{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,25]],"date-time":"2026-01-25T05:11:27Z","timestamp":1769317887888,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":38,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,11,6]],"date-time":"2024-11-06T00:00:00Z","timestamp":1730851200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100006374","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2235102"],"award-info":[{"award-number":["2235102"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100006374","name":"Office of Naval Research","doi-asserted-by":"publisher","award":["N00014-23-1-2538"],"award-info":[{"award-number":["N00014-23-1-2538"]}],"id":[{"id":"10.13039\/501100006374","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,11,6]]},"DOI":"10.1145\/3689932.3694766","type":"proceedings-article","created":{"date-parts":[[2024,11,22]],"date-time":"2024-11-22T06:24:01Z","timestamp":1732256641000},"page":"173-183","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":2,"title":["Using LLM Embeddings with Similarity Search for Botnet TLS Certificate Detection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4610-8255","authenticated-orcid":false,"given":"Kumar","family":"Shashwat","sequence":"first","affiliation":[{"name":"University of South Florida, Tampa, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-1357-6349","authenticated-orcid":false,"given":"Francis","family":"Hahn","sequence":"additional","affiliation":[{"name":"University of South Florida, Tampa, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4258-7853","authenticated-orcid":false,"given":"Stuart","family":"Millar","sequence":"additional","affiliation":[{"name":"Rapid7 LLC, Belfast, United Kingdom"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-2501-7991","authenticated-orcid":false,"given":"Xinming","family":"Ou","sequence":"additional","affiliation":[{"name":"University of South Florida, Tampa, United States"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,11,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"OWASP Top 10. 2024. ML10:2023 Model Poisoning. https:\/\/owasp.org\/www-project-machine-learning-security-top-10\/docs\/ML10_2023-Model_Poisoning. Accessed: 2024-07-04."},{"key":"e_1_3_2_1_2_1","unstructured":"Abuse.ch. 2024. SSLBL | Malicious SSL Certificates. https:\/\/sslbl.abuse.ch\/ssl-certificates\/. Accessed: 2024-06-09."},{"key":"e_1_3_2_1_3_1","unstructured":"Voyage AI. 2024. voyage-large-2-instruct: Instruction-tuned and rank 1 on MTEB. https:\/\/blog.voyageai.com\/2024\/05\/05\/voyage-large-2-instruct-instruction-tuned-and-rank-1-on-mteb. Accessed: 2024-07-02."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.3390\/jcp3030027"},{"key":"e_1_3_2_1_5_1","volume-title":"31st USENIX Security Symposium (USENIX Security 22)","author":"Alahmadi Bushra A.","year":"2022","unstructured":"Bushra A. Alahmadi, Louise Axon, and Ivan Martinovic. 2022. 99% False Positives: A Qualitative Study of SOC Analysts' Perspectives on Security Alarms. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2783--2800. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/alahmadi"},{"key":"e_1_3_2_1_6_1","volume-title":"Alexa Top 1 million","unstructured":"Amazon. 2024. Alexa Top 1 million. http:\/\/s3-us-west-1.amazonaws.com\/umbrella-static\/top-1m.csv.zip. Accessed: 2024-07-04."},{"key":"e_1_3_2_1_7_1","unstructured":"Manos Antonakakis Tim April Michael Bailey Matt Bernhard Elie Bursztein Jaime Cochran Zakir Durumeric J Alex Halderman Luca Invernizzi Michalis Kallitsis et al. 2017. Understanding the mirai botnet. In 26th USENIX security symposium (USENIX Security 17). 1093--1110."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/319709.319710"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2017.09.013"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1162\/tacl_a_00051"},{"key":"e_1_3_2_1_11_1","volume-title":"CharacterBERT: Reconciling ELMo and BERT for Word-Level Open-Vocabulary Representations From Characters. arxiv","author":"Boukkouri Hicham El","year":"2010","unstructured":"Hicham El Boukkouri, Olivier Ferret, Thomas Lavergne, Hiroshi Noji, Pierre Zweigenbaum, and Junichi Tsujii. 2020. CharacterBERT: Reconciling ELMo and BERT for Word-Level Open-Vocabulary Representations From Characters. arxiv: 2010.10392 [cs.CL] https:\/\/arxiv.org\/abs\/2010.10392"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1006\/jmps.1999.1279"},{"key":"e_1_3_2_1_13_1","volume-title":"BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. CoRR","author":"Devlin Jacob","year":"2018","unstructured":"Jacob Devlin, Ming-Wei Chang, Kenton Lee, and Kristina Toutanova. 2018. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. CoRR, Vol. abs\/1810.04805 (2018). [arXiv]1810.04805 http:\/\/arxiv.org\/abs\/1810.04805"},{"key":"e_1_3_2_1_14_1","unstructured":"OpenAI et al. 2024. GPT-4 Technical Report. arxiv: 2303.08774 [cs.CL] https:\/\/arxiv.org\/abs\/2303.08774"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECURWARE.2009.48"},{"key":"e_1_3_2_1_16_1","volume-title":"Deep learning","author":"Goodfellow Ian","unstructured":"Ian Goodfellow, Yoshua Bengio, and Aaron Courville. 2016. Deep learning. MIT press."},{"key":"e_1_3_2_1_17_1","volume-title":"USENIX Security Symposium","volume":"7","author":"Gu Guofei","year":"2007","unstructured":"Guofei Gu, Phillip A Porras, Vinod Yegneswaran, Martin W Fong, and Wenke Lee. 2007. BotHunter: Detecting malware infection through IDS-driven dialog correlation. In USENIX Security Symposium, Vol. 7. 1--16."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.5220\/0010516600002998"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1109\/TBDATA.2019.2921572"},{"key":"e_1_3_2_1_20_1","volume-title":"Malicons: detecting payload in favicons. Electronic Imaging: Media Watermarking, Security, and Forensics 2016 2016","author":"Ker A","year":"2016","unstructured":"A Ker, T Pevny, M Kopp, and J Kroustek. 2016. Malicons: detecting payload in favicons. Electronic Imaging: Media Watermarking, Security, and Forensics 2016 2016 (2016)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134002"},{"key":"e_1_3_2_1_22_1","volume-title":"Booters and Certificates: An Overview of TLS in the DDoS-as-a-Service Landscape. In 2nd International Conference on Advances in Computation, Communications and Services, ACCSE","author":"Kuhnert Benjamin","year":"2017","unstructured":"Benjamin Kuhnert, Jessica Steinberger, Harald Baier, Anna Sperotto, and Aiko Pras. 2017. Booters and Certificates: An Overview of TLS in the DDoS-as-a-Service Landscape. In 2nd International Conference on Advances in Computation, Communications and Services, ACCSE 2017. IARIA\/Thinkmind, 37."},{"key":"e_1_3_2_1_23_1","volume-title":"Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781","author":"Mikolov Tomas","year":"2013","unstructured":"Tomas Mikolov, Kai Chen, Greg Corrado, and Jeffrey Dean. 2013. Efficient estimation of word representations in vector space. arXiv preprint arXiv:1301.3781 (2013)."},{"key":"e_1_3_2_1_24_1","volume-title":"MTEB: Massive text embedding benchmark. arXiv preprint arXiv:2210.07316","author":"Muennighoff Niklas","year":"2022","unstructured":"Niklas Muennighoff, Nouamane Tazi, Lo\u00efc Magne, and Nils Reimers. 2022. MTEB: Massive text embedding benchmark. arXiv preprint arXiv:2210.07316 (2022)."},{"key":"e_1_3_2_1_25_1","volume-title":"28th USENIX Security Symposium (USENIX Security 19)","author":"Pendlebury Feargus","year":"2019","unstructured":"Feargus Pendlebury, Fabio Pierazzi, Roberto Jordaney, Johannes Kinder, and Lorenzo Cavallaro. 2019. TESSERACT: Eliminating experimental bias in malware classification across space and time. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 729--746. https:\/\/www.usenix.org\/conference\/usenixsecurity19\/presentation\/pendlebury"},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.3115\/v1\/D14-1162"},{"key":"e_1_3_2_1_27_1","volume-title":"25th USENIX Security Symposium (USENIX Security 16)","author":"Plohmann Daniel","year":"2016","unstructured":"Daniel Plohmann, Khaled Yakdan, Michael Klatt, Johannes Bader, and Elmar Gerhards-Padilla. 2016. A comprehensive measurement study of domain generating malware. In 25th USENIX Security Symposium (USENIX Security 16). 263--278."},{"key":"e_1_3_2_1_28_1","unstructured":"Rapid7. 2024. Project Sonar. https:\/\/www.rapid7.com\/research\/project-sonar\/. Accessed: 2024-08-01."},{"key":"e_1_3_2_1_29_1","unstructured":"Amazon Web Services. 2024. Amazon Titan Text Embeddings models. https:\/\/docs.aws.amazon.com\/bedrock\/latest\/userguide\/titan-embedding-models.html. Accessed: 2024-07-02."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00500-020-04963-z"},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3589334.3645719"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3270101.3270105"},{"key":"e_1_3_2_1_33_1","unstructured":"Pat Verga Sebastian Hofstatter Sophia Althammer Yixuan Su Aleksandra Piktus Arkady Arkhangorodsky Minjie Xu Naomi White and Patrick Lewis. 2024. Replacing Judges with Juries: Evaluating LLM Generations with a Panel of Diverse Models. arxiv: 2404.18796 [cs.CL] https:\/\/arxiv.org\/abs\/2404.18796"},{"key":"e_1_3_2_1_34_1","volume-title":"https:\/\/www.virustotal.com\/gui\/home\/search Retrieved","year":"2024","unstructured":"VirusTotal. 2023. https:\/\/www.virustotal.com\/gui\/home\/search Retrieved January, 2024 from"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.3390\/info6020183"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1155\/2021\/6640499"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3649506"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCSIT.2010.5563555"}],"event":{"name":"CCS '24: ACM SIGSAC Conference on Computer and Communications Security","location":"Salt Lake City UT USA","acronym":"CCS '24","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2024 Workshop on Artificial Intelligence and Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689932.3694766","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3689932.3694766","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,23]],"date-time":"2025-08-23T02:08:27Z","timestamp":1755914907000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3689932.3694766"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,11,6]]},"references-count":38,"alternative-id":["10.1145\/3689932.3694766","10.1145\/3689932"],"URL":"https:\/\/doi.org\/10.1145\/3689932.3694766","relation":{},"subject":[],"published":{"date-parts":[[2024,11,6]]},"assertion":[{"value":"2024-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}