{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T13:46:59Z","timestamp":1762004819340,"version":"build-2065373602"},"reference-count":26,"publisher":"IBM","issue":"4","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["IBM J. Res. &amp; Dev."],"published-print":{"date-parts":[[2016,7]]},"DOI":"10.1147\/jrd.2016.2557639","type":"journal-article","created":{"date-parts":[[2016,7,27]],"date-time":"2016-07-27T14:48:29Z","timestamp":1469630909000},"page":"3:1-3:14","source":"Crossref","is-referenced-by-count":9,"title":["Scalable analytics to detect DNS misuse for establishing stealthy communication channels"],"prefix":"10.1147","volume":"60","author":[{"given":"D. L.","family":"Schales","sequence":"first","affiliation":[{"name":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"}]},{"given":"J.","family":"Jang","sequence":"additional","affiliation":[{"name":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"}]},{"given":"T.","family":"Wang","sequence":"additional","affiliation":[{"name":"IBM Security Division, CTO Security Intelligence, Fredericton, NB, Canada"}]},{"given":"X.","family":"Hu","sequence":"additional","affiliation":[{"name":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"}]},{"given":"D.","family":"Kirat","sequence":"additional","affiliation":[{"name":"IBM Research Division, Thomas J. Watson Research Center, Yorktown Heights, NY, USA"}]},{"given":"B.","family":"Wuest","sequence":"additional","affiliation":[{"name":"IBM Security Division, CTO Security Intelligence, Fredericton, NB, Canada"}]},{"given":"M. Ph.","family":"Stoecklin","sequence":"additional","affiliation":[{"name":"IBM Research Division, IBM Thomas J. Watson Research Center, Yorktown Heights, NY, USA"}]}],"member":"3082","reference":[{"key":"ref10","doi-asserted-by":"publisher","DOI":"10.1109\/ICDE.2015.7113379"},{"key":"ref11","first-page":"226","article-title":"A density-based algorithm for discovering clusters in large spatial databases with noise","author":"ester","year":"0","journal-title":"Proc Int'l Conf Knowledge Discovery and Data Mining"},{"key":"ref12","first-page":"127","article-title":"Hyperloglog: The analysis of a near-optimal cardinality estimation algorithm","author":"flajolet","year":"0","journal-title":"Proc of AOFA"},{"key":"ref13","doi-asserted-by":"publisher","DOI":"10.1145\/2452376.2452456"},{"key":"ref14","first-page":"1","article-title":"Measuring and detecting fast-flux service networks","author":"holz","year":"0","journal-title":"Proc Symp NDSS"},{"key":"ref15","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-30633-4_20"},{"key":"ref16","first-page":"1","article-title":"Detecting malware domains at the upper DNS hierarchy","author":"antonakakis","year":"0","journal-title":"Proc USENIX"},{"key":"ref17","first-page":"491","article-title":"From throw-away traffic to bots: Detecting the rise of DGA-based malware","author":"antonakakis","year":"0","journal-title":"Proc USENIX"},{"key":"ref18","doi-asserted-by":"publisher","DOI":"10.1145\/2584679"},{"key":"ref19","doi-asserted-by":"publisher","DOI":"10.1109\/ccnc08.2007.112"},{"journal-title":"Know Your Enemy Containing Conficker To Tame a Malware","year":"2009","author":"leder","key":"ref4"},{"key":"ref3","doi-asserted-by":"publisher","DOI":"10.1145\/1653662.1653738"},{"journal-title":"GameOver Zeus Mutates Launches Attacks","year":"2014","key":"ref6"},{"journal-title":"On the Kraken and Bobax Botnets","year":"2008","author":"royal","key":"ref5"},{"journal-title":"NECURS The Malware That Breaks Your Security","year":"2014","key":"ref8"},{"journal-title":"Domain Name Generator for Murofet","year":"2010","author":"shevochenko","key":"ref7"},{"journal-title":"Ranbyus Banking Trojan Cousin of Zbot","year":"2015","key":"ref2"},{"key":"ref9","doi-asserted-by":"publisher","DOI":"10.1145\/1327452.1327492"},{"journal-title":"Srizbi's Domain Calculator","year":"2008","author":"shevochenko","key":"ref1"},{"key":"ref20","doi-asserted-by":"publisher","DOI":"10.1145\/1879141.1879148"},{"key":"ref22","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-08509-8_11"},{"journal-title":"Know Your Enemy Fast-Flux Service Networks","year":"0","author":"project","key":"ref21"},{"key":"ref24","first-page":"207","article-title":"Understanding the dark side of domain parking","author":"alrwais","year":"0","journal-title":"Proc 23rd USENIX Secur Symp"},{"key":"ref23","doi-asserted-by":"publisher","DOI":"10.1145\/2567948.2579359"},{"key":"ref26","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504753"},{"key":"ref25","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23053"}],"container-title":["IBM Journal of Research and Development"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/5288520\/7523342\/07523348.pdf?arnumber=7523348","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,20]],"date-time":"2025-10-20T17:55:20Z","timestamp":1760982920000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/7523348\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,7]]},"references-count":26,"journal-issue":{"issue":"4"},"URL":"https:\/\/doi.org\/10.1147\/jrd.2016.2557639","relation":{},"ISSN":["0018-8646","0018-8646"],"issn-type":[{"type":"print","value":"0018-8646"},{"type":"electronic","value":"0018-8646"}],"subject":[],"published":{"date-parts":[[2016,7]]}}}