{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,5]],"date-time":"2026-06-05T04:51:18Z","timestamp":1780635078741,"version":"3.54.1"},"publisher-location":"New York, NY, USA","reference-count":47,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,10,16]],"date-time":"2023-10-16T00:00:00Z","timestamp":1697414400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100012389","name":"National Institute of Information and Communications Technology","doi-asserted-by":"publisher","award":["05201"],"award-info":[{"award-number":["05201"]}],"id":[{"id":"10.13039\/501100012389","id-type":"DOI","asserted-by":"publisher"}]},{"name":"JSPS KAKENHI","award":["21KK0178"],"award-info":[{"award-number":["21KK0178"]}]},{"DOI":"10.13039\/501100003246","name":"Nederlandse Organisatie voor Wetenschappelijk Onderzoek","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100003246","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100004919","name":"King Abdulaziz City for Science and Technology","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100004919","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100009105","name":"Ministry of Internal Affairs and Communications","doi-asserted-by":"publisher","award":["JPJ000254"],"award-info":[{"award-number":["JPJ000254"]}],"id":[{"id":"10.13039\/501100009105","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,10,16]]},"DOI":"10.1145\/3607199.3607241","type":"proceedings-article","created":{"date-parts":[[2023,10,3]],"date-time":"2023-10-03T22:30:51Z","timestamp":1696372251000},"page":"513-526","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Bin there, target that: Analyzing the target selection of IoT vulnerabilities in malware binaries"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-5280-6853","authenticated-orcid":false,"given":"Arwa Abdulkarim","family":"Al Alsadi","sequence":"first","affiliation":[{"name":"Delft University of Technology, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0009-0006-1706-7529","authenticated-orcid":false,"given":"Kaichi","family":"Sameshima","sequence":"additional","affiliation":[{"name":"Yokohama National University, Japan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0964-8631","authenticated-orcid":false,"given":"Katsunari","family":"Yoshioka","sequence":"additional","affiliation":[{"name":"Yokohama National University, Japan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0338-2812","authenticated-orcid":false,"given":"Michel","family":"Van Eeten","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4699-3007","authenticated-orcid":false,"given":"Carlos Hernandez","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Netherlands"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2023,10,16]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"SHANJIDA AKHTER. 2015. Generalized Linear Modeling for Cottage Insurance Data. Master\u2019s thesis."},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"Arwa\u00a0Abdulkarim Al\u00a0Alsadi Kaichi Sameshima Jakob Bleier Katsunari Yoshioka Martina Lindorfer Michel van Eeten and Carlos\u00a0H Ga\u00f1\u00e1n. 2022. No Spring Chicken: Quantifying the Lifespan of Exploits in IoT Malware Using Static and Dynamic Analysis. (2022) 309\u2013321.","DOI":"10.1145\/3488932.3517408"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/2630069"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1111\/risa.13732"},{"key":"e_1_3_2_1_6_1","volume-title":"The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle. In 30th USENIX Security Symposium (USENIX Security 21)","author":"Alrawi Omar","year":"2021","unstructured":"Omar Alrawi, Charles Lever, Kevin Valakuzhy, Ryan Court, Kevin Snow, Fabian Monrose, and Manos Antonakakis. 2021. The Circle Of Life: A Large-Scale Study of The IoT Malware Lifecycle. In 30th USENIX Security Symposium (USENIX Security 21). USENIX Association, 3505\u20133522."},{"key":"e_1_3_2_1_7_1","volume-title":"Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17)","author":"Antonakakis Manos","year":"2017","unstructured":"Manos Antonakakis, Tim April, Michael Bailey, Matt Bernhard, Elie Bursztein, Jaime Cochran, Zakir Durumeric, J.\u00a0Alex Halderman, Luca Invernizzi, Michalis Kallitsis, Deepak Kumar, Chaz Lever, Zane Ma, Joshua Mason, Damian Menscher, Chad Seaman, Nick Sullivan, Kurt Thomas, and Yi Zhou. 2017. Understanding the Mirai Botnet. In 26th USENIX Security Symposium (USENIX Security 17). USENIX Association, Vancouver, BC, 1093\u20131110. https:\/\/www.usenix.org\/conference\/usenixsecurity17\/technical-sessions\/presentation\/antonakakis"},{"key":"e_1_3_2_1_8_1","volume-title":"International Conference on Emerging Security Information, Systems and Technologies.","author":"Arnaert Marc","year":"2016","unstructured":"Marc Arnaert, Yoann Bertrand, and Karima Boudaoud. 2016. Modeling Vulnerable Internet of Things on SHODAN and CENSYS : An Ontology for Cyber Security. In International Conference on Emerging Security Information, Systems and Technologies."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10796-006-9012-5"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/IOTSMS52051.2020.9340224"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1002\/sec.1262"},{"key":"e_1_3_2_1_12_1","volume-title":"Journal of Business & Finance Librarianship","author":"Bowman J","year":"2022","unstructured":"Laura\u00a0J Bowman. 2022. Statista. Journal of Business & Finance Librarianship (2022), 1\u20136."},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1835804.1835821"},{"key":"e_1_3_2_1_14_1","unstructured":"Peter Bruce and Andrew Bruce. 2017. Practical Statistics for Data Scientists. O\u2019Reilly Media."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1539-6924.2008.01142.x"},{"key":"e_1_3_2_1_16_1","volume-title":"Comparison of Akaike information criterion (AIC) and Bayesian information criterion (BIC) in selection of an asymmetric price relationship. Journal of Development and Agricultural Economics 2 (02","author":"De Henry","year":"2010","unstructured":"Henry De and Graft Acquah. 2010. Comparison of Akaike information criterion (AIC) and Bayesian information criterion (BIC) in selection of an asymmetric price relationship. Journal of Development and Agricultural Economics 2 (02 2010), 1\u20136."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"crossref","unstructured":"James Gareth Witten Daniela Hastie Trevor and Tibshirani Robert. 2013. An introduction to statistical learning: with applications in R. Spinger.","DOI":"10.1007\/978-1-4614-7138-7"},{"key":"e_1_3_2_1_18_1","volume-title":"A comparison of goodness-of-fit tests for the logistic regression model.Statistics in medicine 16 9","author":"Hosmer W.","year":"1997","unstructured":"David\u00a0W. Hosmer, Trina\u00a0A. Hosmer, Saskia le Cessie, and Stanley Lemeshow. 1997. A comparison of goodness-of-fit tests for the logistic regression model.Statistics in medicine 16 9 (1997), 965\u201380."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.5555\/3485754.3485760"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/ECRIME.2017.7945052"},{"key":"e_1_3_2_1_21_1","volume-title":"Article 20 (jul","author":"Jacobs Jay","year":"2021","unstructured":"Jay Jacobs, Sasha Romanosky, Benjamin Edwards, Idris Adjerid, and Michael Roytman. 2021. Exploit Prediction Scoring System (EPSS). Digital Threats 2, 3, Article 20 (jul 2021), 17\u00a0pages."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.5555\/1558977.1558997"},{"key":"e_1_3_2_1_23_1","volume-title":"Confounding and collinearity in regression analysis: a cautionary tale and an alternative procedure, illustrated by studies of British voting behaviour. Quality & quantity 52","author":"Johnston Ron","year":"2018","unstructured":"Ron Johnston, Kelvyn Jones, and David Manley. 2018. Confounding and collinearity in regression analysis: a cautionary tale and an alternative procedure, illustrated by studies of British voting behaviour. Quality & quantity 52 (2018), 1957\u20131976."},{"key":"e_1_3_2_1_24_1","unstructured":"David R.\u00a0Anderson Kenneth P.\u00a0Burnham. 2002. Model Selection and Inference: A Practical Information-Theoretic Approach."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/3196494.3196548"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","unstructured":"Platon Kotzias Leyla Bilge Pierre-Antoine Vervier and Juan Caballero. 2019. Mind Your Own Business: A Longitudinal Study of Threats and Vulnerabilities in Enterprises. https:\/\/doi.org\/10.14722\/ndss.2019.23522","DOI":"10.14722\/ndss.2019.23522"},{"key":"e_1_3_2_1_27_1","first-page":"21","article-title":"Quantitatively assessing and visualising industrial system attack surfaces. University of Cambridge","volume":"7","author":"Leverett P","year":"2011","unstructured":"Eireann\u00a0P Leverett. 2011. Quantitatively assessing and visualising industrial system attack surfaces. University of Cambridge, Darwin College 7 (2011), 21.","journal-title":"Darwin College"},{"key":"e_1_3_2_1_28_1","unstructured":"John Matherly. 2022. Shodan Search Engine. https:\/\/www.shodan.io\/dashboard."},{"key":"e_1_3_2_1_29_1","volume-title":"Applied logistic regression analysis. Number 106","author":"Menard Scott","unstructured":"Scott Menard. 2002. Applied logistic regression analysis. Number 106. Sage."},{"key":"e_1_3_2_1_30_1","unstructured":"MITRE. 2022. CVE - Common Vulnerabilities and Exposures (CVE). https:\/\/cve.mitre.org\/index.html."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329849"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.48"},{"key":"e_1_3_2_1_33_1","unstructured":"National Institute of Standards and Technology (NIST). 2021. National Vulnerability Database. https:\/\/nvd.nist.gov\/"},{"key":"e_1_3_2_1_34_1","unstructured":"National Institute of Standards and Technology (NIST). 2022. CVE-2014-8361. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2014-8361"},{"key":"e_1_3_2_1_35_1","unstructured":"National Institute of Standards and Technology (NIST). 2022. CVE-2017-17215. https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2017-17215."},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-11379-1_21"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1111\/ssqu.12273"},{"key":"e_1_3_2_1_38_1","volume-title":"International Journal of Computational Intelligence: Theory and Practice 3 (12","author":"Okhravi Hamed","year":"2008","unstructured":"Hamed Okhravi. 2008. Evaluation of patch management strategies. International Journal of Computational Intelligence: Theory and Practice 3 (12 2008)."},{"key":"e_1_3_2_1_39_1","volume-title":"IoTPOT: Analysing the Rise of IoT Compromises. In 9th USENIX Workshop on Offensive Technologies (WOOT 15)","author":"Minn\u00a0Pa Pa Yin","year":"2015","unstructured":"Yin Minn\u00a0Pa Pa, Shogo Suzuki, Katsunari Yoshioka, Tsutomu Matsumoto, Takahiro Kasama, and Christian Rossow. 2015. IoTPOT: Analysing the Rise of IoT Compromises. In 9th USENIX Workshop on Offensive Technologies (WOOT 15). USENIX Association, Washington, D.C.https:\/\/www.usenix.org\/conference\/woot15\/workshop-program\/presentation\/pa"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855711.1855737"},{"key":"e_1_3_2_1_41_1","unstructured":"Offensive Security. 2022. Exploit Database - Exploits for Penetration Testers Researchers and Ethical Hackers. https:\/\/www.exploit-db.com\/."},{"key":"e_1_3_2_1_42_1","unstructured":"Offensive Security. 2023. OptiLink ONT1GEW GPON 2.1.11_X101 Build 1127.190306 - Remote Code Execution. https:\/\/www.exploit-db.com\/exploits\/49955."},{"key":"e_1_3_2_1_43_1","volume-title":"SAS for mixed models: introduction and basic applications","author":"Stroup W","unstructured":"Walter\u00a0W Stroup, George\u00a0A Milliken, Elizabeth\u00a0A Claassen, and Russell\u00a0D Wolfinger. 2018. SAS for mixed models: introduction and basic applications. SAS Institute."},{"key":"e_1_3_2_1_44_1","volume-title":"Proceedings of the 13th Annual Workshop on the Economics of Information Security, WEIS 2014","author":"Tajalizadehkhoob ST","year":"2014","unstructured":"ST Tajalizadehkhoob, Hadi Asghari, Carlos Ga\u00f1\u00e1n, and MJG Van\u00a0Eeten. 2014. Why them? Extracting intelligence about target selection from Zeus financial malware. In Proceedings of the 13th Annual Workshop on the Economics of Information Security, WEIS 2014, State College (USA), June 23-24, 2014. WEIS."},{"key":"e_1_3_2_1_45_1","volume-title":"Quasi-Poisson vs. negative binomial regression: how should we model overdispersed count data?Ecology 88, 11","author":"Ver\u00a0Hoef M","year":"2007","unstructured":"Jay\u00a0M Ver\u00a0Hoef and Peter\u00a0L Boveng. 2007. Quasi-Poisson vs. negative binomial regression: how should we model overdispersed count data?Ecology 88, 11 (2007), 2766\u20132772."},{"key":"e_1_3_2_1_46_1","unstructured":"VirusTotal. 2020. VirusTotal Reference API | Files. https:\/\/developers.virustotal.com\/v3.0\/reference#files"},{"key":"e_1_3_2_1_47_1","unstructured":"Chris Wanstrath P.\u00a0J. Hyett Tom Preston-Werner and Scott Chacon. 2022. Github Database.https:\/\/github.com\/."},{"key":"e_1_3_2_1_48_1","unstructured":"Suzanne Widup Marc Spitler David Hylender and Gabriel Bassett. 2018. 2018 Verizon Data Breach Investigations Report."}],"event":{"name":"RAID 2023: The 26th International Symposium on Research in Attacks, Intrusions and Defenses","location":"Hong Kong China","acronym":"RAID 2023"},"container-title":["Proceedings of the 26th International Symposium on Research in Attacks, Intrusions and Defenses"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607241","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3607199.3607241","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T16:37:35Z","timestamp":1750178255000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3607199.3607241"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,10,16]]},"references-count":47,"alternative-id":["10.1145\/3607199.3607241","10.1145\/3607199"],"URL":"https:\/\/doi.org\/10.1145\/3607199.3607241","relation":{},"subject":[],"published":{"date-parts":[[2023,10,16]]},"assertion":[{"value":"2023-10-16","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}