{"id":"https://openalex.org/W4413238991","doi":"https://doi.org/10.1007/978-3-032-00624-0_8","title":"Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and\u00a0Control Channels","display_name":"Striking Back at Cobalt: Using Network Traffic Metadata to Detect Cobalt Strike Masquerading Command and\u00a0Control Channels","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4413238991","doi":"https://doi.org/10.1007/978-3-032-00624-0_8"},"language":"en","primary_location":{"id":"doi:10.1007/978-3-032-00624-0_8","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-032-00624-0_8","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},"type":"book-chapter","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5119316877","display_name":"Cl\u00e9ment Parssegny","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]},{"id":"https://openalex.org/I4210145102","display_name":"Institut Polytechnique de Paris","ror":"https://ror.org/042tfbd02","country_code":"FR","type":"education","lineage":["https://openalex.org/I4210145102"]}],"countries":["FR"],"is_corresponding":true,"raw_author_name":"Cl\u00e9ment Parssegny","raw_affiliation_strings":["ANSSI, Paris, France","SAMOVAR, T\u00e9l\u00e9com SudParis, Institut Polytechnique de Paris, 91120, Palaiseau, France"],"affiliations":[{"raw_affiliation_string":"ANSSI, Paris, France","institution_ids":["https://openalex.org/I4210108273"]},{"raw_affiliation_string":"SAMOVAR, T\u00e9l\u00e9com SudParis, Institut Polytechnique de Paris, 91120, Palaiseau, France","institution_ids":["https://openalex.org/I4210145102"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5078574033","display_name":"Johan Mazel","orcid":"https://orcid.org/0009-0002-0222-6794"},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Johan Mazel","raw_affiliation_strings":["ANSSI, Paris, France"],"affiliations":[{"raw_affiliation_string":"ANSSI, Paris, France","institution_ids":["https://openalex.org/I4210108273"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5045703478","display_name":"Olivier Levillain","orcid":"https://orcid.org/0000-0002-0558-5015"},"institutions":[{"id":"https://openalex.org/I4210145102","display_name":"Institut Polytechnique de Paris","ror":"https://ror.org/042tfbd02","country_code":"FR","type":"education","lineage":["https://openalex.org/I4210145102"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Olivier Levillain","raw_affiliation_strings":["SAMOVAR, T\u00e9l\u00e9com SudParis, Institut Polytechnique de Paris, 91120, Palaiseau, France"],"affiliations":[{"raw_affiliation_string":"SAMOVAR, T\u00e9l\u00e9com SudParis, Institut Polytechnique de Paris, 91120, Palaiseau, France","institution_ids":["https://openalex.org/I4210145102"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5081902450","display_name":"Pierre Chifflier","orcid":null},"institutions":[{"id":"https://openalex.org/I4210108273","display_name":"Agence Nationale de S\u00e9curit\u00e9 du M\u00e9dicament et des Produits de Sant\u00e9","ror":"https://ror.org/01g80gk13","country_code":"FR","type":"government","lineage":["https://openalex.org/I4210108273"]}],"countries":["FR"],"is_corresponding":false,"raw_author_name":"Pierre Chifflier","raw_affiliation_strings":["ANSSI, Paris, France"],"affiliations":[{"raw_affiliation_string":"ANSSI, Paris, France","institution_ids":["https://openalex.org/I4210108273"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5119316877"],"corresponding_institution_ids":["https://openalex.org/I4210108273","https://openalex.org/I4210145102"],"apc_list":{"value":5000,"currency":"EUR","value_usd":5392},"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.50212414,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"163","last_page":"185"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11598","display_name":"Internet Traffic Analysis and Secure E-voting","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9861999750137329,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7235029339790344},{"id":"https://openalex.org/keywords/metadata","display_name":"Metadata","score":0.6780166029930115},{"id":"https://openalex.org/keywords/cobalt","display_name":"Cobalt","score":0.6066800355911255},{"id":"https://openalex.org/keywords/real-time-computing","display_name":"Real-time computing","score":0.4088521897792816},{"id":"https://openalex.org/keywords/database","display_name":"Database","score":0.37043845653533936},{"id":"https://openalex.org/keywords/computer-network","display_name":"Computer network","score":0.3583502173423767},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.33988645672798157},{"id":"https://openalex.org/keywords/world-wide-web","display_name":"World Wide Web","score":0.2498936951160431},{"id":"https://openalex.org/keywords/materials-science","display_name":"Materials science","score":0.06361609697341919},{"id":"https://openalex.org/keywords/metallurgy","display_name":"Metallurgy","score":0.0629090964794159}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7235029339790344},{"id":"https://openalex.org/C93518851","wikidata":"https://www.wikidata.org/wiki/Q180160","display_name":"Metadata","level":2,"score":0.6780166029930115},{"id":"https://openalex.org/C515602321","wikidata":"https://www.wikidata.org/wiki/Q740","display_name":"Cobalt","level":2,"score":0.6066800355911255},{"id":"https://openalex.org/C79403827","wikidata":"https://www.wikidata.org/wiki/Q3988","display_name":"Real-time computing","level":1,"score":0.4088521897792816},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.37043845653533936},{"id":"https://openalex.org/C31258907","wikidata":"https://www.wikidata.org/wiki/Q1301371","display_name":"Computer network","level":1,"score":0.3583502173423767},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.33988645672798157},{"id":"https://openalex.org/C136764020","wikidata":"https://www.wikidata.org/wiki/Q466","display_name":"World Wide Web","level":1,"score":0.2498936951160431},{"id":"https://openalex.org/C192562407","wikidata":"https://www.wikidata.org/wiki/Q228736","display_name":"Materials science","level":0,"score":0.06361609697341919},{"id":"https://openalex.org/C191897082","wikidata":"https://www.wikidata.org/wiki/Q11467","display_name":"Metallurgy","level":1,"score":0.0629090964794159}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1007/978-3-032-00624-0_8","is_oa":false,"landing_page_url":"https://doi.org/10.1007/978-3-032-00624-0_8","pdf_url":null,"source":{"id":"https://openalex.org/S106296714","display_name":"Lecture notes in computer science","issn_l":"0302-9743","issn":["0302-9743","1611-3349"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319900","host_organization_name":"Springer Science+Business Media","host_organization_lineage":["https://openalex.org/P4310319900","https://openalex.org/P4310319965"],"host_organization_lineage_names":["Springer Science+Business Media","Springer Nature"],"type":"book series"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Lecture Notes in Computer Science","raw_type":"book-chapter"},{"id":"pmh:oai:HAL:hal-05429252v1","is_oa":false,"landing_page_url":"https://hal.science/hal-05429252","pdf_url":null,"source":{"id":"https://openalex.org/S4406922461","display_name":"SPIRE - Sciences Po Institutional REpository","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"The 20th International Conference on Availability, Reliability and Security (ARES), Aug 2025, Ghent, Belgium. pp.163-185, &#x27E8;10.1007/978-3-032-00624-0_8&#x27E9;","raw_type":"Conference papers"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W85558978","https://openalex.org/W1546505347","https://openalex.org/W1630225947","https://openalex.org/W1878907771","https://openalex.org/W1988741337","https://openalex.org/W1993704367","https://openalex.org/W2063100290","https://openalex.org/W2077488147","https://openalex.org/W2102671922","https://openalex.org/W2116065364","https://openalex.org/W2148913232","https://openalex.org/W2326113404","https://openalex.org/W2537766808","https://openalex.org/W3086115535","https://openalex.org/W3089845553","https://openalex.org/W3125745247","https://openalex.org/W4226054955","https://openalex.org/W4238093955","https://openalex.org/W4246013796","https://openalex.org/W4283695260","https://openalex.org/W4324009745","https://openalex.org/W4383424861","https://openalex.org/W4389152158","https://openalex.org/W4392942955"],"related_works":["https://openalex.org/W2058118494","https://openalex.org/W2392768766","https://openalex.org/W2382021449","https://openalex.org/W3214869322","https://openalex.org/W2095118173","https://openalex.org/W2106424170","https://openalex.org/W2131616772","https://openalex.org/W1985426483","https://openalex.org/W2501188010","https://openalex.org/W4299935056"],"abstract_inverted_index":null,"counts_by_year":[],"updated_date":"2025-12-28T23:10:05.387466","created_date":"2025-10-10T00:00:00"}