{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,20]],"date-time":"2026-03-20T21:21:30Z","timestamp":1774041690051,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":74,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,10,26]],"date-time":"2022-10-26T00:00:00Z","timestamp":1666742400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Huawei Technologies Co., Ltd","award":["TC20200917004"],"award-info":[{"award-number":["TC20200917004"]}]},{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["U1836213,U19B2034"],"award-info":[{"award-number":["U1836213,U19B2034"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,10,26]]},"DOI":"10.1145\/3545948.3545983","type":"proceedings-article","created":{"date-parts":[[2022,10,17]],"date-time":"2022-10-17T11:21:49Z","timestamp":1666005709000},"page":"495-509","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":62,"title":["Encrypted Malware Traffic Detection via Graph-based Network Analysis"],"prefix":"10.1145","author":[{"given":"Zhuoqun","family":"Fu","sequence":"first","affiliation":[{"name":"Tsinghua University, China"}]},{"given":"Mingxuan","family":"Liu","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]},{"given":"Yue","family":"Qin","sequence":"additional","affiliation":[{"name":"Indiana University Bloomington, United States of America"}]},{"given":"Jia","family":"Zhang","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]},{"given":"Yuan","family":"Zou","sequence":"additional","affiliation":[{"name":"Tsinghua University; GeekSec Security Group, China"}]},{"given":"Qilei","family":"Yin","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]},{"given":"Qi","family":"Li","sequence":"additional","affiliation":[{"name":"Tsinghua University, China"}]},{"given":"Haixin","family":"Duan","sequence":"additional","affiliation":[{"name":"Tsinghua University; Qi An Xin Group Corp., China"}]}],"member":"320","published-online":{"date-parts":[[2022,10,26]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"John Althouse. 2019. TLS Fingerprinting with JA3 and JA3S. https:\/\/engineering.salesforce.com\/tls-fingerprinting-with-ja3-and-ja3s-247362855967.  John Althouse. 2019. TLS Fingerprinting with JA3 and JA3S. https:\/\/engineering.salesforce.com\/tls-fingerprinting-with-ja3-and-ja3s-247362855967."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Blake Anderson and David McGrew. 2016. Identifying Encrypted Malware Traffic with Contextual Flow Data. In AISec@CCS. 35\u201346.  Blake Anderson and David McGrew. 2016. Identifying Encrypted Malware Traffic with Contextual Flow Data. In AISec@CCS. 35\u201346.","DOI":"10.1145\/2996758.2996768"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"crossref","unstructured":"Blake Anderson and David McGrew. 2017. Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity. In SIGKDD. 1723\u20131732.  Blake Anderson and David McGrew. 2017. Machine Learning for Encrypted Malware Traffic Classification: Accounting for Noisy Labels and Non-Stationarity. In SIGKDD. 1723\u20131732.","DOI":"10.1145\/3097983.3098163"},{"key":"e_1_3_2_1_4_1","volume-title":"https:\/\/developer.android.com\/reference\/javax\/net\/ssl\/SSLSocketAccessed","author":"Socket Developer","year":"2022","unstructured":"AndroidDev. 2021. Developer Guides-SSL Socket . https:\/\/developer.android.com\/reference\/javax\/net\/ssl\/SSLSocketAccessed January 22, 2022 . AndroidDev. 2021. Developer Guides-SSLSocket. https:\/\/developer.android.com\/reference\/javax\/net\/ssl\/SSLSocketAccessed January 22, 2022."},{"key":"e_1_3_2_1_5_1","unstructured":"Aleksandar Bojchevski and Stephan G\u00fcnnemann. 2019. Adversarial Attacks on Node Embeddings via Graph Poisoning. In ICML Vol.\u00a097. PMLR 695\u2013704.  Aleksandar Bojchevski and Stephan G\u00fcnnemann. 2019. Adversarial Attacks on Node Embeddings via Graph Poisoning. In ICML Vol.\u00a097. PMLR 695\u2013704."},{"key":"e_1_3_2_1_6_1","volume-title":"FOCI@USENIX Security Symposium","author":"Chai Zimo","unstructured":"Zimo Chai , Amirhossein Ghafari , and Amir Houmansadr . 2019. On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention . In FOCI@USENIX Security Symposium . USENIX Association . Zimo Chai, Amirhossein Ghafari, and Amir Houmansadr. 2019. On the Importance of Encrypted-SNI (ESNI) to Censorship Circumvention. In FOCI@USENIX Security Symposium. USENIX Association."},{"key":"e_1_3_2_1_7_1","volume-title":"NOPEN Is the Equation Group\u2019s Backdoor for Unix Systems. https:\/\/news.softpedia.com\/news\/nopen-is-the-equation-group-s-backdoor-for-unix-systems-508257.shtmlAccessed","author":"Cimpanu Catalin","year":"2022","unstructured":"Catalin Cimpanu . 2016. NOPEN Is the Equation Group\u2019s Backdoor for Unix Systems. https:\/\/news.softpedia.com\/news\/nopen-is-the-equation-group-s-backdoor-for-unix-systems-508257.shtmlAccessed March 10, 2022 . Catalin Cimpanu. 2016. NOPEN Is the Equation Group\u2019s Backdoor for Unix Systems. https:\/\/news.softpedia.com\/news\/nopen-is-the-equation-group-s-backdoor-for-unix-systems-508257.shtmlAccessed March 10, 2022."},{"key":"e_1_3_2_1_8_1","unstructured":"Cisco. 2018. Cisco Advanced Malware Protection Solution Overview. https:\/\/www.cisco.com\/c\/en\/us\/solutions\/collateral\/enterprise-networks\/advanced-malware-protection\/solution-overview-c22-734228.html.  Cisco. 2018. Cisco Advanced Malware Protection Solution Overview. https:\/\/www.cisco.com\/c\/en\/us\/solutions\/collateral\/enterprise-networks\/advanced-malware-protection\/solution-overview-c22-734228.html."},{"key":"e_1_3_2_1_9_1","volume-title":"https:\/\/www.cloudflare.com\/products\/zero-trust\/gateway\/Accessed","author":"Gateway Cloudflare","year":"2022","unstructured":"Cloudflare. 2021. Cloudflare Gateway . https:\/\/www.cloudflare.com\/products\/zero-trust\/gateway\/Accessed March 10, 2022 . Cloudflare. 2021. Cloudflare Gateway. https:\/\/www.cloudflare.com\/products\/zero-trust\/gateway\/Accessed March 10, 2022."},{"key":"e_1_3_2_1_10_1","volume-title":"Introduction to Algorithms","author":"Cormen H","unstructured":"Thomas\u00a0 H Cormen , Charles\u00a0 E Leiserson , Ronald\u00a0 L Rivest , and Clifford Stein . 2022. Introduction to Algorithms . MIT press . Thomas\u00a0H Cormen, Charles\u00a0E Leiserson, Ronald\u00a0L Rivest, and Clifford Stein. 2022. Introduction to Algorithms. MIT press."},{"key":"e_1_3_2_1_11_1","volume-title":"NISC Survey Results. https:\/\/www.nisc.neustar\/nisc-survey-results\/Accessed","author":"Neustar International\u00a0Security Council","year":"2022","unstructured":"Neustar International\u00a0Security Council . 2020. NISC Survey Results. https:\/\/www.nisc.neustar\/nisc-survey-results\/Accessed March 20, 2022 . Neustar International\u00a0Security Council. 2020. NISC Survey Results. https:\/\/www.nisc.neustar\/nisc-survey-results\/Accessed March 20, 2022."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"crossref","unstructured":"Antonio Criminisi Jamie Shotton Ender Konukoglu 2012. Decision forests: A unified framework for classification regression density estimation manifold learning and semi-supervised learning. Foundations and trends\u00ae in computer graphics and vision 7 2\u20133(2012) 81\u2013227.  Antonio Criminisi Jamie Shotton Ender Konukoglu 2012. Decision forests: A unified framework for classification regression density estimation manifold learning and semi-supervised learning. Foundations and trends\u00ae in computer graphics and vision 7 2\u20133(2012) 81\u2013227.","DOI":"10.1561\/0600000035"},{"key":"e_1_3_2_1_13_1","unstructured":"Azure documentation. 2022. Microsoft Antimalware for Azure Cloud Services and Virtual Machines. https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-iot\/organizations\/how-to-control-what-traffic-is-monitored.  Azure documentation. 2022. Microsoft Antimalware for Azure Cloud Services and Virtual Machines. https:\/\/docs.microsoft.com\/en-us\/azure\/defender-for-iot\/organizations\/how-to-control-what-traffic-is-monitored."},{"key":"e_1_3_2_1_14_1","unstructured":"David Fifield. 2018. Anticipating a world of encrypted SNI: risks opportunities how to win big. https:\/\/www.bamsoftware.com\/sec\/esni.html.  David Fifield. 2018. Anticipating a world of encrypted SNI: risks opportunities how to win big. https:\/\/www.bamsoftware.com\/sec\/esni.html."},{"key":"e_1_3_2_1_15_1","unstructured":"FireEye. 2020. Definition of Malware Family. https:\/\/vision.fireeye.com\/editions\/06\/06-m-trends-fireeye-mandiant.html.  FireEye. 2020. Definition of Malware Family. https:\/\/vision.fireeye.com\/editions\/06\/06-m-trends-fireeye-mandiant.html."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2007.46"},{"key":"e_1_3_2_1_17_1","volume-title":"The Use of TLS in Censorship Circumvention","author":"Frolov Sergey","unstructured":"Sergey Frolov and Eric Wustrow . 2019. The Use of TLS in Censorship Circumvention . In NDSS. The Internet Society . Sergey Frolov and Eric Wustrow. 2019. The Use of TLS in Censorship Circumvention. In NDSS. The Internet Society."},{"key":"e_1_3_2_1_18_1","volume-title":"Nearly half of malware now use TLS to conceal communications. https:\/\/news.sophos.com\/en-us\/2021\/04\/21\/nearly-half-of-malware-now-use-tls-to-conceal-communications\/Accessed","author":"Gallagher Sean","year":"2021","unstructured":"Sean Gallagher . 2021. Nearly half of malware now use TLS to conceal communications. https:\/\/news.sophos.com\/en-us\/2021\/04\/21\/nearly-half-of-malware-now-use-tls-to-conceal-communications\/Accessed November 20, 2021 . Sean Gallagher. 2021. Nearly half of malware now use TLS to conceal communications. https:\/\/news.sophos.com\/en-us\/2021\/04\/21\/nearly-half-of-malware-now-use-tls-to-conceal-communications\/Accessed November 20, 2021."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2019.03.013"},{"key":"e_1_3_2_1_20_1","volume-title":"CyberSecurity","author":"Giura Paul","unstructured":"Paul Giura and Wei Wang . 2012. A Context-Based Detection Framework for Advanced Persistent Threats . In CyberSecurity . IEEE Computer Society , 69\u201374. Paul Giura and Wei Wang. 2012. A Context-Based Detection Framework for Advanced Persistent Threats. In CyberSecurity. IEEE Computer Society, 69\u201374."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.knosys.2018.03.022"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"Aditya Grover and Jure Leskovec. 2016. node2vec: Scalable feature learning for networks. In SIGKDD. ACM 855\u2013864.  Aditya Grover and Jure Leskovec. 2016. node2vec: Scalable feature learning for networks. In SIGKDD. ACM 855\u2013864.","DOI":"10.1145\/2939672.2939754"},{"key":"e_1_3_2_1_23_1","unstructured":"Aric Hagberg and Drew Conway. 2020. NetworkX: Network Analysis with Python. URL: https:\/\/networkx.github.io(2020).  Aric Hagberg and Drew Conway. 2020. NetworkX: Network Analysis with Python. URL: https:\/\/networkx.github.io(2020)."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.2200\/S01045ED1V01Y202009AIM046"},{"key":"e_1_3_2_1_25_1","unstructured":"William\u00a0L Hamilton Rex Ying and Jure Leskovec. 2017. Inductive Representation Learning on Large Graphs. In NeurIPS. 1025\u20131035.  William\u00a0L Hamilton Rex Ying and Jure Leskovec. 2017. Inductive Representation Learning on Large Graphs. In NeurIPS. 1025\u20131035."},{"key":"e_1_3_2_1_26_1","volume-title":"Beacon Covert C2 Payload. https:\/\/www.cobaltstrike.com\/help-beaconAccessed","author":"Helpsystem Cobaltstrike","year":"2021","unstructured":"Cobaltstrike Helpsystem . 2021. Beacon Covert C2 Payload. https:\/\/www.cobaltstrike.com\/help-beaconAccessed November 20, 2021 . Cobaltstrike Helpsystem. 2021. Beacon Covert C2 Payload. https:\/\/www.cobaltstrike.com\/help-beaconAccessed November 20, 2021."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411740.3411742"},{"key":"e_1_3_2_1_28_1","volume-title":"An Approach to Detect Remote Access Trojan in the Early Stage of Communication","author":"Jiang Dan","unstructured":"Dan Jiang and Kazumasa Omote . 2015. An Approach to Detect Remote Access Trojan in the Early Stage of Communication . In AINA. IEEE Computer Society , 706\u2013713. Dan Jiang and Kazumasa Omote. 2015. An Approach to Detect Remote Access Trojan in the Early Stage of Communication. In AINA. IEEE Computer Society, 706\u2013713."},{"key":"e_1_3_2_1_29_1","first-page":"73","article-title":"The ghost in the system: technical analysis of remote access trojan","volume":"11","author":"Kara \u0130lker","year":"2019","unstructured":"\u0130lker Kara and Murat Aydos . 2019 . The ghost in the system: technical analysis of remote access trojan . International Journal on Information Technologies & Security 11 , 1(2019), 73 \u2013 84 . \u0130lker Kara and Murat Aydos. 2019. The ghost in the system: technical analysis of remote access trojan. International Journal on Information Technologies & Security 11, 1(2019), 73\u201384.","journal-title":"International Journal on Information Technologies & Security"},{"key":"e_1_3_2_1_30_1","unstructured":"Catherine Knowles. 2021. End of 2021 marks drop in cyber attacks and increase in remote access malware. https:\/\/securitybrief.asia\/story\/end-of-2021-marks-drop-in-cyber-attacks-and-increase-in-remote-access-malware.  Catherine Knowles. 2021. End of 2021 marks drop in cyber attacks and increase in remote access malware. https:\/\/securitybrief.asia\/story\/end-of-2021-marks-drop-in-cyber-attacks-and-increase-in-remote-access-malware."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Alexander K\u00fcchler Alessandro Mantovani Yufei Han Leyla Bilge and Davide Balzarotti. 2021. Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes.. In NDSS.  Alexander K\u00fcchler Alessandro Mantovani Yufei Han Leyla Bilge and Davide Balzarotti. 2021. Does Every Second Count? Time-based Evolution of Malware Behavior in Sandboxes.. In NDSS.","DOI":"10.14722\/ndss.2021.24475"},{"key":"e_1_3_2_1_32_1","first-page":"1","article-title":"Wireshark user\u2019s guide","volume":"4","author":"Lamping Ulf","year":"2004","unstructured":"Ulf Lamping and Ed Warnicke . 2004 . Wireshark user\u2019s guide . Interface 4 , 6 (2004), 1 . Ulf Lamping and Ed Warnicke. 2004. Wireshark user\u2019s guide. Interface 4, 6 (2004), 1.","journal-title":"Interface"},{"key":"e_1_3_2_1_33_1","volume-title":"Proceedings of the Web Conference","author":"Lee Hyunwoo","year":"2021","unstructured":"Hyunwoo Lee , Doowon Kim , and Yonghwi Kwon . 2021 . TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet . In Proceedings of the Web Conference 2021. 70\u201379. Hyunwoo Lee, Doowon Kim, and Yonghwi Kwon. 2021. TLS 1.3 in Practice: How TLS 1.3 Contributes to the Internet. In Proceedings of the Web Conference 2021. 70\u201379."},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2014.04.013"},{"key":"e_1_3_2_1_35_1","volume-title":"Detecting malicious domains with behavioral modeling and graph embedding","author":"Lei Kai","unstructured":"Kai Lei , Qiuai Fu , Jiake Ni , 2019. Detecting malicious domains with behavioral modeling and graph embedding . In ICDCS. IEEE , 601\u2013611. Kai Lei, Qiuai Fu, Jiake Ni, 2019. Detecting malicious domains with behavioral modeling and graph embedding. In ICDCS. IEEE, 601\u2013611."},{"key":"e_1_3_2_1_36_1","unstructured":"Yankai Lin Zhiyuan Liu Maosong Sun 2015. Learning entity and relation embeddings for knowledge graph completion. In AAAI.  Yankai Lin Zhiyuan Liu Maosong Sun 2015. Learning entity and relation embeddings for knowledge graph completion. In AAAI."},{"key":"e_1_3_2_1_37_1","volume-title":"Fs-net: A flow sequence network for encrypted traffic classification","author":"Liu Chang","year":"2019","unstructured":"Chang Liu , Longtao He , Gang Xiong , 2019 . Fs-net: A flow sequence network for encrypted traffic classification . In INFOCOM. IEEE , 1171\u20131179. Chang Liu, Longtao He, Gang Xiong, 2019. Fs-net: A flow sequence network for encrypted traffic classification. In INFOCOM. IEEE, 1171\u20131179."},{"key":"e_1_3_2_1_38_1","unstructured":"Dan Mcwhrter. 2014. APT1: Exposing One of China\u2019s Cyber Espionage Units. https:\/\/www.mandiant.com\/resources\/apt1-exposing-one-of-chinas-cyber-espionage-units.  Dan Mcwhrter. 2014. APT1: Exposing One of China\u2019s Cyber Espionage Units. https:\/\/www.mandiant.com\/resources\/apt1-exposing-one-of-chinas-cyber-espionage-units."},{"key":"e_1_3_2_1_39_1","unstructured":"Tomas Mikolov Kai Chen Greg Corrado and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781(2013).  Tomas Mikolov Kai Chen Greg Corrado and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781(2013)."},{"key":"e_1_3_2_1_40_1","volume-title":"Distributed representations of words and phrases and their compositionality. Advances in neural information processing systems 26","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov , Ilya Sutskever , Kai Chen , Greg\u00a0 S Corrado , and Jeff Dean . 2013. Distributed representations of words and phrases and their compositionality. Advances in neural information processing systems 26 ( 2013 ). Tomas Mikolov, Ilya Sutskever, Kai Chen, Greg\u00a0S Corrado, and Jeff Dean. 2013. Distributed representations of words and phrases and their compositionality. Advances in neural information processing systems 26 (2013)."},{"key":"e_1_3_2_1_41_1","volume-title":"A practical experiment of the HTTP-based RAT detection method in proxy server logs","author":"Mimura Mamoru","unstructured":"Mamoru Mimura , Yuhei Otsubo , Hidehiko Tanaka , and Hidema Tanaka . 2017. A practical experiment of the HTTP-based RAT detection method in proxy server logs . In AsiaJCIS. IEEE , 31\u201337. Mamoru Mimura, Yuhei Otsubo, Hidehiko Tanaka, and Hidema Tanaka. 2017. A practical experiment of the HTTP-based RAT detection method in proxy server logs. In AsiaJCIS. IEEE, 31\u201337."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"crossref","unstructured":"Yisroel Mirsky Tomer Doitshman Yuval Elovici and Asaf Shabtai. 2018. Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089(2018).  Yisroel Mirsky Tomer Doitshman Yuval Elovici and Asaf Shabtai. 2018. Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089(2018).","DOI":"10.14722\/ndss.2018.23204"},{"key":"e_1_3_2_1_43_1","unstructured":"Michael Nadeau. 2021. Cryptojacking explained: How to prevent detect and recover from it. https:\/\/www.csoonline.com\/article\/3253572\/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html.  Michael Nadeau. 2021. Cryptojacking explained: How to prevent detect and recover from it. https:\/\/www.csoonline.com\/article\/3253572\/what-is-cryptojacking-how-to-prevent-detect-and-recover-from-it.html."},{"key":"e_1_3_2_1_44_1","volume-title":"International Conference on Security and Privacy in Communication Systems. Springer, 88\u2013107","author":"Najafi Pejman","year":"2017","unstructured":"Pejman Najafi , Andrey Sapegin , Feng Cheng , and Christoph Meinel . 2017 . Guilt-by-association: detecting malicious entities via graph mining . In International Conference on Security and Privacy in Communication Systems. Springer, 88\u2013107 . Pejman Najafi, Andrey Sapegin, Feng Cheng, and Christoph Meinel. 2017. Guilt-by-association: detecting malicious entities via graph mining. In International Conference on Security and Privacy in Communication Systems. Springer, 88\u2013107."},{"key":"e_1_3_2_1_45_1","volume-title":"USENIX Security Symposium. 589\u2013604","author":"Nelms Terry","year":"2013","unstructured":"Terry Nelms , Roberto Perdisci , and Mustaque Ahamad . 2013 . Execscent: Mining for new c&c domains in live networks with adaptive control protocol templates . In USENIX Security Symposium. 589\u2013604 . Terry Nelms, Roberto Perdisci, and Mustaque Ahamad. 2013. Execscent: Mining for new c&c domains in live networks with adaptive control protocol templates. In USENIX Security Symposium. 589\u2013604."},{"key":"e_1_3_2_1_46_1","volume-title":"Detection of early-stage enterprise infection by mining large-scale log data","author":"Oprea Alina","unstructured":"Alina Oprea , Zhou Li , Ting-Fang Yen , 2015. Detection of early-stage enterprise infection by mining large-scale log data . In DSN. IEEE , 45\u201356. Alina Oprea, Zhou Li, Ting-Fang Yen, 2015. Detection of early-stage enterprise infection by mining large-scale log data. In DSN. IEEE, 45\u201356."},{"key":"e_1_3_2_1_47_1","volume-title":"Bro: a system for detecting network intruders in real-time. Computer networks 31, 23-24","author":"Paxson Vern","year":"1999","unstructured":"Vern Paxson . 1999. Bro: a system for detecting network intruders in real-time. Computer networks 31, 23-24 ( 1999 ), 2435\u20132463. Vern Paxson. 1999. Bro: a system for detecting network intruders in real-time. Computer networks 31, 23-24 (1999), 2435\u20132463."},{"key":"e_1_3_2_1_48_1","volume-title":"Scikit-learn: Machine learning in Python. the Journal of machine Learning research 12","author":"Pedregosa Fabian","year":"2011","unstructured":"Fabian Pedregosa , Ga\u00ebl Varoquaux , Alexandre Gramfort , Vincent Michel , Bertrand Thirion , Olivier Grisel , Mathieu Blondel , Peter Prettenhofer , Ron Weiss , Vincent Dubourg , 2011 . Scikit-learn: Machine learning in Python. the Journal of machine Learning research 12 (2011), 2825\u20132830. Fabian Pedregosa, Ga\u00ebl Varoquaux, Alexandre Gramfort, Vincent Michel, Bertrand Thirion, Olivier Grisel, Mathieu Blondel, Peter Prettenhofer, Ron Weiss, Vincent Dubourg, 2011. Scikit-learn: Machine learning in Python. the Journal of machine Learning research 12 (2011), 2825\u20132830."},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2623330.2623732"},{"key":"e_1_3_2_1_50_1","volume-title":"Segugio: Efficient behavior-based tracking of malware-control domains in large ISP networks","author":"Rahbarinia Babak","year":"2015","unstructured":"Babak Rahbarinia , Roberto Perdisci , and Manos Antonakakis . 2015 . Segugio: Efficient behavior-based tracking of malware-control domains in large ISP networks . In DSN. IEEE , 403\u2013414. Babak Rahbarinia, Roberto Perdisci, and Manos Antonakakis. 2015. Segugio: Efficient behavior-based tracking of malware-control domains in large ISP networks. In DSN. IEEE, 403\u2013414."},{"key":"e_1_3_2_1_51_1","unstructured":"Radim Rehuurek Petr Sojka 2011. Gensim\u2014statistical semantics in python. Retrieved from genism. org(2011).  Radim Rehuurek Petr Sojka 2011. Gensim\u2014statistical semantics in python. Retrieved from genism. org(2011)."},{"key":"#cr-split#-e_1_3_2_1_52_1.1","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. https:\/\/doi.org\/10.17487\/RFC8446 10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"#cr-split#-e_1_3_2_1_52_1.2","doi-asserted-by":"crossref","unstructured":"Eric Rescorla. 2018. The Transport Layer Security (TLS) Protocol Version 1.3. RFC 8446. https:\/\/doi.org\/10.17487\/RFC8446","DOI":"10.17487\/RFC8446"},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/0304-3975(76)90053-0"},{"key":"e_1_3_2_1_54_1","unstructured":"Martin Roesch 1999. Snort: Lightweight intrusion detection for networks.. In Lisa Vol.\u00a099. 229\u2013238.  Martin Roesch 1999. Snort: Lightweight intrusion detection for networks.. In Lisa Vol.\u00a099. 229\u2013238."},{"key":"e_1_3_2_1_55_1","volume-title":"FANCI: Feature-based Automated NXDomain Classification and Intelligence. In USENIX Security. 1165\u20131181.","author":"Sch\u00fcppen Samuel","year":"2018","unstructured":"Samuel Sch\u00fcppen , Dominik Teubert , Patrick Herrmann , and Ulrike Meyer . 2018 . FANCI: Feature-based Automated NXDomain Classification and Intelligence. In USENIX Security. 1165\u20131181. Samuel Sch\u00fcppen, Dominik Teubert, Patrick Herrmann, and Ulrike Meyer. 2018. FANCI: Feature-based Automated NXDomain Classification and Intelligence. In USENIX Security. 1165\u20131181."},{"key":"e_1_3_2_1_56_1","unstructured":"Gaurav Sood. 2021. virustotal: R Client for the virustotal API. R package version 0.2.2.  Gaurav Sood. 2021. virustotal: R Client for the virustotal API. R package version 0.2.2."},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"crossref","unstructured":"Gianluca Stringhini Christopher Kruegel and Giovanni Vigna. 2013. Shady paths: Leveraging surfing crowds to detect malicious web pages. In CCS. 133\u2013144.  Gianluca Stringhini Christopher Kruegel and Giovanni Vigna. 2013. Shady paths: Leveraging surfing crowds to detect malicious web pages. In CCS. 133\u2013144.","DOI":"10.1145\/2508859.2516682"},{"key":"e_1_3_2_1_58_1","volume-title":"Andi Fitriah\u00a0Abdul Kadir, and Arash\u00a0Habibi Lashkari","author":"Taheri Laya","year":"2019","unstructured":"Laya Taheri , Andi Fitriah\u00a0Abdul Kadir, and Arash\u00a0Habibi Lashkari . 2019 . Extensible android malware detection and family classification using network-flows and API-calls. In ICCST. IEEE , 1\u20138. Laya Taheri, Andi Fitriah\u00a0Abdul Kadir, and Arash\u00a0Habibi Lashkari. 2019. Extensible android malware detection and family classification using network-flows and API-calls. In ICCST. IEEE, 1\u20138."},{"key":"e_1_3_2_1_59_1","series-title":"SIAM journal on computing 1, 2","volume-title":"Depth-first search and linear graph algorithms","author":"Tarjan Robert","year":"1972","unstructured":"Robert Tarjan . 1972. Depth-first search and linear graph algorithms . SIAM journal on computing 1, 2 ( 1972 ), 146\u2013160. Robert Tarjan. 1972. Depth-first search and linear graph algorithms. SIAM journal on computing 1, 2 (1972), 146\u2013160."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413217"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2016.59"},{"key":"e_1_3_2_1_62_1","volume-title":"Towards understanding privacy implications of adware and potentially unwanted programs","author":"Urban Tobias","unstructured":"Tobias Urban , Dennis Tatang , Thorsten Holz , and Norbert Pohlmann . 2018. Towards understanding privacy implications of adware and potentially unwanted programs . In ESORICS. Springer , 449\u2013469. Tobias Urban, Dennis Tatang, Thorsten Holz, and Norbert Pohlmann. 2018. Towards understanding privacy implications of adware and potentially unwanted programs. In ESORICS. Springer, 449\u2013469."},{"key":"e_1_3_2_1_63_1","unstructured":"Petar Veli\u010dkovi\u0107 Guillem Cucurull Arantxa Casanova Adriana Romero Pietro Lio and Yoshua Bengio. 2017. Graph attention networks. arXiv preprint arXiv:1710.10903(2017).  Petar Veli\u010dkovi\u0107 Guillem Cucurull Arantxa Casanova Adriana Romero Pietro Lio and Yoshua Bengio. 2017. Graph attention networks. arXiv preprint arXiv:1710.10903(2017)."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"crossref","unstructured":"Binghui Wang and Neil\u00a0Zhenqiang Gong. 2019. Attacking graph-based classification via manipulating the graph structure. In CCS. 2023\u20132040.  Binghui Wang and Neil\u00a0Zhenqiang Gong. 2019. Attacking graph-based classification via manipulating the graph structure. In CCS. 2023\u20132040.","DOI":"10.1145\/3319535.3354206"},{"key":"e_1_3_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3471621.3471841"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"crossref","unstructured":"Zhen Wang Jianwen Zhang Jianlin Feng and Zheng Chen. 2014. Knowledge graph embedding by translating on hyperplanes. In AAAI Vol.\u00a028.  Zhen Wang Jianwen Zhang Jianlin Feng and Zheng Chen. 2014. Knowledge graph embedding by translating on hyperplanes. In AAAI Vol.\u00a028.","DOI":"10.1609\/aaai.v28i1.8870"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1145\/1163593.1163596"},{"key":"e_1_3_2_1_68_1","volume-title":"The ZeroAccess rootkit. https:\/\/nakedsecurity.sophos.com\/zeroaccess4\/Accessed","author":"Wyke James","year":"2022","unstructured":"James Wyke . 2016. The ZeroAccess rootkit. https:\/\/nakedsecurity.sophos.com\/zeroaccess4\/Accessed March 20, 2022 . James Wyke. 2016. The ZeroAccess rootkit. https:\/\/nakedsecurity.sophos.com\/zeroaccess4\/Accessed March 20, 2022."},{"key":"e_1_3_2_1_69_1","volume-title":"DATE","author":"Xu Zhixing","year":"2017","unstructured":"Zhixing Xu , Sayak Ray , Pramod Subramanyan , and Sharad Malik . 2017. Malware detection using machine learning based analysis of virtual memory access patterns . In DATE , 2017 . IEEE , 169\u2013174. Zhixing Xu, Sayak Ray, Pramod Subramanyan, and Sharad Malik. 2017. Malware detection using machine learning based analysis of virtual memory access patterns. In DATE, 2017. IEEE, 169\u2013174."},{"key":"e_1_3_2_1_70_1","volume-title":"Clothing. https:\/\/unit42.paloaltonetworks.com\/unit42-ewind-adware-applications-clothing\/Accessed","author":"Yaron\u00a0Samuel Simon\u00a0Conant","year":"2022","unstructured":"Simon\u00a0Conant Yaron\u00a0Samuel . 2017. Ewind \u2013 Adware in Applications \u2019 Clothing. https:\/\/unit42.paloaltonetworks.com\/unit42-ewind-adware-applications-clothing\/Accessed January 22, 2022 . Simon\u00a0Conant Yaron\u00a0Samuel. 2017. Ewind \u2013 Adware in Applications\u2019 Clothing. https:\/\/unit42.paloaltonetworks.com\/unit42-ewind-adware-applications-clothing\/Accessed January 22, 2022."},{"key":"e_1_3_2_1_71_1","volume-title":"A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 50, 3","author":"Ye Yanfang","year":"2017","unstructured":"Yanfang Ye , Tao Li , Donald\u00a0 A. Adjeroh , and S.\u00a0 Sitharama Iyengar . 2017. A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 50, 3 ( 2017 ), 41:1\u201341:40. Yanfang Ye, Tao Li, Donald\u00a0A. Adjeroh, and S.\u00a0Sitharama Iyengar. 2017. A Survey on Malware Detection Using Data Mining Techniques. ACM Comput. Surv. 50, 3 (2017), 41:1\u201341:40."},{"key":"e_1_3_2_1_72_1","doi-asserted-by":"publisher","DOI":"10.1186\/s40649-019-0069-y"},{"key":"e_1_3_2_1_73_1","first-page":"102687","article-title":"Detecting malware based on DNS graph mining","volume":"11","author":"Zou Futai","year":"2015","unstructured":"Futai Zou , Siyu Zhang , Weixiong Rao , and Ping Yi . 2015 . Detecting malware based on DNS graph mining . International Journal of Distributed Sensor Networks 11 , 10 (2015), 102687 . Futai Zou, Siyu Zhang, Weixiong Rao, and Ping Yi. 2015. Detecting malware based on DNS graph mining. International Journal of Distributed Sensor Networks 11, 10 (2015), 102687.","journal-title":"International Journal of Distributed Sensor Networks"}],"event":{"name":"RAID 2022: 25th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Limassol Cyprus","acronym":"RAID 2022"},"container-title":["Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545983","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3545948.3545983","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:30:17Z","timestamp":1750188617000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3545948.3545983"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,10,26]]},"references-count":74,"alternative-id":["10.1145\/3545948.3545983","10.1145\/3545948"],"URL":"https:\/\/doi.org\/10.1145\/3545948.3545983","relation":{},"subject":[],"published":{"date-parts":[[2022,10,26]]},"assertion":[{"value":"2022-10-26","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}