection through IDS-driven dialog correlation,\" 16th USENIX Security Symposium, pp. 167--182, 2007.","journal-title":"16th USENIX Security Symposium"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-15512-3_24"},{"key":"e_1_3_2_1_33_1","volume-title":"Nazca: Detecting Malware Distribution in Large-Scale Networks","author":"Invernizzi L.","year":"2014","unstructured":"L. Invernizzi , S. Miskovic , R. Torres , S. Saha , S.-J. Lee , M. Mellia , C. Kruegel , and G. Vigna , \" Nazca: Detecting Malware Distribution in Large-Scale Networks ,\" 2014 . L. Invernizzi, S. Miskovic, R. Torres, S. Saha, S.-J. Lee, M. Mellia, C. Kruegel, and G. Vigna, \"Nazca: Detecting Malware Distribution in Large-Scale Networks,\" 2014."},{"key":"e_1_3_2_1_34_1","first-page":"29","volume-title":"SEC'11","author":"Jacob G.","year":"2011","unstructured":"G. Jacob , R. Hund , C. Kruegel , and T. Holz , \" JACKSTRAWS: Picking Command and Control Connections from Bot Traffic,\" in Proceedings of the 20th USENIX Conference on Security, ser . SEC'11 .USA: USENIX Association , 2011 , p. 29 . G. Jacob, R. Hund, C. Kruegel, and T. Holz, \"JACKSTRAWS: Picking Command and Control Connections from Bot Traffic,\" in Proceedings of the 20th USENIX Conference on Security, ser. SEC'11.USA: USENIX Association, 2011, p. 29."},{"key":"e_1_3_2_1_35_1","first-page":"162","article-title":"BotSuer: Suing stealthy P2P bots in network traffic through netflow analysis","volume":"8257","author":"Kheir N.","year":"2013","unstructured":"N. Kheir and C. Wolley , \" BotSuer: Suing stealthy P2P bots in network traffic through netflow analysis ,\" Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) , vol. 8257 LNCS, pp. 162 -- 178 , 2013 . N. Kheir and C. Wolley, \"BotSuer: Suing stealthy P2P bots in network traffic through netflow analysis,\" Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8257 LNCS, pp. 162--178, 2013.","journal-title":"Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)"},{"key":"e_1_3_2_1_36_1","first-page":"788","volume-title":"A Lustrum of Malware Network Communication: Evolution and Insights,\" in 2017 IEEE Symposium on Security and Privacy (SP), may","author":"Lever C.","year":"2017","unstructured":"C. Lever , P. Kotzias , D. Balzarotti , J. Caballero , and M. Antonakakis , \" A Lustrum of Malware Network Communication: Evolution and Insights,\" in 2017 IEEE Symposium on Security and Privacy (SP), may 2017 , pp. 788 -- 804 . C. Lever, P. Kotzias, D. Balzarotti, J. Caballero, and M. Antonakakis, \"A Lustrum of Malware Network Communication: Evolution and Insights,\" in 2017 IEEE Symposium on Security and Privacy (SP), may 2017, pp. 788--804."},{"key":"e_1_3_2_1_37_1","volume-title":"Using Entropy Analysis to Find Encrypted and Packed Malware,\" 2007 IEEE Symposium on Security and Privacy (SP)","author":"Lyda R.","unstructured":"R. Lyda and J. Hamrock , \" Using Entropy Analysis to Find Encrypted and Packed Malware,\" 2007 IEEE Symposium on Security and Privacy (SP) , vol. 5 , no. 2, pp. 40--45, mar 2007. R. Lyda and J. Hamrock, \"Using Entropy Analysis to Find Encrypted and Packed Malware,\" 2007 IEEE Symposium on Security and Privacy (SP), vol. 5, no. 2, pp. 40--45, mar 2007."},{"key":"e_1_3_2_1_38_1","volume-title":"February, 2020.","author":"Mantovani A.","unstructured":"A. Mantovani , S. Aonzo , X. Ugarte-Pedrero , A. Merlo , and D. Balzarotti , \" Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem,\" Network & Distributed System Security Symposium (NDSS), no . February, 2020. A. Mantovani, S. Aonzo, X. Ugarte-Pedrero, A. Merlo, and D. Balzarotti, \"Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem,\" Network & Distributed System Security Symposium (NDSS), no. February, 2020."},{"key":"e_1_3_2_1_39_1","first-page":"36","volume-title":"Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge,\" in 2019 IEEE Security and Privacy Workshops (SPW), may","author":"G. Mar\u00ed","year":"2019","unstructured":"G. Mar\u00ed n, P. Casas , and G. Capdehourat , \" Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge,\" in 2019 IEEE Security and Privacy Workshops (SPW), may 2019 , pp. 36 -- 42 . G. Mar\u00ed n, P. Casas, and G. Capdehourat, \"Deep in the Dark - Deep Learning-Based Malware Traffic Detection Without Expert Knowledge,\" in 2019 IEEE Security and Privacy Workshops (SPW), may 2019, pp. 36--42."},{"key":"e_1_3_2_1_40_1","first-page":"1009","article-title":"Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts","author":"Miramirkhani N.","year":"2017","unstructured":"N. Miramirkhani , M. P. Appini , N. Nikiforakis , and M. Polychronakis , \" Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts ,\" Proceedings - IEEE Symposium on Security and Privacy , pp. 1009 -- 1024 , 2017 . N. Miramirkhani, M. P. Appini, N. Nikiforakis, and M. Polychronakis, \"Spotless Sandboxes: Evading Malware Analysis Systems Using Wear-and-Tear Artifacts,\" Proceedings - IEEE Symposium on Security and Privacy, pp. 1009--1024, 2017.","journal-title":"Proceedings - IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_41_1","first-page":"283","volume-title":"CNS 2014","author":"Mohaisen A.","year":"2014","unstructured":"A. Mohaisen , A. G. West , A. Mankin , and O. Alrawi , \" Chatter: Classifying malware families using system event ordering,\" 2014 IEEE Conference on Communications and Network Security , CNS 2014 , pp. 283 -- 291 , 2014 . A. Mohaisen, A. G. West, A. Mankin, and O. Alrawi, \"Chatter: Classifying malware families using system event ordering,\" 2014 IEEE Conference on Communications and Network Security, CNS 2014, pp. 283--291, 2014."},{"key":"e_1_3_2_1_42_1","first-page":"478","volume-title":"IMC","author":"Peng P.","year":"2019","unstructured":"P. Peng , L. Yang , L. Song , and G. Wang , \" Opening the blackbox of virustotal: Analyzing online phishing scan engines,\" Proceedings of the ACM SIGCOMM Internet Measurement Conference , IMC , pp. 478 -- 485 , 2019 . [Online]. Available : https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3355369.3355585 P. Peng, L. Yang, L. Song, and G. Wang, \"Opening the blackbox of virustotal: Analyzing online phishing scan engines,\" Proceedings of the ACM SIGCOMM Internet Measurement Conference, IMC, pp. 478--485, 2019. [Online]. Available: https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3355369.3355585"},{"key":"e_1_3_2_1_43_1","first-page":"391","volume-title":"Behavioral clustering of HTTP-based malware and signature generation using malicious network traces,\" Proceedings of NSDI 2010:  7th USENIX Symposium on Networked Systems Design and Implementation","author":"Perdisci R.","year":"2010","unstructured":"R. Perdisci , W. Lee , and N. Feamster , \" Behavioral clustering of HTTP-based malware and signature generation using malicious network traces,\" Proceedings of NSDI 2010: 7th USENIX Symposium on Networked Systems Design and Implementation , pp. 391 -- 404 , 2010 . R. Perdisci, W. Lee, and N. Feamster, \"Behavioral clustering of HTTP-based malware and signature generation using malicious network traces,\" Proceedings of NSDI 2010: 7th USENIX Symposium on Networked Systems Design and Implementation, pp. 391--404, 2010."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308897.3308961"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-41284-4_8"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.05.010"},{"key":"e_1_3_2_1_47_1","first-page":"65","article-title":"Prudent practices for designing malware experiments: Status quo and outlook","author":"Rossow C.","year":"2012","unstructured":"C. Rossow , C. J. Dietrich , C. Grier , C. Kreibich , V. Paxson , N. Pohlmann , H. Bos , and M. Van Steen , \" Prudent practices for designing malware experiments: Status quo and outlook ,\" Proceedings - IEEE Symposium on Security and Privacy , pp. 65 -- 79 , 2012 . C. Rossow, C. J. Dietrich, C. Grier, C. Kreibich, V. Paxson, N. Pohlmann, H. Bos, and M. Van Steen, \"Prudent practices for designing malware experiments: Status quo and outlook,\" Proceedings - IEEE Symposium on Security and Privacy, pp. 65--79, 2012.","journal-title":"Proceedings - IEEE Symposium on Security and Privacy"},{"key":"e_1_3_2_1_48_1","first-page":"230","volume-title":"AVclass: A Tool for Massive Malware Labeling,\" in Research in Attacks, Intrusions, and Defenses","author":"M. Sebasti\u00e1","year":"2016","unstructured":"M. Sebasti\u00e1 n, R. Rivera , P. Kotzias , and J. Caballero , \" AVclass: A Tool for Massive Malware Labeling,\" in Research in Attacks, Intrusions, and Defenses , F. Monrose, M. Dacier, G. Blanc, and J. Garcia-Alfaro, Eds.Springer International Publishing , 2016 , pp. 230 -- 253 . M. Sebasti\u00e1 n, R. Rivera, P. Kotzias, and J. Caballero, \"AVclass: A Tool for Massive Malware Labeling,\" in Research in Attacks, Intrusions, and Defenses, F. Monrose, M. Dacier, G. Blanc, and J. Garcia-Alfaro, Eds.Springer International Publishing, 2016, pp. 230--253."},{"key":"e_1_3_2_1_49_1","first-page":"3","volume-title":"Malrec: Compact Full-Trace Malware Recording for Retrospective Deep Analysis,\" in Detection of Intrusions and Malware, and Vulnerability Assessment","author":"Severi G.","year":"2018","unstructured":"G. Severi , T. Leek , and B. Dolan-Gavitt , \" Malrec: Compact Full-Trace Malware Recording for Retrospective Deep Analysis,\" in Detection of Intrusions and Malware, and Vulnerability Assessment . Springer International Publishing , 2018 , pp. 3 -- 23 . G. Severi, T. Leek, and B. Dolan-Gavitt, \"Malrec: Compact Full-Trace Malware Recording for Retrospective Deep Analysis,\" in Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2018, pp. 3--23."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-70542-0_5"},{"key":"e_1_3_2_1_51_1","first-page":"1","volume-title":"Efficient Dynamic Malware Analysis Based on Network Behavior Using Deep Learning,\" in 2016 IEEE Global Communications Conference (GLOBECOM), dec","author":"Shibahara T.","year":"2016","unstructured":"T. Shibahara , T. Yagi , M. Akiyama , D. Chiba , and T. Yada , \" Efficient Dynamic Malware Analysis Based on Network Behavior Using Deep Learning,\" in 2016 IEEE Global Communications Conference (GLOBECOM), dec 2016 , pp. 1 -- 7 . T. Shibahara, T. Yagi, M. Akiyama, D. Chiba, and T. Yada, \"Efficient Dynamic Malware Analysis Based on Network Behavior Using Deep Learning,\" in 2016 IEEE Global Communications Conference (GLOBECOM), dec 2016, pp. 1--7."},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2010.032210.00054"},{"key":"e_1_3_2_1_53_1","first-page":"349","volume-title":"BotFinder: Finding bots in network traffic without deep packet inspection,\" CoNEXT 2012 - Proceedings of the 2012 ACM Conference on Emerging Networking Experiments and Technologies","author":"Tegeler F.","year":"2012","unstructured":"F. Tegeler , X. Fu , G. Vigna , and C. Kruegel , \" BotFinder: Finding bots in network traffic without deep packet inspection,\" CoNEXT 2012 - Proceedings of the 2012 ACM Conference on Emerging Networking Experiments and Technologies , pp. 349 -- 360 , 2012 . F. Tegeler, X. Fu, G. Vigna, and C. Kruegel, \"BotFinder: Finding bots in network traffic without deep packet inspection,\" CoNEXT 2012 - Proceedings of the 2012 ACM Conference on Emerging Networking Experiments and Technologies, pp. 349--360, 2012."},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3291061"},{"key":"e_1_3_2_1_55_1","article-title":"Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion","author":"Vincent P.","year":"2010","unstructured":"P. Vincent , H. Larochelle , I. Lajoie , Y. Bengio , P.-A. Manzagol , and L. Bottou , \" Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion .\" Journal of machine learning research , 2010 . P. Vincent, H. Larochelle, I. Lajoie, Y. Bengio, P.-A. Manzagol, and L. Bottou, \"Stacked denoising autoencoders: Learning useful representations in a deep network with a local denoising criterion.\" Journal of machine learning research, 2010.","journal-title":"Journal of machine learning research"},{"key":"e_1_3_2_1_56_1","first-page":"25","article-title":"Image denoising and inpainting with deep neural networks","author":"Xie J.","year":"2012","unstructured":"J. Xie , L. Xu , and E. Chen , \" Image denoising and inpainting with deep neural networks ,\" in Advances in Neural Information Processing Systems 25 , 2012 . J. Xie, L. Xu, and E. Chen, \"Image denoising and inpainting with deep neural networks,\" in Advances in Neural Information Processing Systems 25, 2012.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_8"},{"key":"e_1_3_2_1_58_1","volume-title":"Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines,\" in 29th USENIX Security Symposium (USENIX Security 20)","author":"Zhu S.","year":"2020","unstructured":"S. Zhu , J. Shi , L. Yang , B. Qin , Z. Zhang , L. Song , and G. Wang , \" Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines,\" in 29th USENIX Security Symposium (USENIX Security 20) . Boston, MA : USENIX Association , aug 2020 . [Online]. Available: https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/zhu S. Zhu, J. Shi, L. Yang, B. Qin, Z. Zhang, L. Song, and G. Wang, \"Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines,\" in 29th USENIX Security Symposium (USENIX Security 20). Boston, MA: USENIX Association, aug 2020. [Online]. Available: https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/zhu"},{"key":"e_1_3_2_1_59_1","first-page":"767","volume-title":"FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature,\" in Proceedings of the 2016 ACM SIGSAC CCS","author":"Zhu Z.","year":"2016","unstructured":"Z. Zhu and T. Dumitras , \" FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature,\" in Proceedings of the 2016 ACM SIGSAC CCS . Association for Computing Machinery , 2016 , pp. 767 -- 778 . Z. Zhu and T. Dumitras, \"FeatureSmith: Automatically Engineering Features for Malware Detection by Mining the Security Literature,\" in Proceedings of the 2016 ACM SIGSAC CCS. Association for Computing Machinery, 2016, pp. 767--778."}],"event":{"name":"ASIA CCS '21: ACM Asia Conference on Computer and Communications Security","location":"Virtual Event Hong Kong","acronym":"ASIA CCS '21","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2021 ACM Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453101","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3433210.3453101","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:12Z","timestamp":1750193292000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3433210.3453101"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,5,24]]},"references-count":59,"alternative-id":["10.1145\/3433210.3453101","10.1145\/3433210"],"URL":"https:\/\/doi.org\/10.1145\/3433210.3453101","relation":{},"subject":[],"published":{"date-parts":[[2021,5,24]]},"assertion":[{"value":"2021-06-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}