{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,9]],"date-time":"2025-09-09T22:11:18Z","timestamp":1757455878664,"version":"3.44.0"},"publisher-location":"New York, NY, USA","reference-count":93,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,12,4]],"date-time":"2023-12-04T00:00:00Z","timestamp":1701648000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100006374","name":"NSF (National Science Foundation)","doi-asserted-by":"publisher","award":["CNS-2154962,CNS-2319421"],"award-info":[{"award-number":["CNS-2154962,CNS-2319421"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"publisher","award":["W911NF18C0019"],"award-info":[{"award-number":["W911NF18C0019"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,12,4]]},"DOI":"10.1145\/3627106.3627126","type":"proceedings-article","created":{"date-parts":[[2023,12,2]],"date-time":"2023-12-02T18:13:22Z","timestamp":1701540802000},"page":"565-579","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Global Analysis with Aggregation-based Beaconing Detection across Large Campus Networks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-3938-8838","authenticated-orcid":false,"given":"Yizhe","family":"Zhang","sequence":"first","affiliation":[{"name":"University of Virginia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7846-2649","authenticated-orcid":false,"given":"Hongying","family":"Dong","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8427-0670","authenticated-orcid":false,"given":"Alastair","family":"Nottingham","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0009-8288-0999","authenticated-orcid":false,"given":"Molly","family":"Buchanan","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9140-2632","authenticated-orcid":false,"given":"Donald E.","family":"Brown","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6650-4373","authenticated-orcid":false,"given":"Yixin","family":"Sun","sequence":"additional","affiliation":[{"name":"University of Virginia, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,12,4]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"crossref","unstructured":"Sebastian Abt and Harald Baier. 2014. Are we missing labels? A study of the availability of ground-truth in network security research. In 2014 third international workshop on building analysis datasets and gathering experience returns for security (badgers). IEEE 40\u201355.","DOI":"10.1109\/BADGERS.2014.11"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-23802-9_17"},{"key":"e_1_3_2_1_3_1","volume-title":"Perspectives on Security Alarms. In 31st USENIX Security Symposium (USENIX Security 22)","author":"Alahmadi A","year":"2022","unstructured":"Bushra\u00a0A Alahmadi, Louise Axon, and Ivan Martinovic. 2022. 99% False Positives: A Qualitative Study of { SOC} Analysts\u2019 Perspectives on Security Alarms. In 31st USENIX Security Symposium (USENIX Security 22). 2783\u20132800."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/NCA.2017.8171326"},{"key":"e_1_3_2_1_5_1","unstructured":"Ionut Arghire. 2022. QBot Malware Infects Over 800 Corporate Users in New Ongoing Campaign. https:\/\/www.securityweek.com\/qbot-malware-infects-over-800-corporate-users-new-ongoing-campaign\/."},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/GLOCOM.2009.5426172"},{"key":"e_1_3_2_1_7_1","unstructured":"Avast. 2023. Andromeda under the microscope.https:\/\/blog.avast.com\/andromeda-under-the-microscope."},{"key":"e_1_3_2_1_8_1","unstructured":"Avast. 2023. The Zeus Trojan \u2014 What It Is and How to Remove and Prevent it. https:\/\/www.avast.com\/c-zeus."},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/CATCH.2009.40"},{"key":"e_1_3_2_1_10_1","volume-title":"Remixmatch: Semi-supervised learning with distribution alignment and augmentation anchoring. arXiv preprint arXiv:1911.09785","author":"Berthelot David","year":"2019","unstructured":"David Berthelot, Nicholas Carlini, Ekin\u00a0D Cubuk, Alex Kurakin, Kihyuk Sohn, Han Zhang, and Colin Raffel. 2019. Remixmatch: Semi-supervised learning with distribution alignment and augmentation anchoring. arXiv preprint arXiv:1911.09785 (2019)."},{"key":"e_1_3_2_1_11_1","volume-title":"Mixmatch: A holistic approach to semi-supervised learning. arXiv preprint arXiv:1905.02249","author":"Berthelot David","year":"2019","unstructured":"David Berthelot, Nicholas Carlini, Ian Goodfellow, Nicolas Papernot, Avital Oliver, and Colin Raffel. 2019. Mixmatch: A holistic approach to semi-supervised learning. arXiv preprint arXiv:1905.02249 (2019)."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/2420950.2420969"},{"key":"e_1_3_2_1_13_1","volume-title":"EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.. In Ndss. 1\u201317.","author":"Bilge Leyla","year":"2011","unstructured":"Leyla Bilge, Engin Kirda, Christopher Kruegel, and Marco Balduzzi. 2011. EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.. In Ndss. 1\u201317."},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(20)30030-1"},{"key":"e_1_3_2_1_15_1","volume-title":"Random forests. Machine learning 45","author":"Breiman Leo","year":"2001","unstructured":"Leo Breiman. 2001. Random forests. Machine learning 45 (2001), 5\u201332."},{"key":"e_1_3_2_1_16_1","unstructured":"CISA. 2020. Qbot\/Qakbot Malware Report. https:\/\/www.cisa.gov\/stopransomware\/qbotqakbot-malware-report."},{"key":"e_1_3_2_1_17_1","volume-title":"Botnets: The dark side of cloud computing. Technical Report. Technical Report, Bostan, USA.","author":"Comazzetto Angelo","year":"2011","unstructured":"Angelo Comazzetto. 2011. Botnets: The dark side of cloud computing. Technical Report. Technical Report, Bostan, USA."},{"key":"e_1_3_2_1_18_1","unstructured":"AT&T Cybersecurity. 2021. Stories from the SOC \u2013 Beaconing Activity.https:\/\/cybersecurity.att.com\/blogs\/security-essentials\/stories-from-the-soc-beaconing-activity."},{"key":"e_1_3_2_1_19_1","volume-title":"MORTON: Detection of Malicious Routines in Large-Scale DNS Traffic. In European Symposium on Research in Computer Security. Springer, 736\u2013756","author":"Daihes Yael","year":"2021","unstructured":"Yael Daihes, Hen Tzaban, Asaf Nadler, and Asaf Shabtai. 2021. MORTON: Detection of Malicious Routines in Large-Scale DNS Traffic. In European Symposium on Research in Computer Security. Springer, 736\u2013756."},{"key":"e_1_3_2_1_20_1","volume-title":"Analysis of a greedy active learning strategy. Advances in neural information processing systems 17","author":"Dasgupta Sanjoy","year":"2005","unstructured":"Sanjoy Dasgupta. 2005. Analysis of a greedy active learning strategy. Advances in neural information processing systems 17 (2005), 337\u2013344."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/TKDE.2005.114"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDM.2005.152"},{"key":"e_1_3_2_1_23_1","volume-title":"Top 10 Malware","author":"Center for Internet\u00a0Security. 2022.","year":"2022","unstructured":"Center for Internet\u00a0Security. 2022. Top 10 Malware September 2022. https:\/\/www.cisecurity.org\/insights\/blog\/top-10-malware-september-2022."},{"key":"e_1_3_2_1_24_1","unstructured":"Sean Gallagher. 2021. Nearly half of malware now use TLS to conceal communications. https:\/\/news.sophos.com\/en-us\/2021\/04\/21\/nearly-half-of-malware-now-use-tls-to-conceal-communications."},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-04342-0_17"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/1654988.1655002"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1654988.1655002"},{"key":"e_1_3_2_1_28_1","volume-title":"USENIX Security Symposium, Vol.\u00a07. 1\u201316","author":"Gu Guofei","year":"2007","unstructured":"Guofei Gu, Phillip\u00a0A Porras, Vinod Yegneswaran, Martin\u00a0W Fong, and Wenke Lee. 2007. Bothunter: Detecting malware infection through ids-driven dialog correlation.. In USENIX Security Symposium, Vol.\u00a07. 1\u201316."},{"key":"e_1_3_2_1_29_1","unstructured":"Guofei Gu Junjie Zhang and Wenke Lee. 2008. BotSniffer: Detecting botnet command and control channels in network traffic. (2008)."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2022.102810"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"crossref","unstructured":"Yuhong Guo and Russell Greiner. 2007. Optimistic active-learning using mutual information.. In IJCAI Vol.\u00a07. 823\u2013829.","DOI":"10.1049\/cp:20070277"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/MASCOTS.2018.00025"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/DSN.2016.50"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1098\/rspa.1998.0193"},{"key":"e_1_3_2_1_35_1","unstructured":"Dan Hubbard. 2022. Cisco Umbrella The Cisco Umbrella 1 Million. https:\/\/umbrella.cisco.com\/blog\/cisco-umbrella-1-million\/"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2016.7888733"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2016.7739581"},{"key":"e_1_3_2_1_38_1","unstructured":"Hybrid-Analysis. 2023. Hybrid-Analysis. https:\/\/www.hybrid-analysis.com."},{"key":"e_1_3_2_1_39_1","unstructured":"SANS Institute. 2019. Common and Best Practices for Security Operations Centers: Results of the 2019 SOC Survey. https:\/\/www.sans.org\/media\/analyst-program\/common-practices-security-operations-centers-results-2019-soc-survey-39060.pdf."},{"volume-title":"ASEAN Cyberthreat Assessment","year":"2020","key":"e_1_3_2_1_40_1","unstructured":"Interpol. 2020. ASEAN Cyberthreat Assessment 2020.https:\/\/www.interpol.int\/content\/download\/14922\/file\/ASEAN_CyberThreatAssessment_2020.pdf."},{"key":"e_1_3_2_1_41_1","volume-title":"A bayesian approach toward active learning for collaborative filtering. arXiv preprint arXiv:1207.4146","author":"Jin Rong","year":"2012","unstructured":"Rong Jin and Luo Si. 2012. A bayesian approach toward active learning for collaborative filtering. arXiv preprint arXiv:1207.4146 (2012)."},{"volume-title":"Last accessed","year":"2023","key":"e_1_3_2_1_42_1","unstructured":"Kaspersky. Last accessed: 2023. What\u2019s behind APT29?https:\/\/www.kaspersky.com\/enterprise-security\/mitre\/apt29."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.091213.00134"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11390-020-9487-4"},{"key":"e_1_3_2_1_45_1","unstructured":"Malwarebytes Labs. 2023. Backdoor.NJRat. https:\/\/blog.malwarebytes.com\/detections\/216-21-13-15\/."},{"key":"e_1_3_2_1_46_1","unstructured":"Malwarebytes Labs. 2023. Detections 216.21.13.14. https:\/\/blog.malwarebytes.com\/detections\/216-21-13-14\/."},{"key":"e_1_3_2_1_47_1","unstructured":"Malwarebytes Labs. 2023. Detections 216.21.13.15. https:\/\/blog.malwarebytes.com\/detections\/216-21-13-15\/."},{"key":"e_1_3_2_1_48_1","volume-title":"Temporal ensembling for semi-supervised learning. arXiv preprint arXiv:1610.02242","author":"Laine Samuli","year":"2016","unstructured":"Samuli Laine and Timo Aila. 2016. Temporal ensembling for semi-supervised learning. arXiv preprint arXiv:1610.02242 (2016)."},{"key":"e_1_3_2_1_49_1","volume-title":"Workshop on challenges in representation learning, ICML, Vol.\u00a03. 896","author":"Lee Dong-Hyun","year":"2013","unstructured":"Dong-Hyun Lee 2013. Pseudo-label: The simple and efficient semi-supervised learning method for deep neural networks. In Workshop on challenges in representation learning, ICML, Vol.\u00a03. 896."},{"key":"e_1_3_2_1_50_1","volume-title":"An active learning based TCM-KNN algorithm for supervised network intrusion detection. Computers & security 26, 7-8","author":"Li Yang","year":"2007","unstructured":"Yang Li and Li Guo. 2007. An active learning based TCM-KNN algorithm for supervised network intrusion detection. Computers & security 26, 7-8 (2007), 459\u2013467."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1835804.1835942"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/2339530.2339604"},{"key":"e_1_3_2_1_53_1","unstructured":"MalwareBytes. 2023. MalwareBytes. https:\/\/www.malwarebytes.com\/."},{"volume-title":"Threat Encyclopedia - CONFICKER. https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/conficker","author":"Micro Trend","key":"e_1_3_2_1_54_1","unstructured":"Trend Micro. 2014. Threat Encyclopedia - CONFICKER. https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/conficker."},{"key":"e_1_3_2_1_55_1","volume-title":"Virtual adversarial training: a regularization method for supervised and semi-supervised learning","author":"Miyato Takeru","year":"2018","unstructured":"Takeru Miyato, Shin-ichi Maeda, Masanori Koyama, and Shin Ishii. 2018. Virtual adversarial training: a regularization method for supervised and semi-supervised learning. IEEE transactions on pattern analysis and machine intelligence 41, 8 (2018), 1979\u20131993."},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/MALWARE.2008.4690854"},{"key":"e_1_3_2_1_57_1","unstructured":"Neo4j. 2023. Neo4j Graph Data Platform. https:\/\/www.neo4j.com\/."},{"key":"e_1_3_2_1_58_1","volume-title":"Sentinel: A Multi-institution Enterprise Scale Platform for Data-driven Cybersecurity Research. In 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW)","author":"Nottingham Alastair","year":"2022","unstructured":"Alastair Nottingham, Molly Buchanan, Mark Gardner, Jason Hiser, and Jack Davidson. 2022. Sentinel: A Multi-institution Enterprise Scale Platform for Data-driven Cybersecurity Research. In 2022 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW). IEEE, 252\u2013257."},{"key":"e_1_3_2_1_59_1","volume-title":"Discrimination between ictal and seizure-free EEG signals using empirical mode decomposition. Research Letters in Signal Processing 2008","author":"Pachori Ram\u00a0Bilas","year":"2008","unstructured":"Ram\u00a0Bilas Pachori. 2008. Discrimination between ictal and seizure-free EEG signals using empirical mode decomposition. Research Letters in Signal Processing 2008 (2008)."},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3355369.3355585"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jneumeth.2011.04.013"},{"key":"e_1_3_2_1_62_1","unstructured":"Phillip Porras Hassen Saidi and Vinod Yegneswaran. 2009. An analysis of conficker\u2019s logic and rendezvous points. Computer Science Laboratory SRI International Tech. Rep 36 (2009)."},{"key":"e_1_3_2_1_63_1","unstructured":"Aria\u00a0Ghora Prabono. 2022. Unofficial Implementation of RobustPeriod: Time-Frequency Mining for Robust Multiple Periodicities Detection. https:\/\/github.com\/ariaghora\/robust-period"},{"key":"e_1_3_2_1_64_1","volume-title":"International Workshop on Advanced Analysis and Learning on Temporal Data. Springer, 43\u201354","author":"Puech Tom","year":"2019","unstructured":"Tom Puech, Matthieu Boussard, Anthony D\u2019Amato, and Ga\u00ebtan Millerand. 2019. A fully automated periodicity detection in time series. In International Workshop on Advanced Analysis and Learning on Temporal Data. Springer, 43\u201354."},{"key":"e_1_3_2_1_65_1","unstructured":"Check\u00a0Point Research. 2020. Exploring QBot\u2019s latest attack methods.https:\/\/research.checkpoint.com\/2020\/exploring-qbots-latest-attack-methods."},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1109\/97.700917"},{"key":"e_1_3_2_1_67_1","volume-title":"Regularization with stochastic transformations and perturbations for deep semi-supervised learning. Advances in neural information processing systems 29","author":"Sajjadi Mehdi","year":"2016","unstructured":"Mehdi Sajjadi, Mehran Javanmardi, and Tolga Tasdizen. 2016. Regularization with stochastic transformations and perturbations for deep semi-supervised learning. Advances in neural information processing systems 29 (2016), 1163\u20131171."},{"key":"e_1_3_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCB.2005.843274"},{"key":"e_1_3_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/IRI.2010.5558967"},{"key":"e_1_3_2_1_70_1","unstructured":"Burr Settles. 2009. Active learning literature survey. (2009)."},{"key":"e_1_3_2_1_71_1","volume-title":"Multiple-instance active learning. Advances in neural information processing systems 20","author":"Settles Burr","year":"2007","unstructured":"Burr Settles, Mark Craven, and Soumya Ray. 2007. Multiple-instance active learning. Advances in neural information processing systems 20 (2007), 1289\u20131296."},{"key":"e_1_3_2_1_72_1","volume-title":"18th International Conference on Computational Intelligence in Security Information Systems. WASET.","author":"Shalaginov Andrii","year":"2016","unstructured":"Andrii Shalaginov, Katrin Franke, and Xiongwei Huang. 2016. Malware beaconing detection by mining large-scale dns logs for targeted attack identification. In 18th International Conference on Computational Intelligence in Security Information Systems. WASET."},{"key":"e_1_3_2_1_73_1","volume-title":"Fixmatch: Simplifying semi-supervised learning with consistency and confidence. arXiv preprint arXiv:2001.07685","author":"Sohn Kihyuk","year":"2020","unstructured":"Kihyuk Sohn, David Berthelot, Chun-Liang Li, Zizhao Zhang, Nicholas Carlini, Ekin\u00a0D Cubuk, Alex Kurakin, Han Zhang, and Colin Raffel. 2020. Fixmatch: Simplifying semi-supervised learning with consistency and confidence. arXiv preprint arXiv:2001.07685 (2020)."},{"key":"e_1_3_2_1_74_1","unstructured":"DO SON. 2018. New malware uses specially crafted UDP protocol for C&C Communications. https:\/\/securityonline.info\/new-malware-uses-specially-crafted-udp-protocol-for-cc-communications\/."},{"key":"e_1_3_2_1_75_1","unstructured":"STINGAR. 2023. Shared Threat Intelligence for Network Gatekeeping and Automated Response. https:\/\/stingar.security.duke.edu\/."},{"key":"e_1_3_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2010.10.009"},{"key":"e_1_3_2_1_77_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30507-8_13"},{"key":"e_1_3_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/2413176.2413217"},{"key":"e_1_3_2_1_79_1","unstructured":"ThreatCrowd. 2023. ThreatCrowd. https:\/\/www.threatcrowd.org\/."},{"key":"e_1_3_2_1_80_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jisa.2019.102388"},{"key":"e_1_3_2_1_81_1","unstructured":"VirusTotal. 2023. VirusTotal. https:\/\/www.virustotal.com\/."},{"key":"e_1_3_2_1_82_1","doi-asserted-by":"publisher","DOI":"10.1137\/1.9781611972757.40"},{"key":"e_1_3_2_1_83_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR46437.2021.01071"},{"key":"e_1_3_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1145\/3448016.3452779"},{"key":"e_1_3_2_1_85_1","volume-title":"Unsupervised data augmentation for consistency training. arXiv preprint arXiv:1904.12848","author":"Xie Qizhe","year":"2019","unstructured":"Qizhe Xie, Zihang Dai, Eduard Hovy, Minh-Thang Luong, and Quoc\u00a0V Le. 2019. Unsupervised data augmentation for consistency training. arXiv preprint arXiv:1904.12848 (2019)."},{"key":"e_1_3_2_1_86_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01070"},{"key":"e_1_3_2_1_87_1","doi-asserted-by":"publisher","DOI":"10.1109\/MWC.2017.1800079"},{"key":"e_1_3_2_1_88_1","doi-asserted-by":"publisher","DOI":"10.1109\/COMPSAC.2018.10313"},{"key":"e_1_3_2_1_89_1","unstructured":"Zeek. 2023. An Open Source Network Security Monitoring Tool. https:\/\/zeek.org\/."},{"key":"e_1_3_2_1_90_1","unstructured":"Zeek. 2023. Zeek Dynamic Protocol Detection. https:\/\/docs.zeek.org\/en\/master\/logs\/dpd.html."},{"key":"e_1_3_2_1_91_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCEE.2009.151"},{"key":"e_1_3_2_1_92_1","unstructured":"Kim Zetter. 2014. Sony Got Hacked Hard: What We Know and Don\u2019t Know So Far. https:\/\/www.wired.com\/2014\/12\/sony-hack-what-we-know."},{"key":"e_1_3_2_1_93_1","volume-title":"USENIX Security Symposium. 2361\u20132378","author":"Zhu Shuofei","year":"2020","unstructured":"Shuofei Zhu, Jianjun Shi, Limin Yang, Boqin Qin, Ziyi Zhang, Linhai Song, and Gang Wang. 2020. Measuring and Modeling the Label Dynamics of Online Anti-Malware Engines.. In USENIX Security Symposium. 2361\u20132378."}],"event":{"name":"ACSAC '23: Annual Computer Security Applications Conference","acronym":"ACSAC '23","location":"Austin TX USA"},"container-title":["Annual Computer Security Applications Conference"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627126","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3627106.3627126","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T17:38:30Z","timestamp":1755884310000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627106.3627126"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,12,4]]},"references-count":93,"alternative-id":["10.1145\/3627106.3627126","10.1145\/3627106"],"URL":"https:\/\/doi.org\/10.1145\/3627106.3627126","relation":{},"subject":[],"published":{"date-parts":[[2023,12,4]]},"assertion":[{"value":"2023-12-04","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}