乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2023,9,16]],"date-time":"2023-09-16T06:40:57Z","timestamp":1694846457070},"reference-count":30,"publisher":"Wiley","issue":"6","license":[{"start":{"date-parts":[[2019,12,5]],"date-time":"2019-12-05T00:00:00Z","timestamp":1575504000000},"content-version":"am","delay-in-days":399,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#am"},{"start":{"date-parts":[[2018,12,5]],"date-time":"2018-12-05T00:00:00Z","timestamp":1543968000000},"content-version":"vor","delay-in-days":34,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF\u201013\u20101\u20100421"],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["Security and Privacy"],"published-print":{"date-parts":[[2018,11]]},"abstract":"Malicious actors use networks of compromised and remotely controlled hosts, known as botnets, to execute different classes of cyberattacks, including exfiltration of sensitive data. Recently, we have observed a trend toward more resilient botnet architectures, departing from traditional centralized architectures and enabling botnets to evade detection and persist in a system indefinitely. Botnets can achieve resilience through architectural stealth, by establishing overlay networks that minimize exposure of malicious traffic to detectors. To address this problem, we propose a novel network\u2010based detection scheme, called DeBot, which identifies traffic flows associated with exfiltration attempts. The proposed solution intercepts traffic from different monitoring points and leverages differences in the network behavior of botnets and benign users to identify suspicious flows. To this aim, we first develop a mechanism to identify monitoring points that are likely to intercept a significant volume of malicious traffic. Then, we analyze flow characteristics to identify suspicious hosts and use periodogram analysis to identify malicious flows originating from those hosts. We evaluate the proposed approach against different botnets in the CyberVAN testbed and compare its performance against state\u2010of\u2010the\u2010art detection techniques. The results indicate that DeBot is effective in detecting botnet activity, thus enabling the identification and removal of bots.<\/jats:p>","DOI":"10.1002\/spy2.51","type":"journal-article","created":{"date-parts":[[2018,12,6]],"date-time":"2018-12-06T02:10:49Z","timestamp":1544062249000},"update-policy":"http:\/\/dx.doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["DeBot: A novel network\u2010based mechanism to detect exfiltration by architectural stealthy botnets"],"prefix":"10.1002","volume":"1","author":[{"given":"Sridhar","family":"Venkatesan","sequence":"first","affiliation":[{"name":"Perspecta Labs Basking Ridge New Jersey"}]},{"ORCID":"http:\/\/orcid.org\/0000-0002-2675-5810","authenticated-orcid":false,"given":"Massimiliano","family":"Albanese","sequence":"additional","affiliation":[{"name":"Center for Secure Information Systems George Mason University Fairfax Virginia"}]},{"given":"Cho\u2010Yu Jason","family":"Chiang","sequence":"additional","affiliation":[{"name":"Perspecta Labs Basking Ridge New Jersey"}]},{"given":"Angelo","family":"Sapello","sequence":"additional","affiliation":[{"name":"Perspecta Labs Basking Ridge New Jersey"}]},{"given":"Ritu","family":"Chadha","sequence":"additional","affiliation":[{"name":"Perspecta Labs Basking Ridge New Jersey"}]}],"member":"311","published-online":{"date-parts":[[2018,12,5]]},"reference":[{"key":"e_1_2_12_2_1","unstructured":"GuG PerdisciR ZhangJ LeeW. BotMiner: clustering analysis of network traffic for protocol\u2010 and structure\u2010independent botnet detection. Paper presented at: 139\u2010154USENIX Association 2008; San Jose CA."},{"key":"e_1_2_12_3_1","doi-asserted-by":"crossref","unstructured":"ZhangJ LuoX PerdisciR GuG LeeW FeamsterN. Boosting the scalability of botnet detection using adaptive traffic sampling. Paper presented at: 124\u2010134ACM;2011; Hong Kong China.","DOI":"10.1145\/1966913.1966930"},{"key":"e_1_2_12_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/TIFS.2013.2290197"},{"key":"e_1_2_12_5_1","unstructured":"MarionM PaulK FengminG.POS malware revisited\u2014look what we found inside your Cashdesk.cyphort labs special report: Cyphort Inc.;2014."},{"key":"e_1_2_12_6_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2382590"},{"key":"e_1_2_12_7_1","unstructured":"Kaspersky Labs. Kaspersky lab and ITU research reveals new advanced cyber threat; 2012.https:\/\/usa.kaspersky.com\/about\/press\u2010releases\/2012_kaspersky\u2010lab\u2010and\u2010itu\u2010research\u2010reveals\u2010new\u2010advanced\u2010cyber\u2010threat. Accessed September 2012."},{"key":"e_1_2_12_8_1","volume-title":"APT1: Exposing One of China's Cyber Espionage Units","year":"2013"},{"key":"e_1_2_12_9_1","doi-asserted-by":"crossref","unstructured":"ChadhaR BowenT ChiangC\u2010YJ et al. CyberVAN: a cyber security virtual assured network testbed. Paper presented at: 1125\u20101130IEEE; 2016; Baltimore MD.","DOI":"10.1109\/MILCOM.2016.7795481"},{"key":"e_1_2_12_10_1","doi-asserted-by":"crossref","unstructured":"VenkatesanS AlbaneseM CybenkoG JajodiaS. A moving target defense approach to disrupting stealthy botnets. Paper presented at: 37\u201046ACM;2016; Vienna Austria.","DOI":"10.1145\/2995272.2995280"},{"key":"e_1_2_12_11_1","doi-asserted-by":"crossref","unstructured":"AnkerstM BreunigMM KriegelH\u2010P SanderJ. OPTICS: ordering points to identify the clustering structure. Paper presented at: 49\u201060ACM;1999; Philadelphia PA.","DOI":"10.1145\/304181.304187"},{"key":"e_1_2_12_12_1","doi-asserted-by":"crossref","unstructured":"RossowC AndriesseD WernerT et al. SoK: P2PWNED\u2014modeling and evaluating the resilience of peer\u2010to\u2010peer botnets. Paper presented at: 97\u2010111IEEE;2013; Berkeley CA.","DOI":"10.1109\/SP.2013.17"},{"key":"e_1_2_12_13_1","unstructured":"Merritt Eric. New POS malware emerges\u2014Punkey; 2015.https:\/\/www.trustwave.com\/Resources\/SpiderLabs\u2010Blog\/New\u2010POS\u2010Malware\u2010Emerges\u2010\u2010\u2010Punkey. Accessed September 2012."},{"key":"e_1_2_12_14_1","volume-title":"Introduction to Spectral Analysis","author":"Stoica P","year":"1997"},{"key":"e_1_2_12_15_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2014.05.011"},{"key":"e_1_2_12_16_1","doi-asserted-by":"publisher","DOI":"10.1086\/160554"},{"key":"e_1_2_12_17_1","volume-title":"Significance Tests for Periodogram Peaks","author":"Frescura F. A. M."},{"key":"e_1_2_12_18_1","doi-asserted-by":"crossref","unstructured":"VlachosM YuP CastelliV. On periodicity detection and structural periodic similarity. Paper presented at: 449\u2010460SIAM;2005; Newport Beach CA.","DOI":"10.1137\/1.9781611972757.40"},{"key":"e_1_2_12_19_1","doi-asserted-by":"crossref","unstructured":"GlasserJ LindauerB. Bridging the gap: a pragmatic approach to generating insider threat data. Paper presented at: 98\u2010104IEEE;2013; San Francisco CA.","DOI":"10.1109\/SPW.2013.37"},{"key":"e_1_2_12_20_1","doi-asserted-by":"crossref","unstructured":"SapelloA SerbanC ChadhaR IzmailovR. Application of learning using privileged information (LUPI): botnet detection. Paper presented at: IEEE;2017; Vancouver BC Canada.","DOI":"10.1109\/ICCCN.2017.8038523"},{"key":"e_1_2_12_21_1","doi-asserted-by":"crossref","unstructured":"BowenT PoylisherA SerbanC et al. Enabling reproducible cyber research\u2014four labeled datasets. Paper presented at: 539\u2010544IEEE;2016; Baltimore MD.","DOI":"10.1109\/MILCOM.2016.7795383"},{"key":"e_1_2_12_22_1","unstructured":"AvivAJ HaeberlenA. Challenges in experimenting with botnet detection systems. Paper presented at: USENIX Association;2011; San Francisco CA."},{"key":"e_1_2_12_23_1","unstructured":"Stratosphere Lab. Stratosphere IPS project datasets.https:\/\/www.stratosphereips.org\/datasets\u2010overview\/."},{"key":"e_1_2_12_24_1","unstructured":"AntonakakisM PerdisciR NadjiY et al. From throw\u2010away traffic to bots: detecting the rise of DGA\u2010based malware. Paper presented at: 491\u2010506USENIX Association;2012; Bellevue WA."},{"key":"e_1_2_12_25_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.comnet.2015.12.008"},{"key":"e_1_2_12_26_1","volume-title":"BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic","author":"Gu G","year":"2008"},{"key":"e_1_2_12_27_1","doi-asserted-by":"crossref","unstructured":"ChoiH LeeH KimH. BotGAD: detecting botnets by capturing group activities in network traffic. Paper presented at: ACM;2009; Dublin Ireland.","DOI":"10.1145\/1621890.1621893"},{"key":"e_1_2_12_28_1","unstructured":"BeigiEB JaziHH StakhanovaN GhorbaniAA. Towards effective feature selection in machine learning\u2010based botnet detection approaches. Paper presented at: 247\u2010255IEEE;2014; San Francisco CA."},{"key":"e_1_2_12_29_1","volume-title":"Monitoring Stealthy Network Conversations with Sampled Traffic","author":"Ramachandran A","year":"2006"},{"key":"e_1_2_12_30_1","doi-asserted-by":"crossref","unstructured":"HuX JangJ StoecklinMPH et al. BAYWATCH: robust beaconing detection to identify infected hosts in large\u2010scale enterprise networks. Paper presented at: 479\u2010490IEEE;2016; Toulouse France.","DOI":"10.1109\/DSN.2016.50"},{"key":"e_1_2_12_31_1","unstructured":"GoodfellowIJ ShlensJ SzegedyC. Explaining and harnessing adversarial examples; 2015.https:\/\/arxiv.org\/abs\/1412.6572v3. Accessed September 2012."}],"container-title":["SECURITY AND PRIVACY"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fspy2.51","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spy2.51","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1002\/spy2.51","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/am-pdf\/10.1002\/spy2.51","content-type":"application\/pdf","content-version":"am","intended-application":"syndication"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/spy2.51","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,15]],"date-time":"2023-09-15T04:52:10Z","timestamp":1694753530000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/spy2.51"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,11]]},"references-count":30,"journal-issue":{"issue":"6","published-print":{"date-parts":[[2018,11]]}},"alternative-id":["10.1002\/spy2.51"],"URL":"https:\/\/doi.org\/10.1002\/spy2.51","archive":["Portico"],"relation":{},"ISSN":["2475-6725","2475-6725"],"issn-type":[{"value":"2475-6725","type":"print"},{"value":"2475-6725","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,11]]},"assertion":[{"value":"2018-08-09","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-10-31","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2018-12-05","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}