乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2024,7,14]],"date-time":"2024-07-14T12:53:16Z","timestamp":1720961596189},"reference-count":55,"publisher":"Wiley","issue":"4","license":[{"start":{"date-parts":[[2019,8,29]],"date-time":"2019-08-29T00:00:00Z","timestamp":1567036800000},"content-version":"am","delay-in-days":365,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#am"},{"start":{"date-parts":[[2018,8,29]],"date-time":"2018-08-29T00:00:00Z","timestamp":1535500800000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1809000"],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100003725","name":"National Research Foundation of Korea","doi-asserted-by":"publisher","award":["2016K1A1A2912757"],"id":[{"id":"10.13039\/501100003725","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/501100002460","name":"Chung-Ang University","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100002460","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Trans Emerging Tel Tech"],"published-print":{"date-parts":[[2019,4]]},"abstract":"Abstract<\/jats:title>In this paper, we introduce DRIFT, a system for detecting command and control (C2) domain names in Internet of Things\u2013scale botnets. Using an intrinsic feature of malicious domain name queries prior to their registration (perhaps due to clock drift), we devise a difference\u2010based lightweight feature for malicious C2 domain name detection. Using NXDomain query and response of a popular malware, we establish the effectiveness of our detector with 99% accuracy and as early as more than 48 hours before they are registered. Our technique serves as a tool of detection where other techniques relying on entropy or domain generating algorithms reversing are impractical.<\/jats:p>","DOI":"10.1002\/ett.3505","type":"journal-article","created":{"date-parts":[[2018,8,30]],"date-time":"2018-08-30T07:20:24Z","timestamp":1535613624000},"update-policy":"http:\/\/dx.doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":6,"title":["Thriving on chaos: Proactive detection of command and control domains in internet of things\u2010scale botnets using DRIFT"],"prefix":"10.1002","volume":"30","author":[{"ORCID":"http:\/\/orcid.org\/0000-0003-0047-5156","authenticated-orcid":false,"given":"Jeffrey","family":"Spaulding","sequence":"first","affiliation":[{"name":"Computer Science Department University of Central Florida Orlando Florida"}]},{"given":"Jeman","family":"Park","sequence":"additional","affiliation":[{"name":"Computer Science Department University of Central Florida Orlando Florida"}]},{"given":"Joongheon","family":"Kim","sequence":"additional","affiliation":[{"name":"School of Software Chung\u2010Ang University Seoul South Korea"}]},{"given":"DaeHun","family":"Nyang","sequence":"additional","affiliation":[{"name":"Computer Science and Information Engineering Inha University Incheon South Korea"}]},{"given":"Aziz","family":"Mohaisen","sequence":"additional","affiliation":[{"name":"Computer Science Department University of Central Florida Orlando Florida"}]}],"member":"311","published-online":{"date-parts":[[2018,8,29]]},"reference":[{"key":"e_1_2_11_2_1","unstructured":"MiddletonP.Forecast analysis: Internet of Things\u2013endpoints worldwide 2016 update.2017.http:\/\/gtnr.it\/2oRo4aN"},{"key":"e_1_2_11_3_1","unstructured":"OWASP.OWASP Internet of Things (IoT) Project.http:\/\/bit.ly\/1k0dSrD"},{"key":"e_1_2_11_4_1","unstructured":"OVH.The DDoS that didn't break the camel's VAC.http:\/\/bit.ly\/2D36Ufm"},{"key":"e_1_2_11_5_1","unstructured":"AntonakakisM AprilT BaileyM et al.Understanding the Mirai botnet. In: Proceedings of the 26th USENIX Security Symposium;2017;Vancouver Canada."},{"key":"e_1_2_11_6_1","doi-asserted-by":"crossref","unstructured":"WangA MohaisenA ChenS.An adversary\u2010centric behavior modeling of DDoS attacks. In: Proceedings of the 2017 IEEE 37th International Conference on Distributed Computing Systems (ICDCS);2017;Atlanta GA.","DOI":"10.1109\/ICDCS.2017.213"},{"key":"e_1_2_11_7_1","doi-asserted-by":"crossref","unstructured":"KountourasA KintisP LeverC et al.Enabling network security through active DNS datasets. In: Proceedings of the 19th International Symposium on Research in Attacks Intrusions and Defenses (RAID);2016;Paris France.","DOI":"10.1007\/978-3-319-45719-2_9"},{"key":"e_1_2_11_8_1","unstructured":"HolubA ColfordP.The future is here \u2010 assaulting the Internet with Mirai.2017.http:\/\/bit.ly\/2oSkJrU"},{"key":"e_1_2_11_9_1","doi-asserted-by":"crossref","unstructured":"NadjiY AntonakakisM PerdisciR DagonD LeeW.Beheading hydras: performing effective botnet takedowns. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer and Communications Security (CCS);2013;Berlin Germany.","DOI":"10.1145\/2508859.2516749"},{"key":"e_1_2_11_10_1","doi-asserted-by":"crossref","unstructured":"LeverC KotziasP BalzarottiD CaballeroJ AntonakakisM.A lustrum of malware network communication: evolution and insights. Paper presented at: 2017 IEEE Symposium on Security and Privacy (SP);2017;San Jose CA.","DOI":"10.1109\/SP.2017.59"},{"key":"e_1_2_11_11_1","doi-asserted-by":"crossref","unstructured":"MohaisenA AlrawiO.Unveiling Zeus: automated classification of malware samples. In: Proceedings of the 22nd International Conference on World Wide Web (WWW);2013;Rio de Janeiro Brazil.","DOI":"10.1145\/2487788.2488056"},{"key":"e_1_2_11_12_1","doi-asserted-by":"crossref","unstructured":"YadavS ReddyAKK ReddyAL RanjanS.Detecting algorithmically generated malicious domain names. In: Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement (IMC);2010;Melbourne Australia.","DOI":"10.1145\/1879141.1879148"},{"key":"e_1_2_11_13_1","unstructured":"AntonakakisM PerdisciR NadjiY et al.From throw\u2010away traffic to bots: detecting the rise of DGA\u2010based malware. In: Proceedings of the 21st USENIX Conference on Security Symposium (Security);2012;Bellevue WA."},{"key":"e_1_2_11_14_1","unstructured":"ICANN.Registrar accreditation: history of the shared registry system.2015.http:\/\/bit.ly\/1NWexTL"},{"key":"e_1_2_11_15_1","unstructured":"ICANN.Domain name registration process.2017.https:\/\/go.icann.org\/2ymkyN9"},{"key":"e_1_2_11_16_1","doi-asserted-by":"crossref","unstructured":"ChangW MohaisenA WangA ChenS.Measuring botnets in the wild: some new trends. In: Proceedings of the 10th ACM Symposium on Information Computer and Communications Security (ASIACCS);2015;Singapore Singapore.","DOI":"10.1145\/2714576.2714637"},{"key":"e_1_2_11_17_1","doi-asserted-by":"crossref","unstructured":"WangA MohaisenA ChangW ChenS.Revealing DDoS attack dynamics behind the scenes. In: Proceedings of the International Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA);2015;Milan Italy.","DOI":"10.1007\/978-3-319-20550-2_11"},{"key":"e_1_2_11_18_1","doi-asserted-by":"crossref","unstructured":"WangA MohaisenA ChangW ChenS.Delving into Internet DDoS attacks by botnets: characterization and analysis. In: Proceedings of the 2015 45th Annual IEEE\/IFIP International Conference on Dependable Systems and Networks (DSN);2015;Rio de Janeiro Brazil.","DOI":"10.1109\/DSN.2015.47"},{"key":"e_1_2_11_19_1","doi-asserted-by":"publisher","DOI":"10.1016\/0167-8655(95)00093-3"},{"key":"e_1_2_11_20_1","doi-asserted-by":"crossref","unstructured":"HanE\u2010H KarypisG.Centroid\u2010based document classification: analysis and experimental results. In: Proceedings of the 4th European Conference on Principles of Data Mining and Knowledge Discovery (PKDD);2000;Lyon France.","DOI":"10.1007\/3-540-45372-5_46"},{"key":"e_1_2_11_21_1","doi-asserted-by":"crossref","unstructured":"ThomasM MohaisenA.Kindred domains: detecting and clustering botnet domains using DNS traffic. In: Proceedings of the 23rd International Conference on World Wide Web (WWW);2014;Seoul Korea.","DOI":"10.1145\/2567948.2579359"},{"key":"e_1_2_11_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2015.04.001"},{"key":"e_1_2_11_23_1","doi-asserted-by":"crossref","unstructured":"ShinS GuG.Conficker and beyond: a large\u2010scale empirical study. In: Proceedings of the 26th Annual Computer Security Applications Conference (ACSAC);2010;Austin TX.","DOI":"10.1145\/1920261.1920285"},{"key":"e_1_2_11_24_1","unstructured":"The Conficker Working Group.2012.http:\/\/bit.ly\/1kAYsJA"},{"key":"e_1_2_11_25_1","doi-asserted-by":"crossref","unstructured":"MockapetrisP.Domain names: implementation and specification (November 1987). RFC 1035.2004.","DOI":"10.17487\/rfc1035"},{"key":"e_1_2_11_26_1","doi-asserted-by":"crossref","unstructured":"AndrewsM.Negative caching of DNS queries (DNS NCACHE). RFC 2308.1998.","DOI":"10.17487\/rfc2308"},{"key":"e_1_2_11_27_1","unstructured":"JacksonJ.Why computers still struggle to tell the time.2015.http:\/\/bit.ly\/2BOW5R2"},{"key":"e_1_2_11_28_1","unstructured":"PorrasP Sa\u00efdiH YegneswaranV.A foray into Conficker's Logic and Rendezvous Points. In: Proceedings of the 2nd USENIX Conference on Large\u2010scale Exploits and Emergent Threats: Botnets Spyware Worms and More (LEET);2009;Boston MA."},{"key":"e_1_2_11_29_1","unstructured":"LederF WernerT.Know your enemy: containing Conficker.2009.http:\/\/bit.ly\/2ESrRQ1"},{"key":"e_1_2_11_30_1","unstructured":"NTP.org.Known operating system issues.http:\/\/support.ntp.org\/bin\/view\/Support\/KnownOsIssues"},{"key":"e_1_2_11_31_1","doi-asserted-by":"crossref","unstructured":"MalhotraA BrakkeE GoldbergS.Attacking the network time protocol. In: Proceedings of the Network and Distributed System Security Symposium (NDSS);2016;San Diego CA.","DOI":"10.14722\/ndss.2016.23090"},{"key":"e_1_2_11_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2013.091213.00134"},{"key":"e_1_2_11_33_1","unstructured":"PiscitelloD.Guidance for preparing domain name orders seizures & takedowns. Thought Paper.2012.https:\/\/go.icann.org\/2H1npLi"},{"key":"e_1_2_11_34_1","unstructured":"DagonD LeeC LeeW ProvosN.Corrupted DNS resolution paths: the rise of a malicious resolution authority. In: Proceedings of the Network and Distributed System Security Symposium (NDSS);2008;San Diego CA."},{"key":"e_1_2_11_35_1","doi-asserted-by":"crossref","unstructured":"ChungT ChoffnesD MisloveA.Tunneling for transparency: a large\u2010scale analysis of end\u2010to\u2010end violations in the Internet. In: Proceedings of the 2016 Internet Measurement Conference (IMC);2016;Santa Monica CA.","DOI":"10.1145\/2987443.2987455"},{"key":"e_1_2_11_36_1","doi-asserted-by":"publisher","DOI":"10.1016\/S1353-4858(07)70005-3"},{"key":"e_1_2_11_37_1","doi-asserted-by":"crossref","unstructured":"Stone\u2010GrossB CovaM CavallaroL. et al.Your botnet is my botnet: analysis of a botnet takeover. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS);2009;Chicago IL.","DOI":"10.1145\/1653662.1653738"},{"key":"e_1_2_11_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2011.2173486"},{"key":"e_1_2_11_39_1","unstructured":"RoyalP.Analysis of the kraken botnet.2008.http:\/\/www.flatland.tuxfamily.org\/repo\/papers_malwares\/KrakenWhitepaper.pdf"},{"key":"e_1_2_11_40_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2017.2668361"},{"key":"e_1_2_11_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/TNET.2012.2184552"},{"key":"e_1_2_11_42_1","unstructured":"BaraboschT WichmannA LederF Gerhards\u2010PadillaE.Automatic extraction of domain name generation algorithms from current malware. In: Proceedings of NATO Symposium IST\u2010111 on Information Assurance and Cyber Defense;2012;Koblenz Germany."},{"key":"e_1_2_11_43_1","doi-asserted-by":"crossref","unstructured":"GueridH MittigK SerhrouchniA.Privacy\u2010preserving domain\u2010flux botnet detection in a large scale network. In: 2013 Fifth International Conference on Communication Systems and Networks (COMSNETS);2013;Bangalore India.","DOI":"10.1109\/COMSNETS.2013.6465572"},{"key":"e_1_2_11_44_1","doi-asserted-by":"crossref","unstructured":"ZhangY ZhangY XiaoJ.Detecting the DGA\u2010based malicious domain names. In: Proceedings of the International Conference on Trustworthy Computing and Services (ISCTCS);2013;Beijing China.","DOI":"10.1007\/978-3-662-43908-1_17"},{"key":"e_1_2_11_45_1","doi-asserted-by":"crossref","unstructured":"HaddadiF Zincir\u2010HeywoodAN.Analyzing string format\u2010based classifiers for botnet detection: GP and SVM. In: Proceedings of the 2013 IEEE Congress on Evolutionary Computation (CEC);2013;Cancun Mexico.","DOI":"10.1109\/CEC.2013.6557886"},{"issue":"1","key":"e_1_2_11_46_1","first-page":"51","article-title":"Classification of malicious domain names using support vector machine and bi\u2010gram method","volume":"7","author":"Nhauo D","year":"2013","journal-title":"Int J Secur Appl"},{"key":"e_1_2_11_47_1","doi-asserted-by":"crossref","unstructured":"MowbrayM HagenJ.Finding domain\u2010generation algorithms by looking at length distribution. In: Proceedings of the 2014 IEEE International Symposium on Software Reliability Engineering Workshops (ISSREW);2014;Naples Italy.","DOI":"10.1109\/ISSREW.2014.20"},{"key":"e_1_2_11_48_1","doi-asserted-by":"crossref","unstructured":"SchiavoniS MaggiF CavallaroL ZaneroS.Phoenix: DGA\u2010based botnet tracking and intelligence. In: Proceedings of the International Conference on Detection of Intrusions and Malware and Vulnerability Assessment (DIMVA);2014;Egham UK.","DOI":"10.1007\/978-3-319-08509-8_11"},{"key":"e_1_2_11_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/2584679"},{"key":"e_1_2_11_50_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.diin.2014.11.001"},{"key":"e_1_2_11_51_1","doi-asserted-by":"crossref","unstructured":"GrillM NikolaevI ValerosV RehakM.Detecting DGA malware using NetFlow. In: Proceedings of the 2015 IFIP\/IEEE International Symposium on Integrated Network Management (IM);2015;Ottawa Canada.","DOI":"10.1109\/INM.2015.7140486"},{"key":"e_1_2_11_52_1","doi-asserted-by":"crossref","unstructured":"WangT\u2010S LinC\u2010S LinH\u2010T.DGA botnet detection utilizing social network analysis. In: Proceedings of the 2016 International Symposium on Computer Consumer and Control (IS3C);2016;Xi'an China.","DOI":"10.1109\/IS3C.2016.93"},{"key":"e_1_2_11_53_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2015.12.008"},{"key":"e_1_2_11_54_1","unstructured":"ZhangH GharaibehM ThanasoulasS PapadopoulosC.BotDigger: Detecting DGA bots in a single network. In: Proceedings of the IEEE International Workshop on Traffic Monitoring and Analaysis (TMA);2016;Louvain\u2010la\u2010Neuve Belgium."},{"key":"e_1_2_11_55_1","unstructured":"PlohmannD YakdanK KlattM BaderJ Gerhards\u2010PadillaE.A comprehensive measurement study of domain generating malware. In: Proceedings of the 25th USENIX Security Symposium;2016;Austin TX."},{"key":"e_1_2_11_56_1","doi-asserted-by":"crossref","unstructured":"WangT HuX JangJ JiS StoecklinM TaylorT.BotMeter: charting DGA\u2010botnet landscapes in large networks. In: 2016 IEEE 36th International Conference on Distributed Computing Systems (ICDCS);2016;Nara Japan.","DOI":"10.1109\/ICDCS.2016.77"}],"container-title":["Transactions on Emerging Telecommunications Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fett.3505","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/ett.3505","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1002\/ett.3505","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/am-pdf\/10.1002\/ett.3505","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/ett.3505","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,10]],"date-time":"2023-09-10T20:17:38Z","timestamp":1694377058000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/ett.3505"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,8,29]]},"references-count":55,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2019,4]]}},"alternative-id":["10.1002\/ett.3505"],"URL":"https:\/\/doi.org\/10.1002\/ett.3505","archive":["Portico"],"relation":{},"ISSN":["2161-3915","2161-3915"],"issn-type":[{"value":"2161-3915","type":"print"},{"value":"2161-3915","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,8,29]]},"assertion":[{"value":"2018-03-13","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-07-20","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-08-29","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}